[PATCH] gensignkey: ensure host keys are flushed to disk
Peter Korsgaard
jacmet at sunsite.dk
Tue Oct 28 21:11:26 AWST 2014
From: Peter Korsgaard <peter at korsgaard.com>
Otherwise we can end up with an empty host key, breaking logins.
E.G.:
Run dropbear -R and pull power before the host key is writting to disk.
After reboot we have:
ls -l /etc/dropbear/
-rw------- 1 root root 0 Oct 28 10:41 dropbear_ecdsa_host_key
Which dropbear will try to read and fail:
[599] Oct 28 10:43:43 Early exit: Bad buf_getptr
Signed-off-by: Peter Korsgaard <peter at korsgaard.com>
---
gensignkey.c | 1 +
svr-kex.c | 17 +++++++++++++++++
2 files changed, 18 insertions(+)
diff --git a/gensignkey.c b/gensignkey.c
index 338bbef..06fdfd3 100644
--- a/gensignkey.c
+++ b/gensignkey.c
@@ -41,6 +41,7 @@ static int buf_writefile(buffer * buf, const char * filename) {
out:
if (fd >= 0) {
+ fsync(fd);
m_close(fd);
}
return ret;
diff --git a/svr-kex.c b/svr-kex.c
index 337c377..8e76489 100644
--- a/svr-kex.c
+++ b/svr-kex.c
@@ -89,6 +89,7 @@ static void svr_ensure_hostkey() {
const char* fn = NULL;
char *fn_temp = NULL;
+ char *fn_dir = NULL;
enum signkey_type type = ses.newkeys->algo_hostkey;
void **hostkey = signkey_key_ptr(svr_opts.hostkey, type);
int ret = DROPBEAR_FAILURE;
@@ -142,6 +143,22 @@ static void svr_ensure_hostkey() {
}
}
+#ifdef HAVE_LIBGEN_H
+ /* ensure directory update is flushed to disk */
+ fn_dir = strdup(fn);
+ if (fn_dir != NULL) {
+ char *dir = dirname(fn_dir);
+ int dirfd = open(dir, O_RDONLY);
+
+ if (dirfd != -1) {
+ fsync(dirfd);
+ close(dirfd);
+ }
+
+ free(fn_dir);
+ }
+#endif
+
ret = readhostkey(fn, svr_opts.hostkey, &type);
if (ret == DROPBEAR_SUCCESS) {
--
2.1.0
More information about the Dropbear
mailing list