mirror/curl
2
0
Fork 0
mirror of https://github.com/curl/curl.git synced 2024-12-03 06:20:31 +08:00
Code Issues Packages Projects Releases Wiki Activity

libssh2: replace access() with stat()

Browse Source 
Prefer `stat()` to verify the presence of key files.

This drops the last uses of `access()` in the codebase, which was
reported to cause issues in some cases.

Also add `access()` to the list of banned functions in checksrc.

Ref: https://github.com/curl/curl/pull/13412#issuecomment-2065505415
Ref: https://github.com/curl/curl/pull/13482#issuecomment-2078980522
Ref: #13497
Co-authored-by: Jay Satiro
Closes #13498
This commit is contained in:
Viktor Szakats 2024-04-29 13:49:03 +02:00
parent 7f7ad97bf1
commit 602fc213ae
No known key found for this signature in database
GPG Key ID: B5ABD165E2AEF201
2 changed files with 7 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
lib/vssh/libssh2.c
View File

@ -1086,6 +1086,7 @@ static CURLcode ssh_statemach_act(struct Curl_easy *data, bool *block)
/* To ponder about: should really the lib be messing about with the
HOME environment variable etc? */
char *home = curl_getenv("HOME");
struct_stat sbuf;
/* If no private key file is specified, try some common paths. */
if(home) {
@ -1093,12 +1094,12 @@ static CURLcode ssh_statemach_act(struct Curl_easy *data, bool *block)
sshc->rsa = aprintf("%s/.ssh/id_rsa", home);
if(!sshc->rsa)
out_of_memory = TRUE;
else if(access(sshc->rsa, R_OK) != 0) {
else if(stat(sshc->rsa, &sbuf)) {
Curl_safefree(sshc->rsa);
sshc->rsa = aprintf("%s/.ssh/id_dsa", home);
if(!sshc->rsa)
out_of_memory = TRUE;
else if(access(sshc->rsa, R_OK) != 0) {
else if(stat(sshc->rsa, &sbuf)) {
Curl_safefree(sshc->rsa);
}
}
@ -1107,10 +1108,10 @@ static CURLcode ssh_statemach_act(struct Curl_easy *data, bool *block)
if(!out_of_memory && !sshc->rsa) {
/* Nothing found; try the current dir. */
sshc->rsa = strdup("id_rsa");
if(sshc->rsa && access(sshc->rsa, R_OK) != 0) {
if(sshc->rsa && stat(sshc->rsa, &sbuf)) {
Curl_safefree(sshc->rsa);
sshc->rsa = strdup("id_dsa");
if(sshc->rsa && access(sshc->rsa, R_OK) != 0) {
if(sshc->rsa && stat(sshc->rsa, &sbuf)) {
Curl_safefree(sshc->rsa);
/* Out of guesses. Set to the empty string to avoid
* surprising info messages. */

3
scripts/checksrc.pl
View File

@ -720,7 +720,8 @@ sub scanfile {
strtok|
v?sprintf|
(str|_mbs|_tcs|_wcs)n?cat|
LoadLibrary(Ex)?(A|W)?)
LoadLibrary(Ex)?(A|W)?|
access)
\s*\(
/x) {
checkwarn("BANNEDFUNC",