diff options
author | dtucker@openbsd.org <dtucker@openbsd.org> | 2019-01-23 08:01:46 +0000 |
---|---|---|
committer | Colin Watson <cjwatson@debian.org> | 2019-02-08 15:38:28 +0000 |
commit | 11b88754cadcad0ba79b4ffcc127223248dccb54 (patch) | |
tree | 2c9793f792675bc79de7f7a3bcae66cdfaa719ca /atomicio.c | |
parent | dee21e97428e69d30e2d15c71f3e7cc08bf8e4f8 (diff) |
upstream: Sanitize scp filenames via snmprintf. To do this we move
the progressmeter formatting outside of signal handler context and have the
atomicio callback called for EINTR too. bz#2434 with contributions from djm
and jjelen at redhat.com, ok djm@
OpenBSD-Commit-ID: 1af61c1f70e4f3bd8ab140b9f1fa699481db57d8
CVE-2019-6109
Origin: backport, https://anongit.mindrot.org/openssh.git/commit/?id=8976f1c4b2721c26e878151f52bdf346dfe2d54c
Bug-Debian: https://bugs.debian.org/793412
Last-Update: 2019-02-08
Patch-Name: sanitize-scp-filenames-via-snmprintf.patch
Diffstat (limited to 'atomicio.c')
-rw-r--r-- | atomicio.c | 20 |
1 files changed, 15 insertions, 5 deletions
diff --git a/atomicio.c b/atomicio.c index f854a06f5..d91bd7621 100644 --- a/atomicio.c +++ b/atomicio.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: atomicio.c,v 1.28 2016/07/27 23:18:12 djm Exp $ */ | 1 | /* $OpenBSD: atomicio.c,v 1.29 2019/01/23 08:01:46 dtucker Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2006 Damien Miller. All rights reserved. | 3 | * Copyright (c) 2006 Damien Miller. All rights reserved. |
4 | * Copyright (c) 2005 Anil Madhavapeddy. All rights reserved. | 4 | * Copyright (c) 2005 Anil Madhavapeddy. All rights reserved. |
@@ -65,9 +65,14 @@ atomicio6(ssize_t (*f) (int, void *, size_t), int fd, void *_s, size_t n, | |||
65 | res = (f) (fd, s + pos, n - pos); | 65 | res = (f) (fd, s + pos, n - pos); |
66 | switch (res) { | 66 | switch (res) { |
67 | case -1: | 67 | case -1: |
68 | if (errno == EINTR) | 68 | if (errno == EINTR) { |
69 | /* possible SIGALARM, update callback */ | ||
70 | if (cb != NULL && cb(cb_arg, 0) == -1) { | ||
71 | errno = EINTR; | ||
72 | return pos; | ||
73 | } | ||
69 | continue; | 74 | continue; |
70 | if (errno == EAGAIN || errno == EWOULDBLOCK) { | 75 | } else if (errno == EAGAIN || errno == EWOULDBLOCK) { |
71 | #ifndef BROKEN_READ_COMPARISON | 76 | #ifndef BROKEN_READ_COMPARISON |
72 | (void)poll(&pfd, 1, -1); | 77 | (void)poll(&pfd, 1, -1); |
73 | #endif | 78 | #endif |
@@ -122,9 +127,14 @@ atomiciov6(ssize_t (*f) (int, const struct iovec *, int), int fd, | |||
122 | res = (f) (fd, iov, iovcnt); | 127 | res = (f) (fd, iov, iovcnt); |
123 | switch (res) { | 128 | switch (res) { |
124 | case -1: | 129 | case -1: |
125 | if (errno == EINTR) | 130 | if (errno == EINTR) { |
131 | /* possible SIGALARM, update callback */ | ||
132 | if (cb != NULL && cb(cb_arg, 0) == -1) { | ||
133 | errno = EINTR; | ||
134 | return pos; | ||
135 | } | ||
126 | continue; | 136 | continue; |
127 | if (errno == EAGAIN || errno == EWOULDBLOCK) { | 137 | } else if (errno == EAGAIN || errno == EWOULDBLOCK) { |
128 | #ifndef BROKEN_READV_COMPARISON | 138 | #ifndef BROKEN_READV_COMPARISON |
129 | (void)poll(&pfd, 1, -1); | 139 | (void)poll(&pfd, 1, -1); |
130 | #endif | 140 | #endif |