summaryrefslogtreecommitdiff
path: root/ssh-agent.c
diff options
context:
space:
mode:
authorDarren Tucker <dtucker@zip.com.au>2007-02-28 21:19:58 +1100
committerDarren Tucker <dtucker@zip.com.au>2007-02-28 21:19:58 +1100
commitcf0d2db2fa94c9e496c3fdd6bdf85e12d021cd50 (patch)
tree134e8d6dcafe308421823f7815b1b50b64ed8303 /ssh-agent.c
parent90aaed43979c6b4e42b41ef8dc2a970df248c2c7 (diff)
- dtucker@cvs.openbsd.org 2007/02/28 00:55:30
[ssh-agent.c] Remove expired keys periodically so they don't remain in memory when the agent is entirely idle, as noted by David R. Piegdon. This is the simple fix, a more efficient one will be done later. With markus, deraadt, with & ok djm.
Diffstat (limited to 'ssh-agent.c')
-rw-r--r--ssh-agent.c24
1 files changed, 14 insertions, 10 deletions
diff --git a/ssh-agent.c b/ssh-agent.c
index ef95eb878..a3a867c33 100644
--- a/ssh-agent.c
+++ b/ssh-agent.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssh-agent.c,v 1.153 2006/10/06 02:29:19 djm Exp $ */ 1/* $OpenBSD: ssh-agent.c,v 1.154 2007/02/28 00:55:30 dtucker Exp $ */
2/* 2/*
3 * Author: Tatu Ylonen <ylo@cs.hut.fi> 3 * Author: Tatu Ylonen <ylo@cs.hut.fi>
4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -434,6 +434,7 @@ reaper(void)
434 for (id = TAILQ_FIRST(&tab->idlist); id; id = nxt) { 434 for (id = TAILQ_FIRST(&tab->idlist); id; id = nxt) {
435 nxt = TAILQ_NEXT(id, next); 435 nxt = TAILQ_NEXT(id, next);
436 if (id->death != 0 && now >= id->death) { 436 if (id->death != 0 && now >= id->death) {
437 debug("expiring key '%s'", id->comment);
437 TAILQ_REMOVE(&tab->idlist, id, next); 438 TAILQ_REMOVE(&tab->idlist, id, next);
438 free_identity(id); 439 free_identity(id);
439 tab->nentries--; 440 tab->nentries--;
@@ -698,9 +699,6 @@ process_message(SocketEntry *e)
698 u_int msg_len, type; 699 u_int msg_len, type;
699 u_char *cp; 700 u_char *cp;
700 701
701 /* kill dead keys */
702 reaper();
703
704 if (buffer_len(&e->input) < 5) 702 if (buffer_len(&e->input) < 5)
705 return; /* Incomplete message. */ 703 return; /* Incomplete message. */
706 cp = buffer_ptr(&e->input); 704 cp = buffer_ptr(&e->input);
@@ -1016,7 +1014,7 @@ int
1016main(int ac, char **av) 1014main(int ac, char **av)
1017{ 1015{
1018 int c_flag = 0, d_flag = 0, k_flag = 0, s_flag = 0; 1016 int c_flag = 0, d_flag = 0, k_flag = 0, s_flag = 0;
1019 int sock, fd, ch; 1017 int sock, fd, ch, result, saved_errno;
1020 u_int nalloc; 1018 u_int nalloc;
1021 char *shell, *format, *pidstr, *agentsocket = NULL; 1019 char *shell, *format, *pidstr, *agentsocket = NULL;
1022 fd_set *readsetp = NULL, *writesetp = NULL; 1020 fd_set *readsetp = NULL, *writesetp = NULL;
@@ -1029,6 +1027,7 @@ main(int ac, char **av)
1029 extern char *optarg; 1027 extern char *optarg;
1030 pid_t pid; 1028 pid_t pid;
1031 char pidstrbuf[1 + 3 * sizeof pid]; 1029 char pidstrbuf[1 + 3 * sizeof pid];
1030 struct timeval tv;
1032 1031
1033 /* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */ 1032 /* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */
1034 sanitise_stdfd(); 1033 sanitise_stdfd();
@@ -1242,13 +1241,18 @@ skip:
1242 nalloc = 0; 1241 nalloc = 0;
1243 1242
1244 while (1) { 1243 while (1) {
1244 tv.tv_sec = 10;
1245 tv.tv_usec = 0;
1245 prepare_select(&readsetp, &writesetp, &max_fd, &nalloc); 1246 prepare_select(&readsetp, &writesetp, &max_fd, &nalloc);
1246 if (select(max_fd + 1, readsetp, writesetp, NULL, NULL) < 0) { 1247 result = select(max_fd + 1, readsetp, writesetp, NULL, &tv);
1247 if (errno == EINTR) 1248 saved_errno = errno;
1249 reaper(); /* remove expired keys */
1250 if (result < 0) {
1251 if (saved_errno == EINTR)
1248 continue; 1252 continue;
1249 fatal("select: %s", strerror(errno)); 1253 fatal("select: %s", strerror(saved_errno));
1250 } 1254 } else if (result > 0)
1251 after_select(readsetp, writesetp); 1255 after_select(readsetp, writesetp);
1252 } 1256 }
1253 /* NOTREACHED */ 1257 /* NOTREACHED */
1254} 1258}
generated by cgit v1.2.3 (git 2.39.1) at 2024-06-29 07:24:15 +0000