fix: create fopen wrapper and block default hostkey paths

Signed-off-by: Gauravsingh Sisodia <xaerru@gmail.com> Reviewed-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2026-02-04 12:20:42 +09:00 · 2025-03-17 18:36:42 +00:00
parent c1aab9903f
commit f9d7cadf4b
2 changed files with 42 additions and 1 deletions
--- a/tests/CMakeLists.txt
+++ b/tests/CMakeLists.txt
@@ -332,7 +332,7 @@ if (CLIENT_TESTING OR SERVER_TESTING)


    set(TORTURE_ENVIRONMENT
-        "LD_PRELOAD=${SOCKET_WRAPPER_LIBRARY}:${NSS_WRAPPER_LIBRARY}:${UID_WRAPPER_LIBRARY}:${PAM_WRAPPER_LIBRARY}:${CHROOT_WRAPPER}:${FS_WRAPPER}")
+        "LD_PRELOAD=${FS_WRAPPER}:${SOCKET_WRAPPER_LIBRARY}:${NSS_WRAPPER_LIBRARY}:${UID_WRAPPER_LIBRARY}:${PAM_WRAPPER_LIBRARY}:${CHROOT_WRAPPER}")
    if (priv_wrapper_FOUND)
        list(APPEND TORTURE_ENVIRONMENT PRIV_WRAPPER=1 PRIV_WRAPPER_CHROOT_DISABLE=1)
        list(APPEND TORTURE_ENVIRONMENT PRIV_WRAPPER_PRCTL_DISABLE="ALL" PRIV_WRAPPER_SETRLIMIT_DISABLE="ALL")
--- a/tests/fs_wrapper.c
+++ b/tests/fs_wrapper.c
@@ -6,6 +6,8 @@
 #include <string.h>
 #include <sys/stat.h>
 #include <unistd.h>
+#include <errno.h>
+#include <sys/syscall.h>

 /*******************************************************************************
 *                            Structs
@@ -211,3 +213,42 @@ statx(int dirfd,

    return rc;
 }
+
+static int is_file_blocked(const char *pathname)
+{
+    if (pathname == NULL) {
+        return 0;
+    }
+
+    static const char *blocked_files[] = {
+        /* Block for torture_gssapi_server_key_exchange_null */
+        "/etc/ssh/ssh_host_ecdsa_key",
+        "/etc/ssh/ssh_host_rsa_key",
+        "/etc/ssh/ssh_host_ed25519_key"
+    };
+
+    for (size_t i = 0; i < sizeof(blocked_files) / sizeof(blocked_files[0]); i++) {
+        if (strcmp(pathname, blocked_files[i]) == 0) {
+            errno = ENOENT;  /* No such file or directory */
+            return 1;
+        }
+    }
+    return 0;
+}
+
+#define WRAP_FOPEN(func_name) \
+FILE *func_name(const char *pathname, const char *mode) \
+{ \
+    typedef FILE *(*orig_func_t)(const char *pathname, const char *mode); \
+    static orig_func_t orig_func = NULL; \
+    if (orig_func == NULL) { \
+        orig_func = (orig_func_t)dlsym(RTLD_NEXT, #func_name); \
+    } \
+    if (is_file_blocked(pathname)) { \
+        return NULL; \
+    } \
+    return orig_func(pathname, mode); \
+}
+
+WRAP_FOPEN(fopen)
+WRAP_FOPEN(fopen64)