diff options
author | dtucker@openbsd.org <dtucker@openbsd.org> | 2020-01-23 07:10:22 +0000 |
---|---|---|
committer | Darren Tucker <dtucker@dtucker.net> | 2020-01-23 18:51:25 +1100 |
commit | 3bf2a6ac791d64046a537335a0f1d5e43579c5ad (patch) | |
tree | 76fcc0f1be306541c074be4aed3aca66023f0962 /auth2-pubkey.c | |
parent | e027c044c796f3a01081a91bee55741204283f28 (diff) |
upstream: Replace all calls to signal(2) with a wrapper around
sigaction(2). This wrapper blocks all other signals during the handler
preventing races between handlers, and sets SA_RESTART which should reduce
the potential for short read/write operations.
OpenBSD-Commit-ID: 5e047663fd77a40d7b07bdabe68529df51fd2519
Diffstat (limited to 'auth2-pubkey.c')
-rw-r--r-- | auth2-pubkey.c | 10 |
1 files changed, 5 insertions, 5 deletions
diff --git a/auth2-pubkey.c b/auth2-pubkey.c index b656b1f8c..5b4a2cc02 100644 --- a/auth2-pubkey.c +++ b/auth2-pubkey.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: auth2-pubkey.c,v 1.97 2019/11/25 00:54:23 djm Exp $ */ | 1 | /* $OpenBSD: auth2-pubkey.c,v 1.98 2020/01/23 07:10:22 dtucker Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2000 Markus Friedl. All rights reserved. | 3 | * Copyright (c) 2000 Markus Friedl. All rights reserved. |
4 | * | 4 | * |
@@ -460,7 +460,7 @@ match_principals_command(struct ssh *ssh, struct passwd *user_pw, | |||
460 | * NB. all returns later this function should go via "out" to | 460 | * NB. all returns later this function should go via "out" to |
461 | * ensure the original SIGCHLD handler is restored properly. | 461 | * ensure the original SIGCHLD handler is restored properly. |
462 | */ | 462 | */ |
463 | osigchld = signal(SIGCHLD, SIG_DFL); | 463 | osigchld = ssh_signal(SIGCHLD, SIG_DFL); |
464 | 464 | ||
465 | /* Prepare and verify the user for the command */ | 465 | /* Prepare and verify the user for the command */ |
466 | username = percent_expand(options.authorized_principals_command_user, | 466 | username = percent_expand(options.authorized_principals_command_user, |
@@ -548,7 +548,7 @@ match_principals_command(struct ssh *ssh, struct passwd *user_pw, | |||
548 | out: | 548 | out: |
549 | if (f != NULL) | 549 | if (f != NULL) |
550 | fclose(f); | 550 | fclose(f); |
551 | signal(SIGCHLD, osigchld); | 551 | ssh_signal(SIGCHLD, osigchld); |
552 | for (i = 0; i < ac; i++) | 552 | for (i = 0; i < ac; i++) |
553 | free(av[i]); | 553 | free(av[i]); |
554 | free(av); | 554 | free(av); |
@@ -898,7 +898,7 @@ user_key_command_allowed2(struct ssh *ssh, struct passwd *user_pw, | |||
898 | * NB. all returns later this function should go via "out" to | 898 | * NB. all returns later this function should go via "out" to |
899 | * ensure the original SIGCHLD handler is restored properly. | 899 | * ensure the original SIGCHLD handler is restored properly. |
900 | */ | 900 | */ |
901 | osigchld = signal(SIGCHLD, SIG_DFL); | 901 | osigchld = ssh_signal(SIGCHLD, SIG_DFL); |
902 | 902 | ||
903 | /* Prepare and verify the user for the command */ | 903 | /* Prepare and verify the user for the command */ |
904 | username = percent_expand(options.authorized_keys_command_user, | 904 | username = percent_expand(options.authorized_keys_command_user, |
@@ -987,7 +987,7 @@ user_key_command_allowed2(struct ssh *ssh, struct passwd *user_pw, | |||
987 | out: | 987 | out: |
988 | if (f != NULL) | 988 | if (f != NULL) |
989 | fclose(f); | 989 | fclose(f); |
990 | signal(SIGCHLD, osigchld); | 990 | ssh_signal(SIGCHLD, osigchld); |
991 | for (i = 0; i < ac; i++) | 991 | for (i = 0; i < ac; i++) |
992 | free(av[i]); | 992 | free(av[i]); |
993 | free(av); | 993 | free(av); |