upstream commit

fd leaks; report Qualys Security Advisory team; ok
 deraadt@

Upstream-ID: 4ec0f12b9d8fa202293c9effa115464185aa071d

2 files changed, 4 insertions, 2 deletions

diff --git a/sshconnect.c b/sshconnect.c
index a22710d9f..356ec79f0 100644
--- a/sshconnect.c
+++ b/sshconnect.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sshconnect.c,v 1.270 2016/01/14 16:17:40 markus Exp $ */
+/* $OpenBSD: sshconnect.c,v 1.271 2016/01/14 22:56:56 markus Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -167,6 +167,7 @@ ssh_proxy_fdpass_connect(const char *host, u_short port,
 
         if ((sock = mm_receive_fd(sp[1])) == -1)
                 fatal("proxy dialer did not pass back a connection");
+        close(sp[1]);
 
         while (waitpid(pid, NULL, 0) == -1)
                 if (errno != EINTR)
diff --git a/sshconnect2.c b/sshconnect2.c
index 1f918533f..4d426c33c 100644
--- a/sshconnect2.c
+++ b/sshconnect2.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sshconnect2.c,v 1.236 2016/01/14 16:17:40 markus Exp $ */
+/* $OpenBSD: sshconnect2.c,v 1.237 2016/01/14 22:56:56 markus Exp $ */
 /*
  * Copyright (c) 2000 Markus Friedl.  All rights reserved.
  * Copyright (c) 2008 Damien Miller.  All rights reserved.
@@ -1344,6 +1344,7 @@ pubkey_prepare(Authctxt *authctxt)
                 if (r != SSH_ERR_AGENT_NO_IDENTITIES)
                         debug("%s: ssh_fetch_identitylist: %s",
                             __func__, ssh_err(r));
+                close(agent_fd);
         } else {
                 for (j = 0; j < idlist->nkeys; j++) {
                         found = 0;