upstream: redirect stderr of ProxyCommands to /dev/null when ssh is

started with ControlPersist; based on patch from Steffen Prohaska OpenBSD-Commit-ID: 1bcaa14a03ae80369d31021271ec75dce2597957
author: djm@openbsd.org <djm@openbsd.org> 2018-11-16 06:17:38 +0000
committer: Damien Miller <djm@mindrot.org> 2018-11-16 17:18:29 +1100
commit: ccef7c4faf914993b53035cd2b25ce02ab039c9d (patch)
tree: 15fd42720b91c50da4cd09c27956356d7a7562d7 /sshconnect.c
parent: 15182fd96845a03216d7ac5a2cf31c4e77e406e3 (diff)
1 files changed, 32 insertions, 5 deletions
diff --git a/sshconnect.c b/sshconnect.c
index 52c328111..a700f467f 100644
--- a/sshconnect.c
+++ b/sshconnect.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sshconnect.c,v 1.306 2018/10/15 11:28:50 florian Exp $ */
+/* $OpenBSD: sshconnect.c,v 1.307 2018/11/16 06:17:38 djm Exp $ */
 /*
 * Author: Tatu Ylonen <ylo@cs.hut.fi>
 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -78,6 +78,7 @@ static int matching_host_key_dns = 0;
 static pid_t proxy_command_pid = 0;
 /* import */
+extern int debug_flag;
 extern Options options;
 extern char *__progname;
@@ -99,6 +100,24 @@ expand_proxy_command(const char *proxy_command, const char *user,
        return ret;
 }
+static void
+stderr_null(void)
+{
+        int devnull;
+        if ((devnull = open(_PATH_DEVNULL, O_WRONLY)) == -1) {
+                error("Can't open %s for stderr redirection: %s",
+                    _PATH_DEVNULL, strerror(errno));
+                return;
+        }
+        if (devnull == STDERR_FILENO)
+                return;
+        if (dup2(devnull, STDERR_FILENO) == -1)
+                error("Cannot redirect stderr to %s", _PATH_DEVNULL);
+        if (devnull > STDERR_FILENO)
+                close(devnull);
+}
 /*
 * Connect to the given ssh server using a proxy command that passes a
 * a connected fd back to us.
@@ -141,9 +160,12 @@ ssh_proxy_fdpass_connect(struct ssh *ssh, const char *host, u_short port,
                        close(sp[0]);
                /*
-                 * Stderr is left as it is so that error messages get
+                 * Stderr is left for non-ControlPersist connections is so
-                 * printed on the user's terminal.
+                 * error messages may be printed on the user's terminal.
                 */
+                if (debug_flag || !options.control_persist)
+                        stderr_null();
                argv[0] = shell;
                argv[1] = "-c";
                argv[2] = command_string;
@@ -219,8 +241,13 @@ ssh_proxy_connect(struct ssh *ssh, const char *host, u_short port,
                /* Cannot be 1 because pin allocated two descriptors. */
                close(pout[1]);
-                /* Stderr is left as it is so that error messages get
+                /*
-                   printed on the user's terminal. */
+                 * Stderr is left for non-ControlPersist connections is so
+                 * error messages may be printed on the user's terminal.
+                 */
+                if (debug_flag || !options.control_persist)
+                        stderr_null();
                argv[0] = shell;
                argv[1] = "-c";
                argv[2] = command_string;
author	djm@openbsd.org <djm@openbsd.org>	2018-11-16 06:17:38 +0000
committer	Damien Miller <djm@mindrot.org>	2018-11-16 17:18:29 +1100
commit	ccef7c4faf914993b53035cd2b25ce02ab039c9d (patch)
tree	15fd42720b91c50da4cd09c27956356d7a7562d7 /sshconnect.c
parent	15182fd96845a03216d7ac5a2cf31c4e77e406e3 (diff)