artulab
projects / openbsd / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 49ec239)
If -P and -c were given, a second pledge call tried to add "rpath" to the
authortb <tb@openbsd.org>
Sat, 10 Jun 2017 18:14:10 +0000 (18:14 +0000)
committertb <tb@openbsd.org>
Sat, 10 Jun 2017 18:14:10 +0000 (18:14 +0000)
first pledge promises, so nc exited with EPERM. To fix this, merge the
pledge of the Pflag && usetls case into the first pledge block. This
allows us to get rid of the second pledge block and thus to simplify the
logic a bit. While there, add a missing blank to an error string.

Joint effort by the #openbsd-daily code reading group, problem found and
initial patch by <rain1 openmailbox org>.

ok awolk

usr.bin/nc/netcat.c patch | blob | history

diff --git a/usr.bin/nc/netcat.c b/usr.bin/nc/netcat.c
index 41abc8d..bb868d7 100644 (file)
--- a/usr.bin/nc/netcat.c
+++ b/usr.bin/nc/netcat.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: netcat.c,v 1.183 2017/05/26 16:05:35 bluhm Exp $ */
+/* $OpenBSD: netcat.c,v 1.184 2017/06/10 18:14:10 tb Exp $ */
 /*
  * Copyright (c) 2001 Eric Jackson <ericj@monkey.org>
  * Copyright (c) 2015 Bob Beck.  All rights reserved.
@@ -355,6 +355,9 @@ main(int argc, char *argv[])
                                err(1, "pledge");
                } else if (pledge("stdio inet dns sendfd", NULL) == -1)
                        err(1, "pledge");
+       } else if (Pflag && usetls) {
+               if (pledge("stdio rpath inet dns tty", NULL) == -1)
+                       err(1, "pledge");
        } else if (Pflag) {
                if (pledge("stdio inet dns tty", NULL) == -1)
                        err(1, "pledge");
@@ -478,12 +481,6 @@ main(int argc, char *argv[])
        }
 
        if (usetls) {
-               if (Pflag) {
-                       if (pledge("stdio inet dns tty rpath", NULL) == -1)
-                               err(1, "pledge");
-               } else if (pledge("stdio inet dns rpath", NULL) == -1)
-                       err(1, "pledge");
-
                if (tls_init() == -1)
                        errx(1, "unable to initialize TLS");
                if ((tls_cfg = tls_config_new()) == NULL)
@@ -510,7 +507,7 @@ main(int argc, char *argv[])
                if (TLSopt & TLS_NOVERIFY) {
                        if (tls_expecthash != NULL)
                                errx(1, "-H and -T noverify may not be used"
-                                   "together");
+                                   " together");
                        tls_config_insecure_noverifycert(tls_cfg);
                }
                if (TLSopt & TLS_MUSTSTAPLE)
OpenBSD src
by Ahmet Artu Yildirim