summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorderaadt@openbsd.org <deraadt@openbsd.org>2019-05-15 04:43:31 +0000
committerDarren Tucker <dtucker@dtucker.net>2019-05-17 10:07:43 +1000
commita1d29cc36a5e6eeabc935065a8780e1ba5b67014 (patch)
treebaa6b9e5cd9455b17b397f1998dd0591192b3040
parentdb7606d4a62fee67b0cb2f32dfcbd7b3642bfef5 (diff)
upstream: When doing the fork+exec'ing for ssh-keysign, rearrange
the socket into fd3, so as to not mistakenly leak other fd forward accidentally. ok djm OpenBSD-Commit-ID: 24cc753f5aa2c6a7d0fbf62766adbc75cd785296
-rw-r--r--sshconnect2.c16
1 files changed, 9 insertions, 7 deletions
diff --git a/sshconnect2.c b/sshconnect2.c
index dffee90b1..d2b5d4c04 100644
--- a/sshconnect2.c
+++ b/sshconnect2.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: sshconnect2.c,v 1.303 2019/02/12 23:53:10 djm Exp $ */ 1/* $OpenBSD: sshconnect2.c,v 1.304 2019/05/15 04:43:31 deraadt Exp $ */
2/* 2/*
3 * Copyright (c) 2000 Markus Friedl. All rights reserved. 3 * Copyright (c) 2000 Markus Friedl. All rights reserved.
4 * Copyright (c) 2008 Damien Miller. All rights reserved. 4 * Copyright (c) 2008 Damien Miller. All rights reserved.
@@ -1833,7 +1833,7 @@ ssh_keysign(struct ssh *ssh, struct sshkey *key, u_char **sigp, size_t *lenp,
1833 struct sshbuf *b; 1833 struct sshbuf *b;
1834 struct stat st; 1834 struct stat st;
1835 pid_t pid; 1835 pid_t pid;
1836 int i, r, to[2], from[2], status; 1836 int r, to[2], from[2], status;
1837 int sock = ssh_packet_get_connection_in(ssh); 1837 int sock = ssh_packet_get_connection_in(ssh);
1838 u_char rversion = 0, version = 2; 1838 u_char rversion = 0, version = 2;
1839 void (*osigchld)(int); 1839 void (*osigchld)(int);
@@ -1863,8 +1863,6 @@ ssh_keysign(struct ssh *ssh, struct sshkey *key, u_char **sigp, size_t *lenp,
1863 } 1863 }
1864 osigchld = signal(SIGCHLD, SIG_DFL); 1864 osigchld = signal(SIGCHLD, SIG_DFL);
1865 if (pid == 0) { 1865 if (pid == 0) {
1866 /* keep the socket on exec */
1867 fcntl(sock, F_SETFD, 0);
1868 close(from[0]); 1866 close(from[0]);
1869 if (dup2(from[1], STDOUT_FILENO) < 0) 1867 if (dup2(from[1], STDOUT_FILENO) < 0)
1870 fatal("%s: dup2: %s", __func__, strerror(errno)); 1868 fatal("%s: dup2: %s", __func__, strerror(errno));
@@ -1873,10 +1871,13 @@ ssh_keysign(struct ssh *ssh, struct sshkey *key, u_char **sigp, size_t *lenp,
1873 fatal("%s: dup2: %s", __func__, strerror(errno)); 1871 fatal("%s: dup2: %s", __func__, strerror(errno));
1874 close(from[1]); 1872 close(from[1]);
1875 close(to[0]); 1873 close(to[0]);
1876 /* Close everything but stdio and the socket */ 1874
1877 for (i = STDERR_FILENO + 1; i < sock; i++) 1875 if (dup2(sock, STDERR_FILENO + 1) < 0)
1878 close(i); 1876 fatal("%s: dup2: %s", __func__, strerror(errno));
1877 sock = STDERR_FILENO + 1;
1878 fcntl(sock, F_SETFD, 0); /* keep the socket on exec */
1879 closefrom(sock + 1); 1879 closefrom(sock + 1);
1880
1880 debug3("%s: [child] pid=%ld, exec %s", 1881 debug3("%s: [child] pid=%ld, exec %s",
1881 __func__, (long)getpid(), _PATH_SSH_KEY_SIGN); 1882 __func__, (long)getpid(), _PATH_SSH_KEY_SIGN);
1882 execl(_PATH_SSH_KEY_SIGN, _PATH_SSH_KEY_SIGN, (char *)NULL); 1883 execl(_PATH_SSH_KEY_SIGN, _PATH_SSH_KEY_SIGN, (char *)NULL);
@@ -1885,6 +1886,7 @@ ssh_keysign(struct ssh *ssh, struct sshkey *key, u_char **sigp, size_t *lenp,
1885 } 1886 }
1886 close(from[1]); 1887 close(from[1]);
1887 close(to[0]); 1888 close(to[0]);
1889 sock = STDIN_FILENO + 1;
1888 1890
1889 if ((b = sshbuf_new()) == NULL) 1891 if ((b = sshbuf_new()) == NULL)
1890 fatal("%s: sshbuf_new failed", __func__); 1892 fatal("%s: sshbuf_new failed", __func__);