diff options
| author | cinap_lenrek <cinap_lenrek@felloff.net> | 2016-02-14 02:06:08 +0100 |
|---|---|---|
| committer | cinap_lenrek <cinap_lenrek@felloff.net> | 2016-02-14 02:06:08 +0100 |
| commit | a9b1e990b8339d413aecaa00c5db743358caa42c (patch) | |
| tree | abf51ac23644eb3ce9af9fa1d5e9aac63edb444b /sys/src/cmd/tlsclient.c | |
| parent | 9ec9a47789c5c71c8e135d7ce0a92d44317c1fa0 (diff) | |
tlsclient: add -o option to establish connection over a file, free the AuthInfo structure to avoid leaking secrets
Diffstat (limited to 'sys/src/cmd/tlsclient.c')
| -rw-r--r-- | sys/src/cmd/tlsclient.c | 19 |
1 files changed, 14 insertions, 5 deletions
diff --git a/sys/src/cmd/tlsclient.c b/sys/src/cmd/tlsclient.c index bc4b6d678..a90eabf96 100644 --- a/sys/src/cmd/tlsclient.c +++ b/sys/src/cmd/tlsclient.c @@ -4,14 +4,14 @@ #include <libsec.h> #include <auth.h> -int debug, auth; +int debug, auth, dialfile; char *keyspec = ""; char *servername, *file, *filex, *ccert; void usage(void) { - fprint(2, "usage: tlsclient [-D] [-a [-k keyspec] ] [-c lib/tls/clientcert] [-t /sys/lib/tls/xxx] [-x /sys/lib/tls/xxx.exclude] [-n servername] dialstring [cmd [args...]]\n"); + fprint(2, "usage: tlsclient [-D] [-a [-k keyspec] ] [-c lib/tls/clientcert] [-t /sys/lib/tls/xxx] [-x /sys/lib/tls/xxx.exclude] [-n servername] [-o] dialstring [cmd [args...]]\n"); exits("usage"); } @@ -47,6 +47,7 @@ main(int argc, char **argv) char *addr; TLSconn *conn; Thumbprint *thumb; + AuthInfo *ai = nil; fmtinstall('H', encodefmt); @@ -72,6 +73,9 @@ main(int argc, char **argv) case 'n': servername = EARGF(usage()); break; + case 'o': + dialfile = 1; + break; default: usage(); }ARGEND @@ -90,7 +94,7 @@ main(int argc, char **argv) thumb = nil; addr = *argv++; - if((fd = dial(addr, 0, 0, 0)) < 0) + if((fd = dialfile? open(addr, ORDWR): dial(addr, 0, 0, 0)) < 0) sysfatal("dial %s: %r", addr); conn = (TLSconn*)mallocz(sizeof *conn, 1); @@ -102,8 +106,6 @@ main(int argc, char **argv) } if(auth){ - AuthInfo *ai; - ai = auth_proxy(fd, auth_getkey, "proto=p9any role=client %s", keyspec); if(ai == nil) sysfatal("auth_proxy: %r"); @@ -128,8 +130,15 @@ main(int argc, char **argv) sha1(conn->cert, conn->certlen, digest, nil); if(!okThumbprint(digest, thumb)) sysfatal("server certificate %.*H not recognized", SHA1dlen, digest); + freeThumbprints(thumb); } + free(conn->cert); + free(conn->sessionID); + free(conn); + if(ai != nil) + auth_freeAI(ai); + if(*argv){ dup(fd, 0); dup(fd, 1); |