Mercurial > pidgin
changeset 14156:0154168c414a
[gaim-migrate @ 16801]
Make the silc key permission checks safer and cover more cases (e.g. private key exists, but is not readable by you).
committer: Tailor Script <tailor@pidgin.im>
author | Daniel Atallah <daniel.atallah@gmail.com> |
---|---|
date | Thu, 17 Aug 2006 01:06:27 +0000 |
parents | 47292c1f7e9f |
children | d822e68acb3e |
files | src/protocols/silc/util.c |
diffstat | 1 files changed, 30 insertions(+), 11 deletions(-) [+] |
line wrap: on
line diff
--- a/src/protocols/silc/util.c Wed Aug 16 20:50:16 2006 +0000 +++ b/src/protocols/silc/util.c Thu Aug 17 01:06:27 2006 +0000 @@ -234,25 +234,44 @@ } #endif - fd = open(file_private_key, O_RDONLY); - if ((g_stat(file_private_key, &st)) == -1) { + if ((fd = g_open(file_private_key, O_RDONLY)) != -1) { + if ((fstat(fd, &st)) == -1) { + gaim_debug_error("silc", "Couldn't stat '%s' private key, error: %s\n", + file_private_key, strerror(errno)); + close(fd); + return FALSE; + } + } else if ((g_stat(file_private_key, &st)) == -1) { /* If file doesn't exist */ if (errno == ENOENT) { gaim_connection_update_progress(gc, _("Creating SILC key pair..."), 1, 5); - silc_create_key_pair(SILCGAIM_DEF_PKCS, + if (!silc_create_key_pair(SILCGAIM_DEF_PKCS, SILCGAIM_DEF_PKCS_LEN, file_public_key, file_private_key, NULL, (gc->password == NULL) ? "" : gc->password, - NULL, NULL, NULL, FALSE); - if (fd != -1) - close(fd); - fd = open(file_private_key, O_RDONLY); - g_stat(file_private_key, &st); + NULL, NULL, NULL, FALSE)) { + gaim_debug_error("silc", "Couldn't create key pair\n"); + return FALSE; + } + + if ((fd = g_open(file_private_key, O_RDONLY)) != -1) { + if ((fstat(fd, &st)) == -1) { + gaim_debug_error("silc", "Couldn't stat '%s' private key, error: %s\n", + file_private_key, strerror(errno)); + close(fd); + return FALSE; + } + } + /* This shouldn't really happen because silc_create_key_pair() + * will set the permissions */ + else if ((g_stat(file_private_key, &st)) == -1) { + gaim_debug_error("silc", "Couldn't stat '%s' private key, error: %s\n", + file_private_key, strerror(errno)); + return FALSE; + } } else { gaim_debug_error("silc", "Couldn't stat '%s' private key, error: %s\n", file_private_key, strerror(errno)); - if (fd != -1) - close(fd); return FALSE; } } @@ -270,7 +289,7 @@ if ((st.st_mode & 0777) != 0600) { gaim_debug_warning("silc", "Wrong permissions in your private key file `%s'!\n" "Trying to change them ...\n", file_private_key); - if ((fd != -1) && (fchmod(fd, S_IRUSR | S_IWUSR)) == -1) { + if ((fd == -1) || (fchmod(fd, S_IRUSR | S_IWUSR)) == -1) { gaim_debug_error("silc", "Failed to change permissions for private key file!\n" "Permissions for your private key file must be 0600.\n");