Mercurial > pidgin.yaz

changeset 14156:0154168c414a

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
[gaim-migrate @ 16801] Make the silc key permission checks safer and cover more cases (e.g. private key exists, but is not readable by you). committer: Tailor Script <tailor@pidgin.im>
author Daniel Atallah <daniel.atallah@gmail.com>
date Thu, 17 Aug 2006 01:06:27 +0000
parents 47292c1f7e9f
children d822e68acb3e
files src/protocols/silc/util.c
diffstat 1 files changed, 30 insertions(+), 11 deletions(-) [+]
line wrap: on
line diff
--- a/src/protocols/silc/util.c	Wed Aug 16 20:50:16 2006 +0000
+++ b/src/protocols/silc/util.c	Thu Aug 17 01:06:27 2006 +0000
@@ -234,25 +234,44 @@
 	}
 #endif
 
-	fd = open(file_private_key, O_RDONLY);
-	if ((g_stat(file_private_key, &st)) == -1) {
+	if ((fd = g_open(file_private_key, O_RDONLY)) != -1) {
+		if ((fstat(fd, &st)) == -1) {
+			gaim_debug_error("silc", "Couldn't stat '%s' private key, error: %s\n",
+							 file_private_key, strerror(errno));
+			close(fd);
+			return FALSE;
+		}
+	} else if ((g_stat(file_private_key, &st)) == -1) {
 		/* If file doesn't exist */
 		if (errno == ENOENT) {
 			gaim_connection_update_progress(gc, _("Creating SILC key pair..."), 1, 5);
-			silc_create_key_pair(SILCGAIM_DEF_PKCS,
+			if (!silc_create_key_pair(SILCGAIM_DEF_PKCS,
 					     SILCGAIM_DEF_PKCS_LEN,
 					     file_public_key, file_private_key, NULL,
 					     (gc->password == NULL) ? "" : gc->password,
-						 NULL, NULL, NULL, FALSE);
-			if (fd != -1)
-				close(fd);
-			fd = open(file_private_key, O_RDONLY);
-			g_stat(file_private_key, &st);
+						 NULL, NULL, NULL, FALSE)) {
+				gaim_debug_error("silc", "Couldn't create key pair\n");
+				return FALSE;
+			}
+
+			if ((fd = g_open(file_private_key, O_RDONLY)) != -1) {
+				if ((fstat(fd, &st)) == -1) {
+					gaim_debug_error("silc", "Couldn't stat '%s' private key, error: %s\n",
+							 file_private_key, strerror(errno));
+					close(fd);
+					return FALSE;
+				}
+			}
+			/* This shouldn't really happen because silc_create_key_pair()
+			 * will set the permissions */
+			else if ((g_stat(file_private_key, &st)) == -1) {
+				gaim_debug_error("silc", "Couldn't stat '%s' private key, error: %s\n",
+					file_private_key, strerror(errno));
+				return FALSE;
+			}
 		} else {
 			gaim_debug_error("silc", "Couldn't stat '%s' private key, error: %s\n",
 							 file_private_key, strerror(errno));
-			if (fd != -1)
-				close(fd);
 			return FALSE;
 		}
 	}
@@ -270,7 +289,7 @@
 	if ((st.st_mode & 0777) != 0600) {
 		gaim_debug_warning("silc", "Wrong permissions in your private key file `%s'!\n"
 			"Trying to change them ...\n", file_private_key);
-		if ((fd != -1) && (fchmod(fd, S_IRUSR | S_IWUSR)) == -1) {
+		if ((fd == -1) || (fchmod(fd, S_IRUSR | S_IWUSR)) == -1) {
 			gaim_debug_error("silc",
 				"Failed to change permissions for private key file!\n"
 				"Permissions for your private key file must be 0600.\n");