/*
* Copyright (C) 2015, Trustees of Indiana University
*
+ * Copyright (c) 2016, Intel Corporation.
+ *
* Author: Jeremy Filizetti <jfilizet@iu.edu>
*/
/* allow standard input override */
if (strcmp(filename, "-") == 0)
- fd = dup(STDIN_FILENO);
+ fd = STDIN_FILENO;
else
fd = open(filename, O_RDONLY);
if (fd == -1) {
- printerr(0, "Error opening file %s: %s\n", filename,
+ printerr(0, "Error opening key file '%s': %s\n", filename,
strerror(errno));
goto out_free;
+ } else if (fd != STDIN_FILENO) {
+ struct stat st;
+
+ rc = fstat(fd, &st);
+ if (rc == 0 && (st.st_mode & ~(S_IFREG | 0600)))
+ fprintf(stderr, "warning: "
+ "secret key '%s' has insecure file mode %#o\n",
+ filename, st.st_mode);
}
ptr = (char *)config;
remain -= rc;
}
- close(fd);
+ if (fd != STDIN_FILENO)
+ close(fd);
sk_config_disk_to_cpu(config);
return config;
return rc;
}
- LASSERT(sk_hmac_types[hmac_alg].sht_bytes ==
- tmp_hash.length);
+ if (sk_hmac_types[hmac_alg].sht_bytes != tmp_hash.length) {
+ free(tmp_hash.value);
+ return -EINVAL;
+ }
bytes = (remain < tmp_hash.length) ? remain : tmp_hash.length;
memcpy(keydata, tmp_hash.value, bytes);