sergeyb at tarantool.org
2020-Sep-09 14:17 UTC
[PATCH] ensure PKCS#11 library file is accessible before use
From: Sergey Bronnikov <sergeyb at tarantool.org> ssh-agent failed to use PKCS#11 provider when file is not accessible and show message like like: 'Could not add card "/usr/local/lib/pkcs11/opensc-pkcs11.so": agent refused operation'. This commit adds to ssh-add utility check for existance of PKCS#11 library file before passing it to ssh-agent. --- ssh-add.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/ssh-add.c b/ssh-add.c index 936dc212..779bf8dd 100644 --- a/ssh-add.c +++ b/ssh-add.c @@ -816,6 +816,9 @@ main(int argc, char **argv) goto done; } if (pkcs11provider != NULL) { + struct stat buf; + if (stat(pkcs11provider, &buf) != 0) + fatal("PKCS#11 shared library file is not accessible: %s", strerror(errno)); if (update_card(agent_fd, !deleting, pkcs11provider, qflag) == -1) ret = 1; -- 2.26.2