upstream: Replace all calls to signal(2) with a wrapper around

sigaction(2). This wrapper blocks all other signals during the handler preventing races between handlers, and sets SA_RESTART which should reduce the potential for short read/write operations. OpenBSD-Commit-ID: 5e047663fd77a40d7b07bdabe68529df51fd2519
author: dtucker@openbsd.org <dtucker@openbsd.org> 2020-01-23 07:10:22 +0000
committer: Darren Tucker <dtucker@dtucker.net> 2020-01-23 18:51:25 +1100
commit: 3bf2a6ac791d64046a537335a0f1d5e43579c5ad (patch)
tree: 76fcc0f1be306541c074be4aed3aca66023f0962
parent: e027c044c796f3a01081a91bee55741204283f28 (diff)
25 files changed, 153 insertions, 131 deletions
diff --git a/auth-pam.c b/auth-pam.c
index 856fdd40f..0cd2b0019 100644
--- a/auth-pam.c
+++ b/auth-pam.c
@@ -156,7 +156,7 @@ static mysig_t sshpam_oldsig;
 static void
 sshpam_sigchld_handler(int sig)
 {
-        signal(SIGCHLD, SIG_DFL);
+        ssh_signal(SIGCHLD, SIG_DFL);
        if (cleanup_ctxt == NULL)
                return; /* handler called after PAM cleanup, shouldn't happen */
        if (waitpid(cleanup_ctxt->pam_thread, &sshpam_thread_status, WNOHANG)
@@ -208,7 +208,7 @@ pthread_create(sp_pthread_t *thread, const void *attr,
                *thread = pid;
                close(ctx->pam_csock);
                ctx->pam_csock = -1;
-                sshpam_oldsig = signal(SIGCHLD, sshpam_sigchld_handler);
+                sshpam_oldsig = ssh_signal(SIGCHLD, sshpam_sigchld_handler);
                return (0);
        }
 }
@@ -216,7 +216,7 @@ pthread_create(sp_pthread_t *thread, const void *attr,
 static int
 pthread_cancel(sp_pthread_t thread)
 {
-        signal(SIGCHLD, sshpam_oldsig);
+        ssh_signal(SIGCHLD, sshpam_oldsig);
        return (kill(thread, SIGTERM));
 }
@@ -228,7 +228,7 @@ pthread_join(sp_pthread_t thread, void **value)
        if (sshpam_thread_status != -1)
                return (sshpam_thread_status);
-        signal(SIGCHLD, sshpam_oldsig);
+        ssh_signal(SIGCHLD, sshpam_oldsig);
        while (waitpid(thread, &status, 0) == -1) {
                if (errno == EINTR)
                        continue;
diff --git a/auth.c b/auth.c
index 48838508e..b42d7e76c 100644
--- a/auth.c
+++ b/auth.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: auth.c,v 1.144 2019/12/16 13:58:53 tobhe Exp $ */
+/* $OpenBSD: auth.c,v 1.145 2020/01/23 07:10:22 dtucker Exp $ */
 /*
 * Copyright (c) 2000 Markus Friedl.  All rights reserved.
 *
@@ -921,7 +921,7 @@ subprocess(const char *tag, struct passwd *pw, const char *command,
                        child_set_env(&child_env, &envsize, "LANG", cp);
                for (i = 0; i < NSIG; i++)
-                        signal(i, SIG_DFL);
+                        ssh_signal(i, SIG_DFL);
                if ((devnull = open(_PATH_DEVNULL, O_RDWR)) == -1) {
                        error("%s: open %s: %s", tag, _PATH_DEVNULL,
diff --git a/auth2-pubkey.c b/auth2-pubkey.c
index b656b1f8c..5b4a2cc02 100644
--- a/auth2-pubkey.c
+++ b/auth2-pubkey.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: auth2-pubkey.c,v 1.97 2019/11/25 00:54:23 djm Exp $ */
+/* $OpenBSD: auth2-pubkey.c,v 1.98 2020/01/23 07:10:22 dtucker Exp $ */
 /*
 * Copyright (c) 2000 Markus Friedl.  All rights reserved.
 *
@@ -460,7 +460,7 @@ match_principals_command(struct ssh *ssh, struct passwd *user_pw,
         * NB. all returns later this function should go via "out" to
         * ensure the original SIGCHLD handler is restored properly.
         */
-        osigchld = signal(SIGCHLD, SIG_DFL);
+        osigchld = ssh_signal(SIGCHLD, SIG_DFL);
        /* Prepare and verify the user for the command */
        username = percent_expand(options.authorized_principals_command_user,
@@ -548,7 +548,7 @@ match_principals_command(struct ssh *ssh, struct passwd *user_pw,
 out:
        if (f != NULL)
                fclose(f);
-        signal(SIGCHLD, osigchld);
+        ssh_signal(SIGCHLD, osigchld);
        for (i = 0; i < ac; i++)
                free(av[i]);
        free(av);
@@ -898,7 +898,7 @@ user_key_command_allowed2(struct ssh *ssh, struct passwd *user_pw,
         * NB. all returns later this function should go via "out" to
         * ensure the original SIGCHLD handler is restored properly.
         */
-        osigchld = signal(SIGCHLD, SIG_DFL);
+        osigchld = ssh_signal(SIGCHLD, SIG_DFL);
        /* Prepare and verify the user for the command */
        username = percent_expand(options.authorized_keys_command_user,
@@ -987,7 +987,7 @@ user_key_command_allowed2(struct ssh *ssh, struct passwd *user_pw,
 out:
        if (f != NULL)
                fclose(f);
-        signal(SIGCHLD, osigchld);
+        ssh_signal(SIGCHLD, osigchld);
        for (i = 0; i < ac; i++)
                free(av[i]);
        free(av);
diff --git a/clientloop.c b/clientloop.c
index 4acf2806d..d4c23d554 100644
--- a/clientloop.c
+++ b/clientloop.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: clientloop.c,v 1.331 2020/01/23 02:46:49 dtucker Exp $ */
+/* $OpenBSD: clientloop.c,v 1.332 2020/01/23 07:10:22 dtucker Exp $ */
 /*
 * Author: Tatu Ylonen <ylo@cs.hut.fi>
 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -785,7 +785,7 @@ process_cmdline(struct ssh *ssh)
        memset(&fwd, 0, sizeof(fwd));
        leave_raw_mode(options.request_tty == REQUEST_TTY_FORCE);
-        handler = signal(SIGINT, SIG_IGN);
+        handler = ssh_signal(SIGINT, SIG_IGN);
        cmd = s = read_passphrase("\r\nssh> ", RP_ECHO);
        if (s == NULL)
                goto out;
@@ -883,7 +883,7 @@ process_cmdline(struct ssh *ssh)
        }
 out:
-        signal(SIGINT, handler);
+        ssh_signal(SIGINT, handler);
        enter_raw_mode(options.request_tty == REQUEST_TTY_FORCE);
        free(cmd);
        free(fwd.listen_host);
@@ -1306,15 +1306,15 @@ client_loop(struct ssh *ssh, int have_pty, int escape_char_arg,
         * Set signal handlers, (e.g. to restore non-blocking mode)
         * but don't overwrite SIG_IGN, matches behaviour from rsh(1)
         */
-        if (signal(SIGHUP, SIG_IGN) != SIG_IGN)
+        if (ssh_signal(SIGHUP, SIG_IGN) != SIG_IGN)
-                signal(SIGHUP, signal_handler);
+                ssh_signal(SIGHUP, signal_handler);
-        if (signal(SIGINT, SIG_IGN) != SIG_IGN)
+        if (ssh_signal(SIGINT, SIG_IGN) != SIG_IGN)
-                signal(SIGINT, signal_handler);
+                ssh_signal(SIGINT, signal_handler);
-        if (signal(SIGQUIT, SIG_IGN) != SIG_IGN)
+        if (ssh_signal(SIGQUIT, SIG_IGN) != SIG_IGN)
-                signal(SIGQUIT, signal_handler);
+                ssh_signal(SIGQUIT, signal_handler);
-        if (signal(SIGTERM, SIG_IGN) != SIG_IGN)
+        if (ssh_signal(SIGTERM, SIG_IGN) != SIG_IGN)
-                signal(SIGTERM, signal_handler);
+                ssh_signal(SIGTERM, signal_handler);
-        signal(SIGWINCH, window_change_handler);
+        ssh_signal(SIGWINCH, window_change_handler);
        if (have_pty)
                enter_raw_mode(options.request_tty == REQUEST_TTY_FORCE);
@@ -1413,7 +1413,7 @@ client_loop(struct ssh *ssh, int have_pty, int escape_char_arg,
        /* Terminate the session. */
        /* Stop watching for window change. */
-        signal(SIGWINCH, SIG_DFL);
+        ssh_signal(SIGWINCH, SIG_DFL);
        if ((r = sshpkt_start(ssh, SSH2_MSG_DISCONNECT)) != 0 ||
            (r = sshpkt_put_u32(ssh, SSH2_DISCONNECT_BY_APPLICATION)) != 0 ||
diff --git a/entropy.c b/entropy.c
index 5de68016b..2eebadf4a 100644
--- a/entropy.c
+++ b/entropy.c
@@ -110,7 +110,7 @@ get_random_bytes_prngd(unsigned char *buf, int len,
                    strlen(socket_path) + 1;
        }
-        old_sigpipe = signal(SIGPIPE, SIG_IGN);
+        old_sigpipe = ssh_signal(SIGPIPE, SIG_IGN);
        errors = 0;
        rval = -1;
@@ -160,7 +160,7 @@ reopen:
        rval = 0;
 done:
-        signal(SIGPIPE, old_sigpipe);
+        ssh_signal(SIGPIPE, old_sigpipe);
        if (fd != -1)
                close(fd);
        return rval;
diff --git a/misc.c b/misc.c
index 5204c1e9f..f25b8cf5c 100644
--- a/misc.c
+++ b/misc.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: misc.c,v 1.143 2019/11/22 06:50:30 dtucker Exp $ */
+/* $OpenBSD: misc.c,v 1.144 2020/01/23 07:10:22 dtucker Exp $ */
 /*
 * Copyright (c) 2000 Markus Friedl.  All rights reserved.
 * Copyright (c) 2005,2006 Damien Miller.  All rights reserved.
@@ -2221,3 +2221,20 @@ opt_match(const char **opts, const char *term)
        return 0;
 }
+sshsig_t
+ssh_signal(int signum, sshsig_t handler)
+{
+        struct sigaction sa, osa;
+        /* mask all other signals while in handler */
+        bzero(&sa, sizeof(sa));
+        sa.sa_handler = handler;
+        sigfillset(&sa.sa_mask);
+        if (signum != SIGALRM)
+                sa.sa_flags = SA_RESTART;
+        if (sigaction(signum, &sa, &osa) == -1) {
+                debug3("sigaction(%s): %s", strsignal(signum), strerror(errno));
+                return SIG_ERR;
+        }
+        return osa.sa_handler;
+}
diff --git a/misc.h b/misc.h
index 7421fbdf9..2221a54c8 100644
--- a/misc.h
+++ b/misc.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: misc.h,v 1.82 2019/11/12 22:34:20 djm Exp $ */
+/* $OpenBSD: misc.h,v 1.83 2020/01/23 07:10:22 dtucker Exp $ */
 /*
 * Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -190,4 +190,6 @@ void	notify_complete(struct notifier_ctx *);
 #define MAXIMUM(a, b)   (((a) > (b)) ? (a) : (b))
 #define ROUNDUP(x, y)   ((((x)+((y)-1))/(y))*(y))
+typedef void (*sshsig_t)(int);
+sshsig_t ssh_signal(int, sshsig_t);
 #endif /* _MISC_H */
diff --git a/monitor.c b/monitor.c
index 6ee44204c..dc6d78d3c 100644
--- a/monitor.c
+++ b/monitor.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: monitor.c,v 1.206 2019/12/15 18:57:30 djm Exp $ */
+/* $OpenBSD: monitor.c,v 1.207 2020/01/23 07:10:22 dtucker Exp $ */
 /*
 * Copyright 2002 Niels Provos <provos@citi.umich.edu>
 * Copyright 2002 Markus Friedl <markus@openbsd.org>
@@ -393,11 +393,11 @@ monitor_child_postauth(struct ssh *ssh, struct monitor *pmonitor)
        pmonitor->m_recvfd = -1;
        monitor_set_child_handler(pmonitor->m_pid);
-        signal(SIGHUP, &monitor_child_handler);
+        ssh_signal(SIGHUP, &monitor_child_handler);
-        signal(SIGTERM, &monitor_child_handler);
+        ssh_signal(SIGTERM, &monitor_child_handler);
-        signal(SIGINT, &monitor_child_handler);
+        ssh_signal(SIGINT, &monitor_child_handler);
 #ifdef SIGXFSZ
-        signal(SIGXFSZ, SIG_IGN);
+        ssh_signal(SIGXFSZ, SIG_IGN);
 #endif
        mon_dispatch = mon_dispatch_postauth20;
diff --git a/mux.c b/mux.c
index f3ea11cdc..5efc849c4 100644
--- a/mux.c
+++ b/mux.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: mux.c,v 1.80 2019/06/28 13:35:04 deraadt Exp $ */
+/* $OpenBSD: mux.c,v 1.81 2020/01/23 07:10:22 dtucker Exp $ */
 /*
 * Copyright (c) 2002-2008 Damien Miller <djm@openbsd.org>
 *
@@ -1911,7 +1911,7 @@ mux_client_request_session(int fd)
                return -1;
        }
-        signal(SIGPIPE, SIG_IGN);
+        ssh_signal(SIGPIPE, SIG_IGN);
        if (stdin_null_flag) {
                if ((devnull = open(_PATH_DEVNULL, O_RDONLY)) == -1)
@@ -2012,10 +2012,10 @@ mux_client_request_session(int fd)
                fatal("%s pledge(): %s", __func__, strerror(errno));
        platform_pledge_mux();
-        signal(SIGHUP, control_client_sighandler);
+        ssh_signal(SIGHUP, control_client_sighandler);
-        signal(SIGINT, control_client_sighandler);
+        ssh_signal(SIGINT, control_client_sighandler);
-        signal(SIGTERM, control_client_sighandler);
+        ssh_signal(SIGTERM, control_client_sighandler);
-        signal(SIGWINCH, control_client_sigrelay);
+        ssh_signal(SIGWINCH, control_client_sigrelay);
        rawmode = tty_flag;
        if (tty_flag)
@@ -2145,7 +2145,7 @@ mux_client_request_stdio_fwd(int fd)
                return -1;
        }
-        signal(SIGPIPE, SIG_IGN);
+        ssh_signal(SIGPIPE, SIG_IGN);
        if (stdin_null_flag) {
                if ((devnull = open(_PATH_DEVNULL, O_RDONLY)) == -1)
@@ -2219,10 +2219,10 @@ mux_client_request_stdio_fwd(int fd)
        }
        muxclient_request_id++;
-        signal(SIGHUP, control_client_sighandler);
+        ssh_signal(SIGHUP, control_client_sighandler);
-        signal(SIGINT, control_client_sighandler);
+        ssh_signal(SIGINT, control_client_sighandler);
-        signal(SIGTERM, control_client_sighandler);
+        ssh_signal(SIGTERM, control_client_sighandler);
-        signal(SIGWINCH, control_client_sigrelay);
+        ssh_signal(SIGWINCH, control_client_sigrelay);
        /*
         * Stick around until the controlee closes the client_fd.
diff --git a/openbsd-compat/bsd-openpty.c b/openbsd-compat/bsd-openpty.c
index 123a9be56..b6b5ab49b 100644
--- a/openbsd-compat/bsd-openpty.c
+++ b/openbsd-compat/bsd-openpty.c
@@ -103,10 +103,10 @@ openpty(int *amaster, int *aslave, char *name, struct termios *termp,
                return (-1);
        /* XXX: need to close ptm on error? */
-        old_signal = signal(SIGCHLD, SIG_DFL);
+        old_signal = ssh_signal(SIGCHLD, SIG_DFL);
        if (grantpt(ptm) < 0)
                return (-1);
-        signal(SIGCHLD, old_signal);
+        ssh_signal(SIGCHLD, old_signal);
        if (unlockpt(ptm) < 0)
                return (-1);
diff --git a/progressmeter.c b/progressmeter.c
index 72f40f8f9..8baf798f1 100644
--- a/progressmeter.c
+++ b/progressmeter.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: progressmeter.c,v 1.49 2019/10/29 07:47:27 dtucker Exp $ */
+/* $OpenBSD: progressmeter.c,v 1.50 2020/01/23 07:10:22 dtucker Exp $ */
 /*
 * Copyright (c) 2003 Nils Nordman.  All rights reserved.
 *
@@ -252,8 +252,8 @@ start_progress_meter(const char *f, off_t filesize, off_t *ctr)
        setscreensize();
        refresh_progress_meter(1);
-        signal(SIGALRM, sig_alarm);
+        ssh_signal(SIGALRM, sig_alarm);
-        signal(SIGWINCH, sig_winch);
+        ssh_signal(SIGWINCH, sig_winch);
        alarm(UPDATE_INTERVAL);
 }
diff --git a/readconf.c b/readconf.c
index ff551c856..59443bfdb 100644
--- a/readconf.c
+++ b/readconf.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: readconf.c,v 1.320 2020/01/23 02:46:49 dtucker Exp $ */
+/* $OpenBSD: readconf.c,v 1.321 2020/01/23 07:10:22 dtucker Exp $ */
 /*
 * Author: Tatu Ylonen <ylo@cs.hut.fi>
 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -528,7 +528,7 @@ execute_in_shell(const char *cmd)
                execv(argv[0], argv);
                error("Unable to execute '%.100s': %s", cmd, strerror(errno));
                /* Die with signal to make this error apparent to parent. */
-                signal(SIGTERM, SIG_DFL);
+                ssh_signal(SIGTERM, SIG_DFL);
                kill(getpid(), SIGTERM);
                _exit(1);
        }
diff --git a/readpass.c b/readpass.c
index 4172bbc56..974d67f0b 100644
--- a/readpass.c
+++ b/readpass.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: readpass.c,v 1.60 2019/12/06 03:06:08 djm Exp $ */
+/* $OpenBSD: readpass.c,v 1.61 2020/01/23 07:10:22 dtucker Exp $ */
 /*
 * Copyright (c) 2001 Markus Friedl.  All rights reserved.
 *
@@ -65,10 +65,10 @@ ssh_askpass(char *askpass, const char *msg, const char *env_hint)
                error("%s: pipe: %s", __func__, strerror(errno));
                return NULL;
        }
-        osigchld = signal(SIGCHLD, SIG_DFL);
+        osigchld = ssh_signal(SIGCHLD, SIG_DFL);
        if ((pid = fork()) == -1) {
                error("%s: fork: %s", __func__, strerror(errno));
-                signal(SIGCHLD, osigchld);
+                ssh_signal(SIGCHLD, osigchld);
                return NULL;
        }
        if (pid == 0) {
@@ -98,7 +98,7 @@ ssh_askpass(char *askpass, const char *msg, const char *env_hint)
        while ((ret = waitpid(pid, &status, 0)) == -1)
                if (errno != EINTR)
                        break;
-        signal(SIGCHLD, osigchld);
+        ssh_signal(SIGCHLD, osigchld);
        if (ret == -1 || !WIFEXITED(status) || WEXITSTATUS(status) != 0) {
                explicit_bzero(buf, sizeof(buf));
                return NULL;
@@ -243,10 +243,10 @@ notify_start(int force_askpass, const char *fmt, ...)
                free(prompt);
                return NULL;
        }
-        osigchld = signal(SIGCHLD, SIG_DFL);
+        osigchld = ssh_signal(SIGCHLD, SIG_DFL);
        if ((pid = fork()) == -1) {
                error("%s: fork: %s", __func__, strerror(errno));
-                signal(SIGCHLD, osigchld);
+                ssh_signal(SIGCHLD, osigchld);
                free(prompt);
                return NULL;
        }
@@ -289,6 +289,6 @@ notify_complete(struct notifier_ctx *ctx)
        }
        if (ret == -1)
                fatal("%s: waitpid: %s", __func__, strerror(errno));
-        signal(SIGCHLD, ctx->osigchld);
+        ssh_signal(SIGCHLD, ctx->osigchld);
        free(ctx);
 }
diff --git a/sandbox-systrace.c b/sandbox-systrace.c
index 93e63b8e0..e61d581ae 100644
--- a/sandbox-systrace.c
+++ b/sandbox-systrace.c
@@ -105,7 +105,7 @@ ssh_sandbox_init(struct monitor *monitor)
        box = xcalloc(1, sizeof(*box));
        box->systrace_fd = -1;
        box->child_pid = 0;
-        box->osigchld = signal(SIGCHLD, SIG_IGN);
+        box->osigchld = ssh_signal(SIGCHLD, SIG_IGN);
        return box;
 }
@@ -114,7 +114,7 @@ void
 ssh_sandbox_child(struct ssh_sandbox *box)
 {
        debug3("%s: ready", __func__);
-        signal(SIGCHLD, box->osigchld);
+        ssh_signal(SIGCHLD, box->osigchld);
        if (kill(getpid(), SIGSTOP) != 0)
                fatal("%s: kill(%d, SIGSTOP)", __func__, getpid());
        debug3("%s: started", __func__);
@@ -133,7 +133,7 @@ ssh_sandbox_parent(struct ssh_sandbox *box, pid_t child_pid,
        do {
                pid = waitpid(child_pid, &status, WUNTRACED);
        } while (pid == -1 && errno == EINTR);
-        signal(SIGCHLD, box->osigchld);
+        ssh_signal(SIGCHLD, box->osigchld);
        if (!WIFSTOPPED(status)) {
                if (WIFSIGNALED(status))
                        fatal("%s: child terminated with signal %d",
diff --git a/scp.c b/scp.c
index 762286c73..6901e0c94 100644
--- a/scp.c
+++ b/scp.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: scp.c,v 1.206 2019/09/09 02:31:19 dtucker Exp $ */
+/* $OpenBSD: scp.c,v 1.207 2020/01/23 07:10:22 dtucker Exp $ */
 /*
 * scp - secure remote copy.  This is basically patched BSD rcp which
 * uses ssh to do the data transfer (instead of using rcmd).
@@ -215,9 +215,9 @@ do_local_cmd(arglist *a)
        }
        do_cmd_pid = pid;
-        signal(SIGTERM, killchild);
+        ssh_signal(SIGTERM, killchild);
-        signal(SIGINT, killchild);
+        ssh_signal(SIGINT, killchild);
-        signal(SIGHUP, killchild);
+        ssh_signal(SIGHUP, killchild);
        while (waitpid(pid, &status, 0) == -1)
                if (errno != EINTR)
@@ -268,9 +268,9 @@ do_cmd(char *host, char *remuser, int port, char *cmd, int *fdin, int *fdout)
        close(reserved[0]);
        close(reserved[1]);
-        signal(SIGTSTP, suspchild);
+        ssh_signal(SIGTSTP, suspchild);
-        signal(SIGTTIN, suspchild);
+        ssh_signal(SIGTTIN, suspchild);
-        signal(SIGTTOU, suspchild);
+        ssh_signal(SIGTTOU, suspchild);
        /* Fork a child to execute the command on the remote host using ssh. */
        do_cmd_pid = fork();
@@ -307,9 +307,9 @@ do_cmd(char *host, char *remuser, int port, char *cmd, int *fdin, int *fdout)
        *fdout = pin[1];
        close(pout[1]);
        *fdin = pout[0];
-        signal(SIGTERM, killchild);
+        ssh_signal(SIGTERM, killchild);
-        signal(SIGINT, killchild);
+        ssh_signal(SIGINT, killchild);
-        signal(SIGHUP, killchild);
+        ssh_signal(SIGHUP, killchild);
        return 0;
 }
@@ -561,7 +561,7 @@ main(int argc, char **argv)
            iamrecursive ? " -r" : "", pflag ? " -p" : "",
            targetshouldbedirectory ? " -d" : "");
-        (void) signal(SIGPIPE, lostconn);
+        (void) ssh_signal(SIGPIPE, lostconn);
        if (colon(argv[argc - 1]))      /* Dest is remote host. */
                toremote(argc, argv);
diff --git a/serverloop.c b/serverloop.c
index 99d259201..1babc7a51 100644
--- a/serverloop.c
+++ b/serverloop.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: serverloop.c,v 1.218 2019/11/27 05:38:43 dtucker Exp $ */
+/* $OpenBSD: serverloop.c,v 1.219 2020/01/23 07:10:22 dtucker Exp $ */
 /*
 * Author: Tatu Ylonen <ylo@cs.hut.fi>
 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -402,15 +402,15 @@ server_loop2(struct ssh *ssh, Authctxt *authctxt)
        debug("Entering interactive session for SSH2.");
-        signal(SIGCHLD, sigchld_handler);
+        ssh_signal(SIGCHLD, sigchld_handler);
        child_terminated = 0;
        connection_in = ssh_packet_get_connection_in(ssh);
        connection_out = ssh_packet_get_connection_out(ssh);
        if (!use_privsep) {
-                signal(SIGTERM, sigterm_handler);
+                ssh_signal(SIGTERM, sigterm_handler);
-                signal(SIGINT, sigterm_handler);
+                ssh_signal(SIGINT, sigterm_handler);
-                signal(SIGQUIT, sigterm_handler);
+                ssh_signal(SIGQUIT, sigterm_handler);
        }
        notify_setup();
diff --git a/session.c b/session.c
index e16f876c5..8c0e54f79 100644
--- a/session.c
+++ b/session.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: session.c,v 1.317 2019/11/13 04:47:52 deraadt Exp $ */
+/* $OpenBSD: session.c,v 1.318 2020/01/23 07:10:22 dtucker Exp $ */
 /*
 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
 *                    All rights reserved
@@ -1642,7 +1642,7 @@ do_child(struct ssh *ssh, Session *s, const char *command)
        do_rc_files(ssh, s, shell);
        /* restore SIGPIPE for child */
-        signal(SIGPIPE, SIG_DFL);
+        ssh_signal(SIGPIPE, SIG_DFL);
        if (s->is_subsystem == SUBSYSTEM_INT_SFTP_ERROR) {
                error("Connection from %s: refusing non-sftp session",
diff --git a/sftp.c b/sftp.c
index 54538ff96..ff14d3c29 100644
--- a/sftp.c
+++ b/sftp.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sftp.c,v 1.196 2019/11/01 03:54:33 djm Exp $ */
+/* $OpenBSD: sftp.c,v 1.197 2020/01/23 07:10:22 dtucker Exp $ */
 /*
 * Copyright (c) 2001-2004 Damien Miller <djm@openbsd.org>
 *
@@ -2243,7 +2243,7 @@ interactive_loop(struct sftp_conn *conn, char *file1, char *file2)
        interactive = !batchmode && isatty(STDIN_FILENO);
        err = 0;
        for (;;) {
-                signal(SIGINT, SIG_IGN);
+                ssh_signal(SIGINT, SIG_IGN);
                if (el == NULL) {
                        if (interactive)
@@ -2275,14 +2275,14 @@ interactive_loop(struct sftp_conn *conn, char *file1, char *file2)
                /* Handle user interrupts gracefully during commands */
                interrupted = 0;
-                signal(SIGINT, cmd_interrupt);
+                ssh_signal(SIGINT, cmd_interrupt);
                err = parse_dispatch_command(conn, cmd, &remote_path,
                    startdir, batchmode, !interactive && el == NULL);
                if (err != 0)
                        break;
        }
-        signal(SIGCHLD, SIG_DFL);
+        ssh_signal(SIGCHLD, SIG_DFL);
        free(remote_path);
        free(startdir);
        free(conn);
@@ -2339,20 +2339,20 @@ connect_to_server(char *path, char **args, int *in, int *out)
                 * kill it too.  Contrawise, since sftp sends SIGTERMs to the
                 * underlying ssh, it must *not* ignore that signal.
                 */
-                signal(SIGINT, SIG_IGN);
+                ssh_signal(SIGINT, SIG_IGN);
-                signal(SIGTERM, SIG_DFL);
+                ssh_signal(SIGTERM, SIG_DFL);
                execvp(path, args);
                fprintf(stderr, "exec: %s: %s\n", path, strerror(errno));
                _exit(1);
        }
-        signal(SIGTERM, killchild);
+        ssh_signal(SIGTERM, killchild);
-        signal(SIGINT, killchild);
+        ssh_signal(SIGINT, killchild);
-        signal(SIGHUP, killchild);
+        ssh_signal(SIGHUP, killchild);
-        signal(SIGTSTP, suspchild);
+        ssh_signal(SIGTSTP, suspchild);
-        signal(SIGTTIN, suspchild);
+        ssh_signal(SIGTTIN, suspchild);
-        signal(SIGTTOU, suspchild);
+        ssh_signal(SIGTTOU, suspchild);
-        signal(SIGCHLD, sigchld_handler);
+        ssh_signal(SIGCHLD, sigchld_handler);
        close(c_in);
        close(c_out);
 }
diff --git a/ssh-agent.c b/ssh-agent.c
index 09d12dc3f..dd5d21d5a 100644
--- a/ssh-agent.c
+++ b/ssh-agent.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-agent.c,v 1.251 2019/12/13 19:09:10 djm Exp $ */
+/* $OpenBSD: ssh-agent.c,v 1.252 2020/01/23 07:10:22 dtucker Exp $ */
 /*
 * Author: Tatu Ylonen <ylo@cs.hut.fi>
 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -1404,10 +1404,10 @@ skip:
        if (ac > 0)
                parent_alive_interval = 10;
        idtab_init();
-        signal(SIGPIPE, SIG_IGN);
+        ssh_signal(SIGPIPE, SIG_IGN);
-        signal(SIGINT, (d_flag | D_flag) ? cleanup_handler : SIG_IGN);
+        ssh_signal(SIGINT, (d_flag | D_flag) ? cleanup_handler : SIG_IGN);
-        signal(SIGHUP, cleanup_handler);
+        ssh_signal(SIGHUP, cleanup_handler);
-        signal(SIGTERM, cleanup_handler);
+        ssh_signal(SIGTERM, cleanup_handler);
        if (pledge("stdio rpath cpath unix id proc exec", NULL) == -1)
                fatal("%s: pledge: %s", __progname, strerror(errno));
diff --git a/ssh-sk-client.c b/ssh-sk-client.c
index 359327b68..8d7e6c305 100644
--- a/ssh-sk-client.c
+++ b/ssh-sk-client.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-sk-client.c,v 1.6 2020/01/21 07:07:31 djm Exp $ */
+/* $OpenBSD: ssh-sk-client.c,v 1.7 2020/01/23 07:10:22 dtucker Exp $ */
 /*
 * Copyright (c) 2019 Google LLC
 *
@@ -39,6 +39,7 @@
 #include "digest.h"
 #include "pathnames.h"
 #include "ssh-sk.h"
+#include "misc.h"
 /* #define DEBUG_SK 1 */
@@ -73,13 +74,13 @@ start_helper(int *fdp, pid_t *pidp, void (**osigchldp)(int))
                error("socketpair: %s", strerror(errno));
                return SSH_ERR_SYSTEM_ERROR;
        }
-        osigchld = signal(SIGCHLD, SIG_DFL);
+        osigchld = ssh_signal(SIGCHLD, SIG_DFL);
        if ((pid = fork()) == -1) {
                oerrno = errno;
                error("fork: %s", strerror(errno));
                close(pair[0]);
                close(pair[1]);
-                signal(SIGCHLD, osigchld);
+                ssh_signal(SIGCHLD, osigchld);
                errno = oerrno;
                return SSH_ERR_SYSTEM_ERROR;
        }
@@ -220,7 +221,7 @@ client_converse(struct sshbuf *msg, struct sshbuf **respp, u_int type)
        }
        sshbuf_free(req);
        sshbuf_free(resp);
-        signal(SIGCHLD, osigchld);
+        ssh_signal(SIGCHLD, osigchld);
        errno = oerrno;
        return r;
diff --git a/ssh.c b/ssh.c
index 947558d1c..c0511f2a0 100644
--- a/ssh.c
+++ b/ssh.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh.c,v 1.511 2020/01/05 16:28:22 beck Exp $ */
+/* $OpenBSD: ssh.c,v 1.512 2020/01/23 07:10:22 dtucker Exp $ */
 /*
 * Author: Tatu Ylonen <ylo@cs.hut.fi>
 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -1535,8 +1535,8 @@ main(int ac, char **av)
            options.num_system_hostfiles);
        tilde_expand_paths(options.user_hostfiles, options.num_user_hostfiles);
-        signal(SIGPIPE, SIG_IGN); /* ignore SIGPIPE early */
+        ssh_signal(SIGPIPE, SIG_IGN); /* ignore SIGPIPE early */
-        signal(SIGCHLD, main_sigchld_handler);
+        ssh_signal(SIGCHLD, main_sigchld_handler);
        /* Log into the remote system.  Never returns if the login fails. */
        ssh_login(ssh, &sensitive_data, host, (struct sockaddr *)&hostaddr,
diff --git a/sshbuf.c b/sshbuf.c
index adfddf775..f4f7a220f 100644
--- a/sshbuf.c
+++ b/sshbuf.c
@@ -1,4 +1,4 @@
-/*      $OpenBSD: sshbuf.c,v 1.13 2018/11/16 06:10:29 djm Exp $ */
+/*      $OpenBSD: sshbuf.c,v 1.14 2020/01/23 07:10:22 dtucker Exp $     */
 /*
 * Copyright (c) 2011 Damien Miller
 *
@@ -42,7 +42,7 @@ sshbuf_check_sanity(const struct sshbuf *buf)
            buf->off > buf->size)) {
                /* Do not try to recover from corrupted buffer internals */
                SSHBUF_DBG(("SSH_ERR_INTERNAL_ERROR"));
-                signal(SIGSEGV, SIG_DFL);
+                ssh_signal(SIGSEGV, SIG_DFL);
                raise(SIGSEGV);
                return SSH_ERR_INTERNAL_ERROR;
        }
diff --git a/sshconnect.c b/sshconnect.c
index a2d759819..690240716 100644
--- a/sshconnect.c
+++ b/sshconnect.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sshconnect.c,v 1.326 2020/01/22 07:38:30 dtucker Exp $ */
+/* $OpenBSD: sshconnect.c,v 1.327 2020/01/23 07:10:22 dtucker Exp $ */
 /*
 * Author: Tatu Ylonen <ylo@cs.hut.fi>
 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -259,7 +259,7 @@ ssh_proxy_connect(struct ssh *ssh, const char *host, const char *host_arg,
                /* Execute the proxy command.  Note that we gave up any
                   extra privileges above. */
-                signal(SIGPIPE, SIG_DFL);
+                ssh_signal(SIGPIPE, SIG_DFL);
                execv(argv[0], argv);
                perror(argv[0]);
                exit(1);
@@ -1383,10 +1383,10 @@ ssh_local_cmd(const char *args)
        if ((shell = getenv("SHELL")) == NULL || *shell == '\0')
                shell = _PATH_BSHELL;
-        osighand = signal(SIGCHLD, SIG_DFL);
+        osighand = ssh_signal(SIGCHLD, SIG_DFL);
        pid = fork();
        if (pid == 0) {
-                signal(SIGPIPE, SIG_DFL);
+                ssh_signal(SIGPIPE, SIG_DFL);
                debug3("Executing %s -c \"%s\"", shell, args);
                execl(shell, shell, "-c", args, (char *)NULL);
                error("Couldn't execute %s -c \"%s\": %s",
@@ -1397,7 +1397,7 @@ ssh_local_cmd(const char *args)
        while (waitpid(pid, &status, 0) == -1)
                if (errno != EINTR)
                        fatal("Couldn't wait for child: %s", strerror(errno));
-        signal(SIGCHLD, osighand);
+        ssh_signal(SIGCHLD, osighand);
        if (!WIFEXITED(status))
                return (1);
diff --git a/sshconnect2.c b/sshconnect2.c
index 7f52cc55e..8d13310f2 100644
--- a/sshconnect2.c
+++ b/sshconnect2.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sshconnect2.c,v 1.316 2020/01/23 02:46:49 dtucker Exp $ */
+/* $OpenBSD: sshconnect2.c,v 1.317 2020/01/23 07:10:22 dtucker Exp $ */
 /*
 * Copyright (c) 2000 Markus Friedl.  All rights reserved.
 * Copyright (c) 2008 Damien Miller.  All rights reserved.
@@ -1924,7 +1924,7 @@ ssh_keysign(struct ssh *ssh, struct sshkey *key, u_char **sigp, size_t *lenp,
                error("%s: fork: %s", __func__, strerror(errno));
                return -1;
        }
-        osigchld = signal(SIGCHLD, SIG_DFL);
+        osigchld = ssh_signal(SIGCHLD, SIG_DFL);
        if (pid == 0) {
                close(from[0]);
                if (dup2(from[1], STDOUT_FILENO) == -1)
@@ -1996,11 +1996,11 @@ ssh_keysign(struct ssh *ssh, struct sshkey *key, u_char **sigp, size_t *lenp,
        if ((r = sshbuf_get_string(b, sigp, lenp)) != 0) {
                error("%s: buffer error: %s", __func__, ssh_err(r));
 fail:
-                signal(SIGCHLD, osigchld);
+                ssh_signal(SIGCHLD, osigchld);
                sshbuf_free(b);
                return -1;
        }
-        signal(SIGCHLD, osigchld);
+        ssh_signal(SIGCHLD, osigchld);
        sshbuf_free(b);
        return 0;
diff --git a/sshd.c b/sshd.c
index 46f693a8e..c447edfe1 100644
--- a/sshd.c
+++ b/sshd.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sshd.c,v 1.543 2020/01/21 22:39:57 djm Exp $ */
+/* $OpenBSD: sshd.c,v 1.544 2020/01/23 07:10:22 dtucker Exp $ */
 /*
 * Author: Tatu Ylonen <ylo@cs.hut.fi>
 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -313,7 +313,7 @@ sighup_restart(void)
        close_listen_socks();
        close_startup_pipes();
        alarm(0);  /* alarm timer persists across exec */
-        signal(SIGHUP, SIG_IGN); /* will be restored after exec */
+        ssh_signal(SIGHUP, SIG_IGN); /* will be restored after exec */
        execv(saved_argv[0], saved_argv);
        logit("RESTART FAILED: av[0]='%.100s', error: %.100s.", saved_argv[0],
            strerror(errno));
@@ -342,6 +342,8 @@ main_sigchld_handler(int sig)
        pid_t pid;
        int status;
+        debug("main_sigchld_handler: %s", strsignal(sig));
        while ((pid = waitpid(-1, &status, WNOHANG)) > 0 ||
            (pid == -1 && errno == EINTR))
                ;
@@ -363,7 +365,7 @@ grace_alarm_handler(int sig)
         * keys command helpers.
         */
        if (getpgid(0) == getpid()) {
-                signal(SIGTERM, SIG_IGN);
+                ssh_signal(SIGTERM, SIG_IGN);
                kill(0, SIGTERM);
        }
@@ -1941,7 +1943,7 @@ main(int ac, char **av)
                error("chdir(\"/\"): %s", strerror(errno));
        /* ignore SIGPIPE */
-        signal(SIGPIPE, SIG_IGN);
+        ssh_signal(SIGPIPE, SIG_IGN);
        /* Get a connection, either from inetd or a listening TCP socket */
        if (inetd_flag) {
@@ -1950,10 +1952,10 @@ main(int ac, char **av)
                platform_pre_listen();
                server_listen();
-                signal(SIGHUP, sighup_handler);
+                ssh_signal(SIGHUP, sighup_handler);
-                signal(SIGCHLD, main_sigchld_handler);
+                ssh_signal(SIGCHLD, main_sigchld_handler);
-                signal(SIGTERM, sigterm_handler);
+                ssh_signal(SIGTERM, sigterm_handler);
-                signal(SIGQUIT, sigterm_handler);
+                ssh_signal(SIGQUIT, sigterm_handler);
                /*
                 * Write out the pid file after the sigterm handler
@@ -2043,12 +2045,12 @@ main(int ac, char **av)
         * will not restart on SIGHUP since it no longer makes sense.
         */
        alarm(0);
-        signal(SIGALRM, SIG_DFL);
+        ssh_signal(SIGALRM, SIG_DFL);
-        signal(SIGHUP, SIG_DFL);
+        ssh_signal(SIGHUP, SIG_DFL);
-        signal(SIGTERM, SIG_DFL);
+        ssh_signal(SIGTERM, SIG_DFL);
-        signal(SIGQUIT, SIG_DFL);
+        ssh_signal(SIGQUIT, SIG_DFL);
-        signal(SIGCHLD, SIG_DFL);
+        ssh_signal(SIGCHLD, SIG_DFL);
-        signal(SIGINT, SIG_DFL);
+        ssh_signal(SIGINT, SIG_DFL);
        /*
         * Register our connection.  This turns encryption off because we do
@@ -2109,7 +2111,7 @@ main(int ac, char **av)
         * mode; it is just annoying to have the server exit just when you
         * are about to discover the bug.
         */
-        signal(SIGALRM, grace_alarm_handler);
+        ssh_signal(SIGALRM, grace_alarm_handler);
        if (!debug_flag)
                alarm(options.login_grace_time);
@@ -2167,7 +2169,7 @@ main(int ac, char **av)
         * authentication.
         */
        alarm(0);
-        signal(SIGALRM, SIG_DFL);
+        ssh_signal(SIGALRM, SIG_DFL);
        authctxt->authenticated = 1;
        if (startup_pipe != -1) {
                close(startup_pipe);
author	dtucker@openbsd.org <dtucker@openbsd.org>	2020-01-23 07:10:22 +0000
committer	Darren Tucker <dtucker@dtucker.net>	2020-01-23 18:51:25 +1100
commit	3bf2a6ac791d64046a537335a0f1d5e43579c5ad (patch)
tree	76fcc0f1be306541c074be4aed3aca66023f0962
parent	e027c044c796f3a01081a91bee55741204283f28 (diff)