Properly report errors from included files (#1408558)

This commit is contained in:
Jakub Jelen 2017-02-20 13:22:04 +01:00
parent a97eeb671c
commit 140ef5a0f5
2 changed files with 43 additions and 0 deletions

View File

@ -0,0 +1,40 @@
diff --git a/readconf.c b/readconf.c
index fa3fab8..e7eb30d 100644
--- a/readconf.c
+++ b/readconf.c
@@ -1499,7 +1499,7 @@ parse_keytypes:
oactive ? "" : " (parse only)");
r = read_config_file_depth(gl.gl_pathv[i],
pw, host, original_host, options,
- flags | SSHCONF_CHECKPERM |
+ flags | SSHCONF_CHECKPERM | SSHCONF_IGNORE_READERR |
(oactive ? 0 : SSHCONF_NEVERMATCH),
activep, depth + 1);
/*
@@ -1707,8 +1707,13 @@ read_config_file_depth(const char *filename, struct passwd *pw,
if (depth < 0 || depth > READCONF_MAX_DEPTH)
fatal("Too many recursive configuration includes");
- if ((f = fopen(filename, "r")) == NULL)
+ if ((f = fopen(filename, "r")) == NULL) {
+ if (flags & SSHCONF_IGNORE_READERR) {
+ error("Can not open configuration file %s", filename);
+ return 1;
+ }
return 0;
+ }
if (flags & SSHCONF_CHECKPERM) {
struct stat sb;
diff --git a/readconf.h b/readconf.h
index cef55f7..4f7d3b4 100644
--- a/readconf.h
+++ b/readconf.h
@@ -190,6 +190,7 @@ typedef struct {
#define SSHCONF_USERCONF 2 /* user provided config file not system */
#define SSHCONF_POSTCANON 4 /* After hostname canonicalisation */
#define SSHCONF_NEVERMATCH 8 /* Match/Host never matches; internal only */
+#define SSHCONF_IGNORE_READERR 16 /* Treat unreadable files as errors; internal only */
#define SSH_UPDATE_HOSTKEYS_NO 0
#define SSH_UPDATE_HOSTKEYS_YES 1

View File

@ -230,6 +230,8 @@ Patch944: openssh-7.3p1-x11-max-displays.patch
Patch945: openssh-7.4p1-daemon.patch
# Whitelist /usr/lib*/ as planed upstream to prevent breakage
Patch946: openssh-7.4p1-pkcs11-whitelist.patch
# Correct reporting errors from included files (#1408558)
Patch947: openssh-7.4p1-include-errors.patch
License: BSD
@ -465,6 +467,7 @@ popd
%patch944 -p1 -b .x11max
%patch945 -p1 -b .daemon
%patch946 -p1 -b .pkcs11-whitelist
%patch947 -p1 -b .include-errors
%patch200 -p1 -b .audit
%patch201 -p1 -b .audit-race