mirror/curl
2
0
Fork 0
mirror of https://github.com/curl/curl.git synced 2025-01-30 14:22:33 +08:00
Code Issues Packages Projects Releases Wiki Activity

libssh2: replace access() with stat()

Browse Source 
Prefer `stat()` to verify the presence of key files.

This drops the last uses of `access()` in the codebase, which was
reported to cause issues in some cases.

Also add `access()` to the list of banned functions in checksrc.

Ref: https://github.com/curl/curl/pull/13412#issuecomment-2065505415
Ref: https://github.com/curl/curl/pull/13482#issuecomment-2078980522
Ref: #13497
Co-authored-by: Jay Satiro
Closes #13498
This commit is contained in:
Viktor Szakats 2024-04-29 13:49:03 +02:00
parent 7f7ad97bf1
commit 602fc213ae
No known key found for this signature in database
GPG Key ID: B5ABD165E2AEF201
2 changed files with 7 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
lib/vssh/libssh2.c
View File

@ -1086,6 +1086,7 @@ static CURLcode ssh_statemach_act(struct Curl_easy *data, bool *block)
/* To ponder about: should really the lib be messing about with the /* To ponder about: should really the lib be messing about with the
HOME environment variable etc? */ HOME environment variable etc? */
char *home = curl_getenv("HOME"); char *home = curl_getenv("HOME");
struct_stat sbuf;
/* If no private key file is specified, try some common paths. */ /* If no private key file is specified, try some common paths. */
if(home) { if(home) {
@ -1093,12 +1094,12 @@ static CURLcode ssh_statemach_act(struct Curl_easy *data, bool *block)
sshc->rsa = aprintf("%s/.ssh/id_rsa", home); sshc->rsa = aprintf("%s/.ssh/id_rsa", home);
if(!sshc->rsa) if(!sshc->rsa)
out_of_memory = TRUE; out_of_memory = TRUE;
else if(access(sshc->rsa, R_OK) != 0) { else if(stat(sshc->rsa, &sbuf)) {
Curl_safefree(sshc->rsa); Curl_safefree(sshc->rsa);
sshc->rsa = aprintf("%s/.ssh/id_dsa", home); sshc->rsa = aprintf("%s/.ssh/id_dsa", home);
if(!sshc->rsa) if(!sshc->rsa)
out_of_memory = TRUE; out_of_memory = TRUE;
else if(access(sshc->rsa, R_OK) != 0) { else if(stat(sshc->rsa, &sbuf)) {
Curl_safefree(sshc->rsa); Curl_safefree(sshc->rsa);
} }
} }
@ -1107,10 +1108,10 @@ static CURLcode ssh_statemach_act(struct Curl_easy *data, bool *block)
if(!out_of_memory && !sshc->rsa) { if(!out_of_memory && !sshc->rsa) {
/* Nothing found; try the current dir. */ /* Nothing found; try the current dir. */
sshc->rsa = strdup("id_rsa"); sshc->rsa = strdup("id_rsa");
if(sshc->rsa && access(sshc->rsa, R_OK) != 0) { if(sshc->rsa && stat(sshc->rsa, &sbuf)) {
Curl_safefree(sshc->rsa); Curl_safefree(sshc->rsa);
sshc->rsa = strdup("id_dsa"); sshc->rsa = strdup("id_dsa");
if(sshc->rsa && access(sshc->rsa, R_OK) != 0) { if(sshc->rsa && stat(sshc->rsa, &sbuf)) {
Curl_safefree(sshc->rsa); Curl_safefree(sshc->rsa);
/* Out of guesses. Set to the empty string to avoid /* Out of guesses. Set to the empty string to avoid
* surprising info messages. */ * surprising info messages. */

3
scripts/checksrc.pl
View File

@ -720,7 +720,8 @@ sub scanfile {
strtok| strtok|
v?sprintf| v?sprintf|
(str|_mbs|_tcs|_wcs)n?cat| (str|_mbs|_tcs|_wcs)n?cat|
LoadLibrary(Ex)?(A|W)?) LoadLibrary(Ex)?(A|W)?|
access)
\s*\( \s*\(
/x) { /x) {
checkwarn("BANNEDFUNC", checkwarn("BANNEDFUNC",