diff options
author | deraadt@openbsd.org <deraadt@openbsd.org> | 2019-05-15 04:43:31 +0000 |
---|---|---|
committer | Darren Tucker <dtucker@dtucker.net> | 2019-05-17 10:07:43 +1000 |
commit | a1d29cc36a5e6eeabc935065a8780e1ba5b67014 (patch) | |
tree | baa6b9e5cd9455b17b397f1998dd0591192b3040 | |
parent | db7606d4a62fee67b0cb2f32dfcbd7b3642bfef5 (diff) |
upstream: When doing the fork+exec'ing for ssh-keysign, rearrange
the socket into fd3, so as to not mistakenly leak other fd forward
accidentally. ok djm
OpenBSD-Commit-ID: 24cc753f5aa2c6a7d0fbf62766adbc75cd785296
-rw-r--r-- | sshconnect2.c | 16 |
1 files changed, 9 insertions, 7 deletions
diff --git a/sshconnect2.c b/sshconnect2.c index dffee90b1..d2b5d4c04 100644 --- a/sshconnect2.c +++ b/sshconnect2.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: sshconnect2.c,v 1.303 2019/02/12 23:53:10 djm Exp $ */ | 1 | /* $OpenBSD: sshconnect2.c,v 1.304 2019/05/15 04:43:31 deraadt Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2000 Markus Friedl. All rights reserved. | 3 | * Copyright (c) 2000 Markus Friedl. All rights reserved. |
4 | * Copyright (c) 2008 Damien Miller. All rights reserved. | 4 | * Copyright (c) 2008 Damien Miller. All rights reserved. |
@@ -1833,7 +1833,7 @@ ssh_keysign(struct ssh *ssh, struct sshkey *key, u_char **sigp, size_t *lenp, | |||
1833 | struct sshbuf *b; | 1833 | struct sshbuf *b; |
1834 | struct stat st; | 1834 | struct stat st; |
1835 | pid_t pid; | 1835 | pid_t pid; |
1836 | int i, r, to[2], from[2], status; | 1836 | int r, to[2], from[2], status; |
1837 | int sock = ssh_packet_get_connection_in(ssh); | 1837 | int sock = ssh_packet_get_connection_in(ssh); |
1838 | u_char rversion = 0, version = 2; | 1838 | u_char rversion = 0, version = 2; |
1839 | void (*osigchld)(int); | 1839 | void (*osigchld)(int); |
@@ -1863,8 +1863,6 @@ ssh_keysign(struct ssh *ssh, struct sshkey *key, u_char **sigp, size_t *lenp, | |||
1863 | } | 1863 | } |
1864 | osigchld = signal(SIGCHLD, SIG_DFL); | 1864 | osigchld = signal(SIGCHLD, SIG_DFL); |
1865 | if (pid == 0) { | 1865 | if (pid == 0) { |
1866 | /* keep the socket on exec */ | ||
1867 | fcntl(sock, F_SETFD, 0); | ||
1868 | close(from[0]); | 1866 | close(from[0]); |
1869 | if (dup2(from[1], STDOUT_FILENO) < 0) | 1867 | if (dup2(from[1], STDOUT_FILENO) < 0) |
1870 | fatal("%s: dup2: %s", __func__, strerror(errno)); | 1868 | fatal("%s: dup2: %s", __func__, strerror(errno)); |
@@ -1873,10 +1871,13 @@ ssh_keysign(struct ssh *ssh, struct sshkey *key, u_char **sigp, size_t *lenp, | |||
1873 | fatal("%s: dup2: %s", __func__, strerror(errno)); | 1871 | fatal("%s: dup2: %s", __func__, strerror(errno)); |
1874 | close(from[1]); | 1872 | close(from[1]); |
1875 | close(to[0]); | 1873 | close(to[0]); |
1876 | /* Close everything but stdio and the socket */ | 1874 | |
1877 | for (i = STDERR_FILENO + 1; i < sock; i++) | 1875 | if (dup2(sock, STDERR_FILENO + 1) < 0) |
1878 | close(i); | 1876 | fatal("%s: dup2: %s", __func__, strerror(errno)); |
1877 | sock = STDERR_FILENO + 1; | ||
1878 | fcntl(sock, F_SETFD, 0); /* keep the socket on exec */ | ||
1879 | closefrom(sock + 1); | 1879 | closefrom(sock + 1); |
1880 | |||
1880 | debug3("%s: [child] pid=%ld, exec %s", | 1881 | debug3("%s: [child] pid=%ld, exec %s", |
1881 | __func__, (long)getpid(), _PATH_SSH_KEY_SIGN); | 1882 | __func__, (long)getpid(), _PATH_SSH_KEY_SIGN); |
1882 | execl(_PATH_SSH_KEY_SIGN, _PATH_SSH_KEY_SIGN, (char *)NULL); | 1883 | execl(_PATH_SSH_KEY_SIGN, _PATH_SSH_KEY_SIGN, (char *)NULL); |
@@ -1885,6 +1886,7 @@ ssh_keysign(struct ssh *ssh, struct sshkey *key, u_char **sigp, size_t *lenp, | |||
1885 | } | 1886 | } |
1886 | close(from[1]); | 1887 | close(from[1]); |
1887 | close(to[0]); | 1888 | close(to[0]); |
1889 | sock = STDIN_FILENO + 1; | ||
1888 | 1890 | ||
1889 | if ((b = sshbuf_new()) == NULL) | 1891 | if ((b = sshbuf_new()) == NULL) |
1890 | fatal("%s: sshbuf_new failed", __func__); | 1892 | fatal("%s: sshbuf_new failed", __func__); |