openssh bugs - Feb 2011 - [Bug 1869] New: ssh-add can no longer read from FIFOs as of 5.7p1

https://bugzilla.mindrot.org/show_bug.cgi?id=1869

           Summary: ssh-add can no longer read from FIFOs as of 5.7p1
           Product: Portable OpenSSH
           Version: 5.8p1
          Platform: All
        OS/Version: All
            Status: NEW
          Severity: normal
          Priority: P2
         Component: ssh-add
        AssignedTo: unassigned-bugs at mindrot.org
        ReportedBy: dkg at fifthhorseman.net


Created attachment 2001
  --> https://bugzilla.mindrot.org/attachment.cgi?id=2001
allow ssh-add to read from FIFOs

It looks like ssh-add can no longer read from FIFOs as of 5.7p1 (since
the switch from PEM_read_PrivateKey() to PEM_read_bio_PrivateKey(), and
reading the file into an ssh buffer directly).

Being able to read from a FIFO is nice for tools that don't want to put
keys directly on the filesystem.  In fact, we were relying on that
behavior for the monkeysphere, and it's currently breaking because of
the change:

 https://labs.riseup.net/code/issues/2735

The attached patch fixes things so that ssh-add can read from a FIFO
again.

-- 
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=1869

Daniel Kahn Gillmor <dkg at fifthhorseman.net> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
   Attachment #2001|0                           |1
        is obsolete|                            |

--- Comment #1 from Daniel Kahn Gillmor <dkg at fifthhorseman.net>
2011-02-24 14:26:41 EST ---
Created attachment 2002
  --> https://bugzilla.mindrot.org/attachment.cgi?id=2002
allow ssh-add to read from FIFOs

updated patch to use S_ISFIFO() instead of testing the st_mode bits
directly (thanks, Clint Adams)

-- 
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=1869

micah at riseup.net changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |micah at riseup.net

--- Comment #2 from micah at riseup.net 2011-03-09 11:09:22 EST ---
I got bit by this change, and it took some time to figure out what
caused it. Based on the commits, it doesn't appear as if removing the
capability to read from a FIFO was deliberate, but rather was an
unintended regression. 

I tried the attached patch and it restores the capability for me, I
support its inclusion as soon as possible.

-- 
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=1869

Jonatan Walck <jonatan at walck.se> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |jonatan at walck.se

--- Comment #3 from Jonatan Walck <jonatan at walck.se> 2011-03-09
11:16:13 EST ---
I ran into the same bug using openssh-client 1:5.8p1-2 from debian sid
repo, also reproduced with a vanilla openssh 5.8p1 from an official
openssh mirror.

I found the error by using monkeysphere subkey-to-ssh-client, after
which ssh-agent did not add a new identity as expected.

Tried the attached patch and it works as expected again, identity added
and working for ssh. Would be great to see this patch included so FIFOs
start working again.

-- 
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=1869

Damien Miller <djm at mindrot.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |djm at mindrot.org
             Blocks|                            |1845

--- Comment #4 from Damien Miller <djm at mindrot.org> 2011-05-06 10:56:16
EST ---
This is fixed in -current in a different way and will be in OpenSSH
5.9. As a bonus, you can now "ssh-add - < /path/to/key"

-- 
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=1869

Damien Miller <djm at mindrot.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |RESOLVED
         Resolution|                            |FIXED

-- 
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=1869

Damien Miller <djm at mindrot.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|RESOLVED                    |CLOSED

--- Comment #5 from Damien Miller <djm at mindrot.org> 2011-09-06 15:33:07
EST ---
close resolved bugs now that openssh-5.9 has been released

-- 
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.