- djm@cvs.openbsd.org 2005/09/13 23:40:07

[sshd.c ssh.c misc.h sftp.c ssh-keygen.c ssh-keysign.c sftp-server.c scp.c misc.c ssh-keyscan.c ssh-add.c ssh-agent.c] ensure that stdio fds are attached; ok deraadt@
author: Darren Tucker <dtucker@zip.com.au> 2005-10-03 18:11:24 +1000
committer: Darren Tucker <dtucker@zip.com.au> 2005-10-03 18:11:24 +1000
commit: ce321d8a30a81222d11a4c27fd353804a9afecd3 (patch)
tree: 9b43bd892b03286fbbda2f032fe16a0f6cf9bb74
parent: d89dbf29ff288ac8ba1755d15f63d2bd58dcb71b (diff)
13 files changed, 73 insertions, 13 deletions
diff --git a/ChangeLog b/ChangeLog
index 29a5d7b7a..c8b2f3f86 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -6,6 +6,10 @@
   - markus@cvs.openbsd.org 2005/09/09 19:18:05
     [clientloop.c]
     typo; from mark at mcs.vuw.ac.nz, bug #1082
+   - djm@cvs.openbsd.org 2005/09/13 23:40:07
+     [sshd.c ssh.c misc.h sftp.c ssh-keygen.c ssh-keysign.c sftp-server.c
+     scp.c misc.c ssh-keyscan.c ssh-add.c ssh-agent.c]
+     ensure that stdio fds are attached; ok deraadt@
 20050930
 - (dtucker) [openbsd-compat/openbsd-compat.h] Bug #1096: Add prototype
@@ -3046,4 +3050,4 @@
   - (djm) Trim deprecated options from INSTALL. Mention UsePAM
   - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu
-$Id: ChangeLog,v 1.3903 2005/10/03 08:05:26 dtucker Exp $
+$Id: ChangeLog,v 1.3904 2005/10/03 08:11:24 dtucker Exp $
diff --git a/misc.c b/misc.c
index 2dd8ae6e3..27b947f0c 100644
--- a/misc.c
+++ b/misc.c
@@ -24,7 +24,7 @@
 */
 #include "includes.h"
-RCSID("$OpenBSD: misc.c,v 1.34 2005/07/08 09:26:18 dtucker Exp $");
+RCSID("$OpenBSD: misc.c,v 1.35 2005/09/13 23:40:07 djm Exp $");
 #include "misc.h"
 #include "log.h"
@@ -507,6 +507,26 @@ read_keyfile_line(FILE *f, const char *filename, char *buf, size_t bufsz,
        return -1;
 }
+void
+sanitise_stdfd(void)
+{
+        int nullfd;
+        if ((nullfd = open(_PATH_DEVNULL, O_RDWR)) == -1) {
+                fprintf(stderr, "Couldn't open /dev/null: %s", strerror(errno));
+                exit(1);
+        }
+        while (nullfd < 2) {
+                if (dup2(nullfd, nullfd + 1) == -1) {
+                        fprintf(stderr, "dup2: %s", strerror(errno));
+                        exit(1);
+                }
+                nullfd++;
+        }
+        if (nullfd > 2)
+                close(nullfd);
+}
 char *
 tohex(const u_char *d, u_int l)
 {
diff --git a/misc.h b/misc.h
index 2d630feb5..51541336c 100644
--- a/misc.h
+++ b/misc.h
@@ -1,4 +1,4 @@
-/*      $OpenBSD: misc.h,v 1.25 2005/07/14 04:00:43 dtucker Exp $       */
+/*      $OpenBSD: misc.h,v 1.26 2005/09/13 23:40:07 djm Exp $   */
 /*
 * Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -27,6 +27,7 @@ long	 convtime(const char *);
 char    *tilde_expand_filename(const char *, uid_t);
 char    *percent_expand(const char *, ...) __attribute__((__sentinel__));
 char    *tohex(const u_char *, u_int);
+void     sanitise_stdfd(void);
 struct passwd *pwcopy(struct passwd *);
diff --git a/scp.c b/scp.c
index 1407aa71d..58c00442f 100644
--- a/scp.c
+++ b/scp.c
@@ -71,7 +71,7 @@
 */
 #include "includes.h"
-RCSID("$OpenBSD: scp.c,v 1.125 2005/07/27 10:39:03 dtucker Exp $");
+RCSID("$OpenBSD: scp.c,v 1.126 2005/09/13 23:40:07 djm Exp $");
 #include "xmalloc.h"
 #include "atomicio.h"
@@ -222,6 +222,9 @@ main(int argc, char **argv)
        extern char *optarg;
        extern int optind;
+        /* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */
+        sanitise_stdfd();
        __progname = ssh_get_progname(argv[0]);
        args.list = NULL;
diff --git a/sftp-server.c b/sftp-server.c
index 6870e7732..e7d000cff 100644
--- a/sftp-server.c
+++ b/sftp-server.c
@@ -14,13 +14,14 @@
 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 */
 #include "includes.h"
-RCSID("$OpenBSD: sftp-server.c,v 1.48 2005/06/17 02:44:33 djm Exp $");
+RCSID("$OpenBSD: sftp-server.c,v 1.49 2005/09/13 23:40:07 djm Exp $");
 #include "buffer.h"
 #include "bufaux.h"
 #include "getput.h"
 #include "log.h"
 #include "xmalloc.h"
+#include "misc.h"
 #include "sftp.h"
 #include "sftp-common.h"
@@ -1036,6 +1037,9 @@ main(int ac, char **av)
        int in, out, max;
        ssize_t len, olen, set_size;
+        /* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */
+        sanitise_stdfd();
        /* XXX should use getopt */
        __progname = ssh_get_progname(av[0]);
diff --git a/sftp.c b/sftp.c
index f98ed7d27..f29927c0f 100644
--- a/sftp.c
+++ b/sftp.c
@@ -16,7 +16,7 @@
 #include "includes.h"
-RCSID("$OpenBSD: sftp.c,v 1.66 2005/08/08 13:22:48 jaredy Exp $");
+RCSID("$OpenBSD: sftp.c,v 1.67 2005/09/13 23:40:07 djm Exp $");
 #ifdef USE_LIBEDIT
 #include <histedit.h>
@@ -1447,6 +1447,9 @@ main(int argc, char **argv)
        extern int optind;
        extern char *optarg;
+        /* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */
+        sanitise_stdfd();
        __progname = ssh_get_progname(argv[0]);
        args.list = NULL;
        addargs(&args, "ssh");          /* overwritten with ssh_program */
diff --git a/ssh-add.c b/ssh-add.c
index a3428769c..749a76829 100644
--- a/ssh-add.c
+++ b/ssh-add.c
@@ -35,7 +35,7 @@
 */
 #include "includes.h"
-RCSID("$OpenBSD: ssh-add.c,v 1.72 2005/07/17 07:17:55 djm Exp $");
+RCSID("$OpenBSD: ssh-add.c,v 1.73 2005/09/13 23:40:07 djm Exp $");
 #include <openssl/evp.h>
@@ -312,6 +312,9 @@ main(int argc, char **argv)
        char *sc_reader_id = NULL;
        int i, ch, deleting = 0, ret = 0;
+        /* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */
+        sanitise_stdfd();
        __progname = ssh_get_progname(argv[0]);
        init_rng();
        seed_rng();
diff --git a/ssh-agent.c b/ssh-agent.c
index dd7e22ad5..6f0ba130d 100644
--- a/ssh-agent.c
+++ b/ssh-agent.c
@@ -35,7 +35,7 @@
 #include "includes.h"
 #include "openbsd-compat/sys-queue.h"
-RCSID("$OpenBSD: ssh-agent.c,v 1.122 2004/10/29 22:53:56 djm Exp $");
+RCSID("$OpenBSD: ssh-agent.c,v 1.123 2005/09/13 23:40:07 djm Exp $");
 #include <openssl/evp.h>
 #include <openssl/md5.h>
@@ -1008,6 +1008,9 @@ main(int ac, char **av)
        pid_t pid;
        char pidstrbuf[1 + 3 * sizeof pid];
+        /* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */
+        sanitise_stdfd();
        /* drop */
        setegid(getgid());
        setgid(getgid());
diff --git a/ssh-keygen.c b/ssh-keygen.c
index b17851946..92803da45 100644
--- a/ssh-keygen.c
+++ b/ssh-keygen.c
@@ -12,7 +12,7 @@
 */
 #include "includes.h"
-RCSID("$OpenBSD: ssh-keygen.c,v 1.128 2005/07/17 07:17:55 djm Exp $");
+RCSID("$OpenBSD: ssh-keygen.c,v 1.129 2005/09/13 23:40:07 djm Exp $");
 #include <openssl/evp.h>
 #include <openssl/pem.h>
@@ -1018,6 +1018,9 @@ main(int ac, char **av)
        extern int optind;
        extern char *optarg;
+        /* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */
+        sanitise_stdfd();
        __progname = ssh_get_progname(av[0]);
        SSLeay_add_all_algorithms();
diff --git a/ssh-keyscan.c b/ssh-keyscan.c
index 46f063687..8ac97bd35 100644
--- a/ssh-keyscan.c
+++ b/ssh-keyscan.c
@@ -7,7 +7,7 @@
 */
 #include "includes.h"
-RCSID("$OpenBSD: ssh-keyscan.c,v 1.55 2005/06/17 02:44:33 djm Exp $");
+RCSID("$OpenBSD: ssh-keyscan.c,v 1.56 2005/09/13 23:40:07 djm Exp $");
 #include "openbsd-compat/sys-queue.h"
@@ -712,6 +712,9 @@ main(int argc, char **argv)
        seed_rng();
        TAILQ_INIT(&tq);
+        /* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */
+        sanitise_stdfd();
        if (argc <= 1)
                usage();
diff --git a/ssh-keysign.c b/ssh-keysign.c
index 04597a91d..dae3a2e8c 100644
--- a/ssh-keysign.c
+++ b/ssh-keysign.c
@@ -22,7 +22,7 @@
 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 */
 #include "includes.h"
-RCSID("$OpenBSD: ssh-keysign.c,v 1.18 2004/08/23 14:29:23 dtucker Exp $");
+RCSID("$OpenBSD: ssh-keysign.c,v 1.19 2005/09/13 23:40:07 djm Exp $");
 #include <openssl/evp.h>
 #include <openssl/rand.h>
@@ -148,6 +148,13 @@ main(int argc, char **argv)
        u_int slen, dlen;
        u_int32_t rnd[256];
+        /* Ensure that stdin and stdout are connected */
+        if ((fd = open(_PATH_DEVNULL, O_RDWR)) < 2)
+                exit(1);
+        /* Leave /dev/null fd iff it is attached to stderr */
+        if (fd > 2)
+                close(fd);
        key_fd[0] = open(_PATH_HOST_RSA_KEY_FILE, O_RDONLY);
        key_fd[1] = open(_PATH_HOST_DSA_KEY_FILE, O_RDONLY);
diff --git a/ssh.c b/ssh.c
index c9e5aac7a..31d09b1be 100644
--- a/ssh.c
+++ b/ssh.c
@@ -40,7 +40,7 @@
 */
 #include "includes.h"
-RCSID("$OpenBSD: ssh.c,v 1.249 2005/07/30 01:26:16 djm Exp $");
+RCSID("$OpenBSD: ssh.c,v 1.250 2005/09/13 23:40:07 djm Exp $");
 #include <openssl/evp.h>
 #include <openssl/err.h>
@@ -188,6 +188,9 @@ main(int ac, char **av)
        struct servent *sp;
        Forward fwd;
+        /* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */
+        sanitise_stdfd();
        __progname = ssh_get_progname(av[0]);
        init_rng();
diff --git a/sshd.c b/sshd.c
index e9125a229..ceb85dd54 100644
--- a/sshd.c
+++ b/sshd.c
@@ -42,7 +42,7 @@
 */
 #include "includes.h"
-RCSID("$OpenBSD: sshd.c,v 1.312 2005/07/25 11:59:40 markus Exp $");
+RCSID("$OpenBSD: sshd.c,v 1.313 2005/09/13 23:40:07 djm Exp $");
 #include <openssl/dh.h>
 #include <openssl/bn.h>
@@ -924,6 +924,9 @@ main(int ac, char **av)
        if (geteuid() == 0 && setgroups(0, NULL) == -1)
                debug("setgroups(): %.200s", strerror(errno));
+        /* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */
+        sanitise_stdfd();
        /* Initialize configuration options to their default values. */
        initialize_server_options(&options);
author	Darren Tucker <dtucker@zip.com.au>	2005-10-03 18:11:24 +1000
committer	Darren Tucker <dtucker@zip.com.au>	2005-10-03 18:11:24 +1000
commit	ce321d8a30a81222d11a4c27fd353804a9afecd3 (patch)
tree	9b43bd892b03286fbbda2f032fe16a0f6cf9bb74
parent	d89dbf29ff288ac8ba1755d15f63d2bd58dcb71b (diff)