diff options
| author | dtucker@openbsd.org <dtucker@openbsd.org> | 2020-01-23 07:10:22 +0000 |
|---|---|---|
| committer | Darren Tucker <dtucker@dtucker.net> | 2020-01-23 18:51:25 +1100 |
| commit | 3bf2a6ac791d64046a537335a0f1d5e43579c5ad (patch) | |
| tree | 76fcc0f1be306541c074be4aed3aca66023f0962 /auth2-pubkey.c | |
| parent | e027c044c796f3a01081a91bee55741204283f28 (diff) | |
upstream: Replace all calls to signal(2) with a wrapper around
sigaction(2). This wrapper blocks all other signals during the handler
preventing races between handlers, and sets SA_RESTART which should reduce
the potential for short read/write operations.
OpenBSD-Commit-ID: 5e047663fd77a40d7b07bdabe68529df51fd2519
Diffstat (limited to 'auth2-pubkey.c')
| -rw-r--r-- | auth2-pubkey.c | 10 |
1 files changed, 5 insertions, 5 deletions
diff --git a/auth2-pubkey.c b/auth2-pubkey.c index b656b1f8c..5b4a2cc02 100644 --- a/auth2-pubkey.c +++ b/auth2-pubkey.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: auth2-pubkey.c,v 1.97 2019/11/25 00:54:23 djm Exp $ */ | 1 | /* $OpenBSD: auth2-pubkey.c,v 1.98 2020/01/23 07:10:22 dtucker Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 2000 Markus Friedl. All rights reserved. | 3 | * Copyright (c) 2000 Markus Friedl. All rights reserved. |
| 4 | * | 4 | * |
| @@ -460,7 +460,7 @@ match_principals_command(struct ssh *ssh, struct passwd *user_pw, | |||
| 460 | * NB. all returns later this function should go via "out" to | 460 | * NB. all returns later this function should go via "out" to |
| 461 | * ensure the original SIGCHLD handler is restored properly. | 461 | * ensure the original SIGCHLD handler is restored properly. |
| 462 | */ | 462 | */ |
| 463 | osigchld = signal(SIGCHLD, SIG_DFL); | 463 | osigchld = ssh_signal(SIGCHLD, SIG_DFL); |
| 464 | 464 | ||
| 465 | /* Prepare and verify the user for the command */ | 465 | /* Prepare and verify the user for the command */ |
| 466 | username = percent_expand(options.authorized_principals_command_user, | 466 | username = percent_expand(options.authorized_principals_command_user, |
| @@ -548,7 +548,7 @@ match_principals_command(struct ssh *ssh, struct passwd *user_pw, | |||
| 548 | out: | 548 | out: |
| 549 | if (f != NULL) | 549 | if (f != NULL) |
| 550 | fclose(f); | 550 | fclose(f); |
| 551 | signal(SIGCHLD, osigchld); | 551 | ssh_signal(SIGCHLD, osigchld); |
| 552 | for (i = 0; i < ac; i++) | 552 | for (i = 0; i < ac; i++) |
| 553 | free(av[i]); | 553 | free(av[i]); |
| 554 | free(av); | 554 | free(av); |
| @@ -898,7 +898,7 @@ user_key_command_allowed2(struct ssh *ssh, struct passwd *user_pw, | |||
| 898 | * NB. all returns later this function should go via "out" to | 898 | * NB. all returns later this function should go via "out" to |
| 899 | * ensure the original SIGCHLD handler is restored properly. | 899 | * ensure the original SIGCHLD handler is restored properly. |
| 900 | */ | 900 | */ |
| 901 | osigchld = signal(SIGCHLD, SIG_DFL); | 901 | osigchld = ssh_signal(SIGCHLD, SIG_DFL); |
| 902 | 902 | ||
| 903 | /* Prepare and verify the user for the command */ | 903 | /* Prepare and verify the user for the command */ |
| 904 | username = percent_expand(options.authorized_keys_command_user, | 904 | username = percent_expand(options.authorized_keys_command_user, |
| @@ -987,7 +987,7 @@ user_key_command_allowed2(struct ssh *ssh, struct passwd *user_pw, | |||
| 987 | out: | 987 | out: |
| 988 | if (f != NULL) | 988 | if (f != NULL) |
| 989 | fclose(f); | 989 | fclose(f); |
| 990 | signal(SIGCHLD, osigchld); | 990 | ssh_signal(SIGCHLD, osigchld); |
| 991 | for (i = 0; i < ac; i++) | 991 | for (i = 0; i < ac; i++) |
| 992 | free(av[i]); | 992 | free(av[i]); |
| 993 | free(av); | 993 | free(av); |