Bug#614897: openssh-client: ssh-add fails to read from FIFOs
Package: openssh-client
Version: 1:5.8p1-2
Severity: normal
Tags: upstream patch
Sometimes, it's nice to have ssh-add read a key from a FIFO instead of
writing the key to a file.
older versions of ssh (before 5.7p1, i think) would let you do that.
5.8p1-2 doesn't.
here's an example (i know, the key is already in the filesystem; this
is just an example):
ssh-keygen -t rsa -b 1024 -N '' -f test-key
umask 077
mfifo test-fifo
ssh-add test-fifo &
cat test-key > test-fifo
This no longer works :( It also means that "monkeysphere
subkey-to-ssh-agent" fails for users with openssh-client 5.8p1
installed.
I've reported the bug upstream at:
https://bugzilla.mindrot.org/show_bug.cgi?id=1869
And i'm attaching a patch that fixes the problem right now by
attempting reads of up to 8KiB if ssh-add detects that the file it is
reading from is a FIFO.
It would be great if debian could adopt this patch so that
monkeysphere would work again until upstream adopts it.
Thanks for your work on OpenSSH for debian,
--dkg
-- System Information:
Debian Release: wheezy/sid
APT prefers testing
APT policy: (500, 'testing'), (200, 'unstable'), (1, 'experimental')
Architecture: i386 (i686)
Kernel: Linux 2.6.37-1-686 (SMP w/1 CPU core)
Locale: LANG=en_US.utf8, LC_CTYPE=en_US.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Versions of packages openssh-client depends on:
ii adduser 3.112+nmu2 add and remove users and groups
ii debconf [debconf-2.0 1.5.38 Debian configuration management sy
ii dpkg 1.15.8.10 Debian package management system
ii libc6 2.11.2-11 Embedded GNU C Library: Shared lib
ii libedit2 2.11-20080614-2 BSD editline and history libraries
ii libgssapi-krb5-2 1.8.3+dfsg-4 MIT Kerberos runtime libraries - k
ii libselinux1 2.0.96-1 SELinux runtime shared libraries
ii libssl0.9.8 0.9.8o-5 SSL shared libraries
ii passwd 1:4.1.4.2+svn3283-3 change and administer password and
ii zlib1g 1:1.2.3.4.dfsg-3 compression library - runtime
Versions of packages openssh-client recommends:
ii openssh-blacklist 0.4.1 list of default blacklisted OpenSS
ii openssh-blacklist-extra 0.4.1 list of non-default blacklisted Op
ii xauth 1:1.0.5-1 X authentication utility
Versions of packages openssh-client suggests:
pn keychain <none> (no description available)
pn libpam-ssh <none> (no description available)
ii ssh-askpass 1:1.2.4.1-9 under X, asks user for a passphras
-- no debconf information
=== modified file 'authfile.c'
--- authfile.c 2011-01-24 12:43:25 +0000
+++ authfile.c 2011-02-24 03:23:59 +0000
@@ -317,7 +317,7 @@
static int
key_load_file(int fd, const char *filename, Buffer *blob)
{
- size_t len;
+ size_t len,readcount;
u_char *cp;
struct stat st;
@@ -337,11 +337,14 @@
return 0;
}
len = (size_t)st.st_size; /* truncated */
+ if (0 == len && S_ISFIFO(st.st_mode))
+ len = 8192; /* we will try reading up to 8KiB from a FIFO */
buffer_init(blob);
cp = buffer_append_space(blob, len);
- if (atomicio(read, fd, cp, len) != len) {
+ readcount = atomicio(read, fd, cp, len);
+ if (readcount != len && !(readcount > 0 && S_ISFIFO(st.st_mode))) {
debug("%s: read from key file %.200s%sfailed: %.100s", __func__,
filename == NULL ? "" : filename,
filename == NULL ? "" : " ",
Reply to: