From 3852121ecd25d74d4b4c5e7a63771c55a85ce4bc Mon Sep 17 00:00:00 2001
From: Andre Noll <maan@systemlinux.org>
Date: Sat, 5 Sep 2009 13:56:20 +0200
Subject: [PATCH 1/1] Refuse to load unprotected private keys.

When loading a private key owned by the same user that accesses the key, check
the permissions of the key file. Error out if mode & 077 is non-zero.
---
 crypt.c | 18 ++++++++++++++++++
 error.h |  1 +
 2 files changed, 19 insertions(+)

diff --git a/crypt.c b/crypt.c
index 1172ddc3..49e9e8ae 100644
--- a/crypt.c
+++ b/crypt.c
@@ -65,11 +65,29 @@ void init_random_seed_or_die(void)
 	srandom(seed);
 }
 
+static int check_key_file(const char *file, int private)
+{
+	struct stat st;
+
+	if (stat(file, &st) != 0)
+		return -ERRNO_TO_PARA_ERROR(errno);
+	if (private != LOAD_PRIVATE_KEY)
+		return 0;
+	if ((st.st_uid == getuid()) && (st.st_mode & 077) != 0)
+		return -E_KEY_PERM;
+	return 1;
+}
+
 static EVP_PKEY *load_key(const char *file, int private)
 {
 	BIO *key;
 	EVP_PKEY *pkey = NULL;
+	int ret = check_key_file(file, private);
 
+	if (ret < 0) {
+		PARA_ERROR_LOG("%s\n", para_strerror(-ret));
+		return NULL;
+	}
 	key = BIO_new(BIO_s_file());
 	if (!key)
 		return NULL;
diff --git a/error.h b/error.h
index 4639cf78..6a1d0071 100644
--- a/error.h
+++ b/error.h
@@ -324,6 +324,7 @@ extern const char **para_errlist[];
 	PARA_ERROR(DECRYPT, "decrypt error"), \
 	PARA_ERROR(CHALLENGE, "failed to read challenge"), \
 	PARA_ERROR(BLINDING, "failed to activate key blinding"), \
+	PARA_ERROR(KEY_PERM, "unprotected private key"), \
 
 
 #define COMMAND_ERRORS \
-- 
2.39.2