SECURITY HOLE: the file descriptor for the secret key was left open and

[become] / src / check.c

diff --git a/src/check.c b/src/check.c
index 7e614333a4d22cce8d481f2e8cd9a933f23d82b9..f0a98b7c1b224be19e5dfbab5a7b3c545bc3542a 100644 (file)
--- a/src/check.c
+++ b/src/check.c
@@ -1,10 +1,10 @@
 /* -*-c-*-
  *
- * $Id: check.c,v 1.5 1997/09/26 09:14:58 mdw Exp $
+ * $Id: check.c,v 1.8 1998/06/18 15:10:44 mdw Exp $
  *
  * Check validity of requests
  *
- * (c) 1997 EBI
+ * (c) 1998 EBI
  */
 
 /*----- Licensing notice --------------------------------------------------*
@@ -29,6 +29,19 @@
 /*----- Revision history --------------------------------------------------*
  *
  * $Log: check.c,v $
+ * Revision 1.8  1998/06/18 15:10:44  mdw
+ * SECURITY HOLE: the file descriptor for the secret key was left open and
+ * inherited by the target process.  This is now fixed.  Also set
+ * close-on-exec flags on key file, close config file carefully, and close
+ * UDP socket after receiving reply from server.
+ *
+ * Revision 1.7  1998/04/23 13:22:08  mdw
+ * Support no-network configuration option, and new interface to
+ * configuration file parser.
+ *
+ * Revision 1.6  1998/01/12 16:45:47  mdw
+ * Fix copyright date.
+ *
  * Revision 1.5  1997/09/26 09:14:58  mdw
  * Merged blowfish branch into trunk.
  *
@@ -70,6 +83,7 @@
 
 #include <arpa/inet.h>
 
+#include <fcntl.h>
 #include <netdb.h>
 #include <unistd.h>
 
@@ -88,7 +102,9 @@
 #include "userdb.h"
 #include "utils.h"
 
-/*----- Main code ---------------------------------------------------------*/
+/*----- Client-end network support ----------------------------------------*/
+
+#ifndef NONETWORK
 
 /* --- @check__send@ --- *
  *
@@ -157,7 +173,12 @@ static int check__ask(request *rq, struct sockaddr_in *serv, size_t n_serv)
       die("couldn't open key file `%s': %s", file_KEY,
          strerror(errno));
     }
+    if (fcntl(fileno(fp), F_SETFD, 1) < 0) {
+      die("couldn't set close-on-exec on key file `%s': %s", file_KEY,
+         strerror(errno));
+    }
     tx_getBits(k, 128, fp);
+    fclose(fp);
 
     /* --- Now build a request packet --- */
 
@@ -291,7 +312,7 @@ static int check__ask(request *rq, struct sockaddr_in *serv, size_t n_serv)
          T( trace(TRACE_CLIENT, "client: reply from unknown host"); )
          continue;
        }
-    
+
        /* --- Unpack and verify the response --- */
 
        answer = crypt_unpackReply(buff, sk, t, pid);
@@ -300,6 +321,7 @@ static int check__ask(request *rq, struct sockaddr_in *serv, size_t n_serv)
                   "client: invalid or corrupt reply packet"); )
          continue;
        }
+       close(fd);
        return (answer);
       }
     }
@@ -506,6 +528,10 @@ int check__client(request *rq, FILE *fp)
   return (check__ask(rq, serv, n_serv));
 }
 
+#endif
+
+/*----- Main checking function --------------------------------------------*/
+
 /* --- @check@ --- *
  *
  * Arguments:  @request *rq@ = pointer to request buffer
@@ -521,8 +547,10 @@ int check(request *rq)
 
   /* --- Check if we need to talk to a server --- */
 
+#ifndef NONETWORK
   if ((fp = fopen(file_SERVER, "r")) != 0)
     return (check__client(rq, fp));
+#endif
 
   /* --- Otherwise do this all the old-fashioned way --- */
 
@@ -538,7 +566,8 @@ int check(request *rq)
   name_init();
   rule_init();
   lexer_scan(fp);
-  yyparse();
+  parse();
+  fclose(fp);
 
   return (rule_check(rq));
 }