diff options
| author | Dimitri Staessens <dimitri@ouroboros.rocks> | 2026-06-12 21:19:25 +0200 |
|---|---|---|
| committer | Sander Vrijders <sander@ouroboros.rocks> | 2026-06-29 08:32:58 +0200 |
| commit | df14e6cc81c296d91e9124cd09f25a83defb522f (patch) | |
| tree | df28a408e64172527debd3542806f2708c7a5499 | |
| parent | 89807593faaa0472372fb267e12b03a2d6485805 (diff) | |
| download | ouroboros-df14e6cc81c296d91e9124cd09f25a83defb522f.tar.gz ouroboros-df14e6cc81c296d91e9124cd09f25a83defb522f.zip | |
irmd: Fail OAP config load on read errors
load_sec_config_file() treated any fopen() failure as an absent
config and silently disabled encryption.
file_exists() similarly lumped non-ENOENT stat() errors in with
"present".
Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks>
Signed-off-by: Sander Vrijders <sander@ouroboros.rocks>
| -rw-r--r-- | include/ouroboros/pthread.h | 6 | ||||
| -rw-r--r-- | src/irmd/oap/io.c | 8 | ||||
| -rw-r--r-- | src/lib/crypt.c | 11 |
3 files changed, 21 insertions, 4 deletions
diff --git a/include/ouroboros/pthread.h b/include/ouroboros/pthread.h index cd500795..3ca79d10 100644 --- a/include/ouroboros/pthread.h +++ b/include/ouroboros/pthread.h @@ -24,6 +24,7 @@ #define OUROBOROS_LIB_PTHREAD_H #include <pthread.h> +#include <stdio.h> static int __attribute__((unused)) __timedwait(pthread_cond_t * cond, pthread_mutex_t * mtx, @@ -48,4 +49,9 @@ static void __attribute__((unused)) __cleanup_mutex_unlock(void * mutex) pthread_mutex_unlock((pthread_mutex_t *) mutex); } +static void __attribute__((unused)) __cleanup_fclose(void * fp) +{ + fclose((FILE *) fp); +} + #endif /* OUROBOROS_LIB_PTHREAD_H */ diff --git a/src/irmd/oap/io.c b/src/irmd/oap/io.c index 5c560ea5..7b661435 100644 --- a/src/irmd/oap/io.c +++ b/src/irmd/oap/io.c @@ -50,11 +50,17 @@ static bool file_exists(const char * path) { struct stat s; - if (stat(path, &s) < 0 && errno == ENOENT) { + if (stat(path, &s) == 0) + return true; + + if (errno == ENOENT) { log_dbg("File %s does not exist.", path); return false; } + /* Can't stat for another reason; assume present, fail on load */ + log_warn("Failed to stat %s: %s.", path, strerror(errno)); + return true; } diff --git a/src/lib/crypt.c b/src/lib/crypt.c index 73cb0b51..9728ac8c 100644 --- a/src/lib/crypt.c +++ b/src/lib/crypt.c @@ -265,12 +265,17 @@ int load_sec_config_file(struct sec_config * cfg, fp = fopen(path, "r"); if (fp == NULL) { - /* File doesn't exist - disable encryption */ - CLEAR_KEX_ALGO(cfg); - return 0; + /* Absent config disables encryption; other errors fail */ + if (errno == ENOENT) { + CLEAR_KEX_ALGO(cfg); + return 0; + } + return -errno; } + pthread_cleanup_push(__cleanup_fclose, fp); ret = parse_sec_config(cfg, fp); + pthread_cleanup_pop(0); fclose(fp); |
