summaryrefslogtreecommitdiff
path: root/auth2-pubkey.c
diff options
context:
space:
mode:
authordtucker@openbsd.org <dtucker@openbsd.org>2020-01-23 07:10:22 +0000
committerDarren Tucker <dtucker@dtucker.net>2020-01-23 18:51:25 +1100
commit3bf2a6ac791d64046a537335a0f1d5e43579c5ad (patch)
tree76fcc0f1be306541c074be4aed3aca66023f0962 /auth2-pubkey.c
parente027c044c796f3a01081a91bee55741204283f28 (diff)
upstream: Replace all calls to signal(2) with a wrapper around
sigaction(2). This wrapper blocks all other signals during the handler preventing races between handlers, and sets SA_RESTART which should reduce the potential for short read/write operations. OpenBSD-Commit-ID: 5e047663fd77a40d7b07bdabe68529df51fd2519
Diffstat (limited to 'auth2-pubkey.c')
-rw-r--r--auth2-pubkey.c10
1 files changed, 5 insertions, 5 deletions
diff --git a/auth2-pubkey.c b/auth2-pubkey.c
index b656b1f8c..5b4a2cc02 100644
--- a/auth2-pubkey.c
+++ b/auth2-pubkey.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: auth2-pubkey.c,v 1.97 2019/11/25 00:54:23 djm Exp $ */ 1/* $OpenBSD: auth2-pubkey.c,v 1.98 2020/01/23 07:10:22 dtucker Exp $ */
2/* 2/*
3 * Copyright (c) 2000 Markus Friedl. All rights reserved. 3 * Copyright (c) 2000 Markus Friedl. All rights reserved.
4 * 4 *
@@ -460,7 +460,7 @@ match_principals_command(struct ssh *ssh, struct passwd *user_pw,
460 * NB. all returns later this function should go via "out" to 460 * NB. all returns later this function should go via "out" to
461 * ensure the original SIGCHLD handler is restored properly. 461 * ensure the original SIGCHLD handler is restored properly.
462 */ 462 */
463 osigchld = signal(SIGCHLD, SIG_DFL); 463 osigchld = ssh_signal(SIGCHLD, SIG_DFL);
464 464
465 /* Prepare and verify the user for the command */ 465 /* Prepare and verify the user for the command */
466 username = percent_expand(options.authorized_principals_command_user, 466 username = percent_expand(options.authorized_principals_command_user,
@@ -548,7 +548,7 @@ match_principals_command(struct ssh *ssh, struct passwd *user_pw,
548 out: 548 out:
549 if (f != NULL) 549 if (f != NULL)
550 fclose(f); 550 fclose(f);
551 signal(SIGCHLD, osigchld); 551 ssh_signal(SIGCHLD, osigchld);
552 for (i = 0; i < ac; i++) 552 for (i = 0; i < ac; i++)
553 free(av[i]); 553 free(av[i]);
554 free(av); 554 free(av);
@@ -898,7 +898,7 @@ user_key_command_allowed2(struct ssh *ssh, struct passwd *user_pw,
898 * NB. all returns later this function should go via "out" to 898 * NB. all returns later this function should go via "out" to
899 * ensure the original SIGCHLD handler is restored properly. 899 * ensure the original SIGCHLD handler is restored properly.
900 */ 900 */
901 osigchld = signal(SIGCHLD, SIG_DFL); 901 osigchld = ssh_signal(SIGCHLD, SIG_DFL);
902 902
903 /* Prepare and verify the user for the command */ 903 /* Prepare and verify the user for the command */
904 username = percent_expand(options.authorized_keys_command_user, 904 username = percent_expand(options.authorized_keys_command_user,
@@ -987,7 +987,7 @@ user_key_command_allowed2(struct ssh *ssh, struct passwd *user_pw,
987 out: 987 out:
988 if (f != NULL) 988 if (f != NULL)
989 fclose(f); 989 fclose(f);
990 signal(SIGCHLD, osigchld); 990 ssh_signal(SIGCHLD, osigchld);
991 for (i = 0; i < ac; i++) 991 for (i = 0; i < ac; i++)
992 free(av[i]); 992 free(av[i]);
993 free(av); 993 free(av);