[prev in list] [next in list] [prev in thread] [next in thread]
List: openssh-unix-dev
Subject: Re: OpenSSH 6.4, "ssh-add -l", output to non-tty
From: Phil Pennock <phil.pennock () globnix ! org>
Date: 2014-04-17 16:32:57
Message-ID: 20140417163257.GA71270 () redoubt ! spodhuis ! org
[Download RAW message or body]
On 2014-04-17 at 12:46 +0200, Peter Stuge wrote:
> Phil Pennock wrote:
> > stdio buffering, not in line-buffering mode, not flushed before
> > `fatal()` call.
> >
> > Obvious in retrospect. Bug?
>
> I think it seems good to add two fflush() calls to fatal().
What happens if fatal() is called from some place in a network speaker
where the caller has decided to exit immediately for security reasons?
(You might be right: this is an honest question from ignorance on my
part.)
It looks like openssh is already doing portability/brokenness checks to
end up with a working setlinebuf() call. Switching ssh-add to be
line-buffered when working with key conversion formats might conceivably
affect broken tools, but it should be safe for list_identities() to do
so.
But this assumes that the remote agent will always have older, more
broadly supported, key formats loaded first; true for a single
invocation of 'ssh-add' loading one set of keys in default order, but
buggy. It might be better to instead give key_fingerprint() a flag to
avoid fatal()?
diff --git a/ssh-add.c b/ssh-add.c
index 3421452..9bf5f21 100644
--- a/ssh-add.c
+++ b/ssh-add.c
@@ -324,6 +324,9 @@ list_identities(AuthenticationConnection *ac, int do_fp)
int had_identities = 0;
int version;
+ /* key_fingerprint() can fatal() */
+ setlinebuf(stdout);
+
for (version = 1; version <= 2; version++) {
for (key = ssh_get_first_identity(ac, &comment, version);
key != NULL;
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic