From 76fc48b7c4767e1f66503b4a873d8889fdee1abe Mon Sep 17 00:00:00 2001 From: Pekka Riikonen Date: Sun, 9 Mar 2003 15:09:20 +0000 Subject: [PATCH] Check private key file permissions before starting server. --- CHANGES | 3 +++ apps/silcd/serverconfig.c | 21 ++++++++++++++++----- 2 files changed, 19 insertions(+), 5 deletions(-) diff --git a/CHANGES b/CHANGES index 28ac4aa3..9aba0923 100644 --- a/CHANGES +++ b/CHANGES @@ -10,6 +10,9 @@ Sun Mar 9 16:29:20 EET 2003 Pekka Riikonen files are lib/silcclient/client.c and irssi/src/silc/core/client_ops.c. + * Check server private key file permissions before starting + the server. Affected file silcd/serverconfig.c. + Tue Feb 4 22:53:26 EET 2003 Pekka Riikonen * NULL terminate allocated string in silc_buffer_strformat. diff --git a/apps/silcd/serverconfig.c b/apps/silcd/serverconfig.c index 21212641..e6da9f20 100644 --- a/apps/silcd/serverconfig.c +++ b/apps/silcd/serverconfig.c @@ -460,7 +460,7 @@ SILC_CONFIG_CALLBACK(fetch_pkcs) SERVER_CONFIG_DEBUG(("Received PKCS type=%d name=\"%s\" (val=%x)", type, name, context)); if (type == SILC_CONFIG_ARG_BLOCK) { - /* check the temporary struct's fields */ + /* Check the temporary struct's fields */ if (!tmp) /* discard empty sub-blocks */ return SILC_CONFIG_OK; if (!tmp->name) { @@ -498,7 +498,7 @@ SILC_CONFIG_CALLBACK(fetch_serverinfo) SERVER_CONFIG_DEBUG(("Received SERVERINFO type=%d name=\"%s\" (val=%x)", type, name, context)); - /* if there isn't the main struct alloc it */ + /* If there isn't the main struct alloc it */ if (!server_info) config->server_info = server_info = (SilcServerConfigServerInfo *) silc_calloc(1, sizeof(*server_info)); @@ -594,7 +594,7 @@ SILC_CONFIG_CALLBACK(fetch_serverinfo) char *file_tmp = (char *) val; CONFIG_IS_DOUBLE(server_info->public_key); - /* try to load specified file, if fail stop config parsing */ + /* Try to load specified file, if fail stop config parsing */ if (!silc_pkcs_load_public_key(file_tmp, &server_info->public_key, SILC_PKCS_FILE_PEM)) if (!silc_pkcs_load_public_key(file_tmp, &server_info->public_key, @@ -604,10 +604,21 @@ SILC_CONFIG_CALLBACK(fetch_serverinfo) } } else if (!strcmp(name, "privatekey")) { + struct stat st; char *file_tmp = (char *) val; CONFIG_IS_DOUBLE(server_info->private_key); - /* try to load specified file, if fail stop config parsing */ + /* Check the private key file permissions. */ + if ((stat(file_tmp, &st)) != -1) { + if ((st.st_mode & 0777) != 0600) { + SILC_SERVER_LOG_ERROR(("Wrong permissions in private key " + "file \"%s\". The permissions must be " + "0600.", file_tmp)); + return SILC_CONFIG_ESILENT; + } + } + + /* Try to load specified file, if fail stop config parsing */ if (!silc_pkcs_load_private_key(file_tmp, &server_info->private_key, "", 0, SILC_PKCS_FILE_BIN)) if (!silc_pkcs_load_private_key(file_tmp, &server_info->private_key, @@ -621,7 +632,7 @@ SILC_CONFIG_CALLBACK(fetch_serverinfo) return SILC_CONFIG_OK; got_err: - /* here we need to check if tmp exists because this function handles + /* Here we need to check if tmp exists because this function handles * misc data (multiple fields and single-only fields) */ if (tmp) { silc_free(tmp->server_ip); -- 2.43.0