From df14e6cc81c296d91e9124cd09f25a83defb522f Mon Sep 17 00:00:00 2001 From: Dimitri Staessens Date: Fri, 12 Jun 2026 21:19:25 +0200 Subject: irmd: Fail OAP config load on read errors load_sec_config_file() treated any fopen() failure as an absent config and silently disabled encryption. file_exists() similarly lumped non-ENOENT stat() errors in with "present". Signed-off-by: Dimitri Staessens Signed-off-by: Sander Vrijders --- src/lib/crypt.c | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) (limited to 'src/lib/crypt.c') diff --git a/src/lib/crypt.c b/src/lib/crypt.c index 73cb0b51..9728ac8c 100644 --- a/src/lib/crypt.c +++ b/src/lib/crypt.c @@ -265,12 +265,17 @@ int load_sec_config_file(struct sec_config * cfg, fp = fopen(path, "r"); if (fp == NULL) { - /* File doesn't exist - disable encryption */ - CLEAR_KEX_ALGO(cfg); - return 0; + /* Absent config disables encryption; other errors fail */ + if (errno == ENOENT) { + CLEAR_KEX_ALGO(cfg); + return 0; + } + return -errno; } + pthread_cleanup_push(__cleanup_fclose, fp); ret = parse_sec_config(cfg, fp); + pthread_cleanup_pop(0); fclose(fp); -- cgit v1.2.3