Make sure hostkeys are flushed to disk to avoid empty files if the power

fails. Based on patch from Peter Korsgaard
2025-01-31 10:57:01 +00:00 · 2014-11-08 22:15:16 +08:00 · 2014-11-08 22:15:16 +08:00 · 4ba830fc31
commit 4ba830fc31
parent 3022a46039
2 changed files with 23 additions and 0 deletions
--- a/gensignkey.c
+++ b/gensignkey.c
@ -41,6 +41,7 @@ static int buf_writefile(buffer * buf, const char * filename) {

 out:
 	if (fd >= 0) {
+		fsync(fd);
 		m_close(fd);
 	}
 	return ret;
--- a/svr-kex.c
+++ b/svr-kex.c
@ -84,7 +84,25 @@ void recv_msg_kexdh_init() {
 	TRACE(("leave recv_msg_kexdh_init"))
 }

+
 #ifdef DROPBEAR_DELAY_HOSTKEY
+
+static void fsync_parent_dir(const char* fn) {
+#ifdef HAVE_LIBGEN_H
+	char *fn_dir = m_strdup(fn);
+	char *dir = dirname(fn_dir);
+	/* some OSes need the fd to be writable for fsync */
+	int dirfd = open(dir, O_RDWR);
+
+	if (dirfd != -1) {
+		fsync(dirfd);
+		m_close(dirfd);
+	}
+
+	free(fn_dir);
+#endif
+}
+
 static void svr_ensure_hostkey() {

 	const char* fn = NULL;
@ -142,6 +160,10 @@ static void svr_ensure_hostkey() {
 		}
 	}

+	/* ensure directory update is flushed to disk, otherwise we can end up
+	with zero-byte hostkey files if the power goes off */
+	fsync_parent_dir(fn);
+
 	ret = readhostkey(fn, svr_opts.hostkey, &type);

 	if (ret == DROPBEAR_SUCCESS) {