diff options
author | Matt Johnston <matt@ucc.asn.au> | 2016-11-19 00:31:21 +0800 |
---|---|---|
committer | Matt Johnston <matt@ucc.asn.au> | 2016-11-19 00:31:21 +0800 |
commit | 597f12c44a000add479c6a0b416e8c0847b59b20 (patch) | |
tree | d6d1aa9862e2214767ab6c4ee7f5ac66c4290a3f /svr-kex.c | |
parent | 9025cd9b72bf316f4d84b71b03af25675c834ff9 (diff) |
Use atomic key generation in all cases
Diffstat (limited to 'svr-kex.c')
-rw-r--r-- | svr-kex.c | 47 |
1 files changed, 2 insertions, 45 deletions
@@ -87,29 +87,9 @@ void recv_msg_kexdh_init() { #ifdef DROPBEAR_DELAY_HOSTKEY -static void fsync_parent_dir(const char* fn) { -#ifdef HAVE_LIBGEN_H - char *fn_dir = m_strdup(fn); - char *dir = dirname(fn_dir); - int dirfd = open(dir, O_RDONLY); - - if (dirfd != -1) { - if (fsync(dirfd) != 0) { - TRACE(("fsync of directory %s failed: %s", dir, strerror(errno))) - } - m_close(dirfd); - } else { - TRACE(("error opening directory %s for fsync: %s", dir, strerror(errno))) - } - - free(fn_dir); -#endif -} - static void svr_ensure_hostkey() { const char* fn = NULL; - char *fn_temp = NULL; enum signkey_type type = ses.newkeys->algo_hostkey; void **hostkey = signkey_key_ptr(svr_opts.hostkey, type); int ret = DROPBEAR_FAILURE; @@ -145,28 +125,10 @@ static void svr_ensure_hostkey() { return; } - fn_temp = m_malloc(strlen(fn) + 20); - snprintf(fn_temp, strlen(fn)+20, "%s.tmp%d", fn, getpid()); - - if (signkey_generate(type, 0, fn_temp) == DROPBEAR_FAILURE) { + if (signkey_generate(type, 0, fn, 1) == DROPBEAR_FAILURE) { goto out; } - - if (link(fn_temp, fn) < 0) { - /* It's OK to get EEXIST - we probably just lost a race - with another connection to generate the key */ - if (errno != EEXIST) { - dropbear_log(LOG_ERR, "Failed moving key file to %s: %s", fn, - strerror(errno)); - /* XXX fallback to non-atomic copy for some filesystems? */ - goto out; - } - } - - /* ensure directory update is flushed to disk, otherwise we can end up - with zero-byte hostkey files if the power goes off */ - fsync_parent_dir(fn); - + ret = readhostkey(fn, svr_opts.hostkey, &type); if (ret == DROPBEAR_SUCCESS) { @@ -184,11 +146,6 @@ static void svr_ensure_hostkey() { } out: - if (fn_temp) { - unlink(fn_temp); - m_free(fn_temp); - } - if (ret == DROPBEAR_FAILURE) { dropbear_exit("Couldn't read or generate hostkey %s", fn); |