From dbd124eb250ac72aac05539d1367e15cf129f204 Mon Sep 17 00:00:00 2001
From: beck <>
Date: Mon, 12 Jul 2021 15:09:21 +0000
Subject: Change the error reporting pattern throughout the tree when unveil
 fails to report the path that the failure occured on. Suggested by deraadt@
 after some tech discussion.

Work done and verified by Ashton Fagg <ashton@fagg.id.au>

ok deraadt@ semarie@ claudio@
---
 src/usr.bin/nc/netcat.c            | 18 +++++++++---------
 src/usr.sbin/ocspcheck/ocspcheck.c |  8 ++++----
 2 files changed, 13 insertions(+), 13 deletions(-)

(limited to 'src')

diff --git a/src/usr.bin/nc/netcat.c b/src/usr.bin/nc/netcat.c
index 503095584a..811551f57d 100644
--- a/src/usr.bin/nc/netcat.c
+++ b/src/usr.bin/nc/netcat.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: netcat.c,v 1.217 2020/02/12 14:46:36 schwarze Exp $ */
+/* $OpenBSD: netcat.c,v 1.218 2021/07/12 15:09:20 beck Exp $ */
 /*
  * Copyright (c) 2001 Eric Jackson <ericj@monkey.org>
  * Copyright (c) 2015 Bob Beck.  All rights reserved.
@@ -364,13 +364,13 @@ main(int argc, char *argv[])
 
 	if (usetls) {
 		if (Cflag && unveil(Cflag, "r") == -1)
-			err(1, "unveil");
+			err(1, "unveil %s", Cflag);
 		if (unveil(Rflag, "r") == -1)
-			err(1, "unveil");
+			err(1, "unveil %s", Rflag);
 		if (Kflag && unveil(Kflag, "r") == -1)
-			err(1, "unveil");
+			err(1, "unveil %s", Kflag);
 		if (oflag && unveil(oflag, "r") == -1)
-			err(1, "unveil");
+			err(1, "unveil %s", oflag);
 	} else if (family == AF_UNIX && uflag && lflag && !kflag) {
 		/*
 		 * After recvfrom(2) from client, the server connects
@@ -380,20 +380,20 @@ main(int argc, char *argv[])
 	} else {
 		if (family == AF_UNIX) {
 			if (unveil(host, "rwc") == -1)
-				err(1, "unveil");
+				err(1, "unveil %s", host);
 			if (uflag && !kflag) {
 				if (sflag) {
 					if (unveil(sflag, "rwc") == -1)
-						err(1, "unveil");
+						err(1, "unveil %s", sflag);
 				} else {
 					if (unveil("/tmp", "rwc") == -1)
-						err(1, "unveil");
+						err(1, "unveil /tmp");
 				}
 			}
 		} else {
 			/* no filesystem visibility */
 			if (unveil("/", "") == -1)
-				err(1, "unveil");
+				err(1, "unveil /");
 		}
 	}
 
diff --git a/src/usr.sbin/ocspcheck/ocspcheck.c b/src/usr.sbin/ocspcheck/ocspcheck.c
index 50f114f07c..46e7e66607 100644
--- a/src/usr.sbin/ocspcheck/ocspcheck.c
+++ b/src/usr.sbin/ocspcheck/ocspcheck.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ocspcheck.c,v 1.29 2021/02/09 16:55:51 claudio Exp $ */
+/* $OpenBSD: ocspcheck.c,v 1.30 2021/07/12 15:09:21 beck Exp $ */
 
 /*
  * Copyright (c) 2017,2020 Bob Beck <beck@openbsd.org>
@@ -617,14 +617,14 @@ main(int argc, char **argv)
 
 	if (cafile != NULL) {
 		if (unveil(cafile, "r") == -1)
-			err(1, "unveil");
+			err(1, "unveil %s", cafile);
 	}
 	if (cadir != NULL) {
 		if (unveil(cadir, "r") == -1)
-			err(1, "unveil");
+			err(1, "unveil %s", cadir);
 	}
 	if (unveil(certfile, "r") == -1)
-		err(1, "unveil");
+		err(1, "unveil %s", certfile);
 
 	if (pledge("stdio inet rpath dns", NULL) == -1)
 		err(1, "pledge");
-- 
cgit v1.2.3-55-g6feb