From 8b579571b5584847caf72345b9073b3b2a0467a7 Mon Sep 17 00:00:00 2001
From: Matt Johnston <matt@ucc.asn.au>
Date: Fri, 17 Apr 2026 21:24:08 +0800
Subject: [PATCH] server: open authorized_keys files nonblocking

This avoids getting stuck with special files.
---
 src/svr-authpubkey.c | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/src/svr-authpubkey.c b/src/svr-authpubkey.c
index e38d8639..b0e67baa 100644
--- a/src/svr-authpubkey.c
+++ b/src/svr-authpubkey.c
@@ -503,10 +503,18 @@ static int checkpubkey(const char* keyalgo, unsigned int keyalgolen,
 	if (checkpubkeyperms() == DROPBEAR_FAILURE) {
 		TRACE(("bad authorized_keys permissions, or file doesn't exist"))
 	} else {
+		int fd;
 		/* we don't need to check pw and pw_dir for validity, since
 		 * its been done in checkpubkeyperms. */
 		filename = authorized_keys_filepath();
-		authfile = fopen(filename, "r");
+		fd = open(filename, O_RDONLY | O_NONBLOCK);
+		if (fd >= 0) {
+			authfile = fdopen(fd, "r");
+			if (!authfile) {
+				/* fdopen could fail with ENOMEM */
+				m_close(fd);
+			}
+		}
 		if (!authfile) {
 			TRACE(("checkpubkey: failed opening %s: %s", filename, strerror(errno)))
 		}