- djm@cvs.openbsd.org 2012/11/14 02:24:27

[auth2-pubkey.c] fix username passed to helper program prepare stdio fds before closefrom() spotted by landry@
author: Damien Miller <djm@mindrot.org> 2012-11-14 19:04:02 +1100
committer: Damien Miller <djm@mindrot.org> 2012-11-14 19:04:02 +1100
commit: 1e85469fcb1e81e7f8f643eafd42eb6c123a8c13 (patch)
tree: a2a297d54cf5b121af7cd9875d7f20b19f770439 /auth2-pubkey.c
parent: 0120c41d6b927beb89499b49eb66512225d30f7f (diff)
1 files changed, 18 insertions, 14 deletions
diff --git a/auth2-pubkey.c b/auth2-pubkey.c
index f9cc6c2c6..70d8996ea 100644
--- a/auth2-pubkey.c
+++ b/auth2-pubkey.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: auth2-pubkey.c,v 1.32 2012/11/04 10:38:43 djm Exp $ */
+/* $OpenBSD: auth2-pubkey.c,v 1.33 2012/11/14 02:24:27 djm Exp $ */
 /*
 * Copyright (c) 2000 Markus Friedl.  All rights reserved.
 *
@@ -504,8 +504,8 @@ user_key_command_allowed2(struct passwd *user_pw, Key *key)
                goto out;
        }
-        debug3("Running AuthorizedKeysCommand: \"%s\" as \"%s\"",
+        debug3("Running AuthorizedKeysCommand: \"%s %s\" as \"%s\"",
-            options.authorized_keys_command, pw->pw_name);
+            options.authorized_keys_command, user_pw->pw_name, pw->pw_name);
        /*
         * Don't want to call this in the child, where it can fatal() and
@@ -523,7 +523,19 @@ user_key_command_allowed2(struct passwd *user_pw, Key *key)
                for (i = 0; i < NSIG; i++)
                        signal(i, SIG_DFL);
+                if ((devnull = open(_PATH_DEVNULL, O_RDWR)) == -1) {
+                        error("%s: open %s: %s", __func__, _PATH_DEVNULL,
+                            strerror(errno));
+                        _exit(1);
+                }
+                /* Keep stderr around a while longer to catch errors */
+                if (dup2(devnull, STDIN_FILENO) == -1 ||
+                    dup2(p[1], STDOUT_FILENO) == -1) {
+                        error("%s: dup2: %s", __func__, strerror(errno));
+                        _exit(1);
+                }
                closefrom(STDERR_FILENO + 1);
                /* Don't use permanently_set_uid() here to avoid fatal() */
                if (setresgid(pw->pw_gid, pw->pw_gid, pw->pw_gid) != 0) {
                        error("setresgid %u: %s", (u_int)pw->pw_gid,
@@ -535,22 +547,14 @@ user_key_command_allowed2(struct passwd *user_pw, Key *key)
                            strerror(errno));
                        _exit(1);
                }
+                /* stdin is pointed to /dev/null at this point */
-                close(p[0]);
+                if (dup2(STDIN_FILENO, STDERR_FILENO) == -1) {
-                if ((devnull = open(_PATH_DEVNULL, O_RDWR)) == -1) {
-                        error("%s: open %s: %s", __func__, _PATH_DEVNULL,
-                            strerror(errno));
-                        _exit(1);
-                }
-                if (dup2(devnull, STDIN_FILENO) == -1 ||
-                    dup2(p[1], STDOUT_FILENO) == -1 ||
-                    dup2(devnull, STDERR_FILENO) == -1) {
                        error("%s: dup2: %s", __func__, strerror(errno));
                        _exit(1);
                }
                execl(options.authorized_keys_command,
-                    options.authorized_keys_command, pw->pw_name, NULL);
+                    options.authorized_keys_command, user_pw->pw_name, NULL);
                error("AuthorizedKeysCommand %s exec failed: %s",
                    options.authorized_keys_command, strerror(errno));
author	Damien Miller <djm@mindrot.org>	2012-11-14 19:04:02 +1100
committer	Damien Miller <djm@mindrot.org>	2012-11-14 19:04:02 +1100
commit	1e85469fcb1e81e7f8f643eafd42eb6c123a8c13 (patch)
tree	a2a297d54cf5b121af7cd9875d7f20b19f770439 /auth2-pubkey.c
parent	0120c41d6b927beb89499b49eb66512225d30f7f (diff)

diff --git a/auth2-pubkey.c b/auth2-pubkey.c index f9cc6c2c6..70d8996ea 100644 --- a/auth2-pubkey.c +++ b/auth2-pubkey.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: auth2-pubkey.c,v 1.32 2012/11/04 10:38:43 djm Exp $ */	1	/* $OpenBSD: auth2-pubkey.c,v 1.33 2012/11/14 02:24:27 djm Exp $ */
2	/*	2	/*
3	* Copyright (c) 2000 Markus Friedl. All rights reserved.	3	* Copyright (c) 2000 Markus Friedl. All rights reserved.
4	*	4	*
@@ -504,8 +504,8 @@ user_key_command_allowed2(struct passwd user_pw, Key key)
504	goto out;	504	goto out;
505	}	505	}
506		506
507	debug3("Running AuthorizedKeysCommand: \"%s\" as \"%s\"",	507	debug3("Running AuthorizedKeysCommand: \"%s %s\" as \"%s\"",
508	options.authorized_keys_command, pw->pw_name);	508	options.authorized_keys_command, user_pw->pw_name, pw->pw_name);
509		509
510	/*	510	/*
511	* Don't want to call this in the child, where it can fatal() and	511	* Don't want to call this in the child, where it can fatal() and
@@ -523,7 +523,19 @@ user_key_command_allowed2(struct passwd user_pw, Key key)
523	for (i = 0; i < NSIG; i++)	523	for (i = 0; i < NSIG; i++)
524	signal(i, SIG_DFL);	524	signal(i, SIG_DFL);
525		525
		526	if ((devnull = open(_PATH_DEVNULL, O_RDWR)) == -1) {
		527	error("%s: open %s: %s", __func__, _PATH_DEVNULL,
		528	strerror(errno));
		529	_exit(1);
		530	}
		531	/* Keep stderr around a while longer to catch errors */
		532	if (dup2(devnull, STDIN_FILENO) == -1 \|\|
		533	dup2(p[1], STDOUT_FILENO) == -1) {
		534	error("%s: dup2: %s", __func__, strerror(errno));
		535	_exit(1);
		536	}
526	closefrom(STDERR_FILENO + 1);	537	closefrom(STDERR_FILENO + 1);
		538
527	/* Don't use permanently_set_uid() here to avoid fatal() */	539	/* Don't use permanently_set_uid() here to avoid fatal() */
528	if (setresgid(pw->pw_gid, pw->pw_gid, pw->pw_gid) != 0) {	540	if (setresgid(pw->pw_gid, pw->pw_gid, pw->pw_gid) != 0) {
529	error("setresgid %u: %s", (u_int)pw->pw_gid,	541	error("setresgid %u: %s", (u_int)pw->pw_gid,
@@ -535,22 +547,14 @@ user_key_command_allowed2(struct passwd user_pw, Key key)
535	strerror(errno));	547	strerror(errno));
536	_exit(1);	548	_exit(1);
537	}	549	}
538		550	/* stdin is pointed to /dev/null at this point */
539	close(p[0]);	551	if (dup2(STDIN_FILENO, STDERR_FILENO) == -1) {
540	if ((devnull = open(_PATH_DEVNULL, O_RDWR)) == -1) {
541	error("%s: open %s: %s", __func__, _PATH_DEVNULL,
542	strerror(errno));
543	_exit(1);
544	}
545	if (dup2(devnull, STDIN_FILENO) == -1 \|\|
546	dup2(p[1], STDOUT_FILENO) == -1 \|\|
547	dup2(devnull, STDERR_FILENO) == -1) {
548	error("%s: dup2: %s", __func__, strerror(errno));	552	error("%s: dup2: %s", __func__, strerror(errno));
549	_exit(1);	553	_exit(1);
550	}	554	}
551		555
552	execl(options.authorized_keys_command,	556	execl(options.authorized_keys_command,
553	options.authorized_keys_command, pw->pw_name, NULL);	557	options.authorized_keys_command, user_pw->pw_name, NULL);
554		558
555	error("AuthorizedKeysCommand %s exec failed: %s",	559	error("AuthorizedKeysCommand %s exec failed: %s",
556	options.authorized_keys_command, strerror(errno));	560	options.authorized_keys_command, strerror(errno));