summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDimitri Staessens <dimitri@ouroboros.rocks>2026-06-12 21:19:25 +0200
committerSander Vrijders <sander@ouroboros.rocks>2026-06-29 08:32:58 +0200
commitdf14e6cc81c296d91e9124cd09f25a83defb522f (patch)
treedf28a408e64172527debd3542806f2708c7a5499
parent89807593faaa0472372fb267e12b03a2d6485805 (diff)
downloadouroboros-df14e6cc81c296d91e9124cd09f25a83defb522f.tar.gz
ouroboros-df14e6cc81c296d91e9124cd09f25a83defb522f.zip
irmd: Fail OAP config load on read errors
load_sec_config_file() treated any fopen() failure as an absent config and silently disabled encryption. file_exists() similarly lumped non-ENOENT stat() errors in with "present". Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks> Signed-off-by: Sander Vrijders <sander@ouroboros.rocks>
-rw-r--r--include/ouroboros/pthread.h6
-rw-r--r--src/irmd/oap/io.c8
-rw-r--r--src/lib/crypt.c11
3 files changed, 21 insertions, 4 deletions
diff --git a/include/ouroboros/pthread.h b/include/ouroboros/pthread.h
index cd500795..3ca79d10 100644
--- a/include/ouroboros/pthread.h
+++ b/include/ouroboros/pthread.h
@@ -24,6 +24,7 @@
#define OUROBOROS_LIB_PTHREAD_H
#include <pthread.h>
+#include <stdio.h>
static int __attribute__((unused)) __timedwait(pthread_cond_t * cond,
pthread_mutex_t * mtx,
@@ -48,4 +49,9 @@ static void __attribute__((unused)) __cleanup_mutex_unlock(void * mutex)
pthread_mutex_unlock((pthread_mutex_t *) mutex);
}
+static void __attribute__((unused)) __cleanup_fclose(void * fp)
+{
+ fclose((FILE *) fp);
+}
+
#endif /* OUROBOROS_LIB_PTHREAD_H */
diff --git a/src/irmd/oap/io.c b/src/irmd/oap/io.c
index 5c560ea5..7b661435 100644
--- a/src/irmd/oap/io.c
+++ b/src/irmd/oap/io.c
@@ -50,11 +50,17 @@ static bool file_exists(const char * path)
{
struct stat s;
- if (stat(path, &s) < 0 && errno == ENOENT) {
+ if (stat(path, &s) == 0)
+ return true;
+
+ if (errno == ENOENT) {
log_dbg("File %s does not exist.", path);
return false;
}
+ /* Can't stat for another reason; assume present, fail on load */
+ log_warn("Failed to stat %s: %s.", path, strerror(errno));
+
return true;
}
diff --git a/src/lib/crypt.c b/src/lib/crypt.c
index 73cb0b51..9728ac8c 100644
--- a/src/lib/crypt.c
+++ b/src/lib/crypt.c
@@ -265,12 +265,17 @@ int load_sec_config_file(struct sec_config * cfg,
fp = fopen(path, "r");
if (fp == NULL) {
- /* File doesn't exist - disable encryption */
- CLEAR_KEX_ALGO(cfg);
- return 0;
+ /* Absent config disables encryption; other errors fail */
+ if (errno == ENOENT) {
+ CLEAR_KEX_ALGO(cfg);
+ return 0;
+ }
+ return -errno;
}
+ pthread_cleanup_push(__cleanup_fclose, fp);
ret = parse_sec_config(cfg, fp);
+ pthread_cleanup_pop(0);
fclose(fp);