summaryrefslogtreecommitdiff
path: root/src/lib/crypt.c
diff options
context:
space:
mode:
authorDimitri Staessens <dimitri@ouroboros.rocks>2026-06-12 21:19:25 +0200
committerSander Vrijders <sander@ouroboros.rocks>2026-06-29 08:32:58 +0200
commitdf14e6cc81c296d91e9124cd09f25a83defb522f (patch)
treedf28a408e64172527debd3542806f2708c7a5499 /src/lib/crypt.c
parent89807593faaa0472372fb267e12b03a2d6485805 (diff)
downloadouroboros-df14e6cc81c296d91e9124cd09f25a83defb522f.tar.gz
ouroboros-df14e6cc81c296d91e9124cd09f25a83defb522f.zip
irmd: Fail OAP config load on read errors
load_sec_config_file() treated any fopen() failure as an absent config and silently disabled encryption. file_exists() similarly lumped non-ENOENT stat() errors in with "present". Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks> Signed-off-by: Sander Vrijders <sander@ouroboros.rocks>
Diffstat (limited to 'src/lib/crypt.c')
-rw-r--r--src/lib/crypt.c11
1 files changed, 8 insertions, 3 deletions
diff --git a/src/lib/crypt.c b/src/lib/crypt.c
index 73cb0b51..9728ac8c 100644
--- a/src/lib/crypt.c
+++ b/src/lib/crypt.c
@@ -265,12 +265,17 @@ int load_sec_config_file(struct sec_config * cfg,
fp = fopen(path, "r");
if (fp == NULL) {
- /* File doesn't exist - disable encryption */
- CLEAR_KEX_ALGO(cfg);
- return 0;
+ /* Absent config disables encryption; other errors fail */
+ if (errno == ENOENT) {
+ CLEAR_KEX_ALGO(cfg);
+ return 0;
+ }
+ return -errno;
}
+ pthread_cleanup_push(__cleanup_fclose, fp);
ret = parse_sec_config(cfg, fp);
+ pthread_cleanup_pop(0);
fclose(fp);