upstream: preserve group/world read permission on known_hosts

file across runs of "ssh-keygen -Rf /path". The old behaviour was to remove
all rights for group/other. bz#3146 ok dtucker@

OpenBSD-Commit-ID: dc369d0e0b5dd826430c63fd5f4b269953448a8a

diff --git a/ssh-keygen.c b/ssh-keygen.c
index 8c23a54cf1d44cab4a97645ba9824fcd1a8648bd..bcf1ece39dcc49d1e1fca5bea77a391985cff353 100644 (file)
--- a/ssh-keygen.c
+++ b/ssh-keygen.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-keygen.c,v 1.409 2020/05/02 07:19:43 djm Exp $ */
+/* $OpenBSD: ssh-keygen.c,v 1.410 2020/05/13 09:55:57 djm Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1994 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -1292,6 +1292,7 @@ do_known_hosts(struct passwd *pw, const char *name, int find_host,
        int r, fd, oerrno, inplace = 0;
        struct known_hosts_ctx ctx;
        u_int foreach_options;
+       struct stat sb;
 
        if (!have_identity) {
                cp = tilde_expand_filename(_PATH_SSH_USER_HOSTFILE, pw->pw_uid);
@@ -1301,6 +1302,8 @@ do_known_hosts(struct passwd *pw, const char *name, int find_host,
                free(cp);
                have_identity = 1;
        }
+       if (stat(identity_file, &sb) != 0)
+               fatal("Cannot stat %s: %s", identity_file, strerror(errno));
 
        memset(&ctx, 0, sizeof(ctx));
        ctx.out = stdout;
@@ -1327,6 +1330,7 @@ do_known_hosts(struct passwd *pw, const char *name, int find_host,
                        unlink(tmp);
                        fatal("fdopen: %s", strerror(oerrno));
                }
+               fchmod(fd, sb.st_mode & 0644);
                inplace = 1;
        }
        /* XXX support identity_file == "-" for stdin */