diff options
-rw-r--r-- | ChangeLog | 6 | ||||
-rw-r--r-- | channels.c | 17 | ||||
-rw-r--r-- | session.c | 81 |
3 files changed, 46 insertions, 58 deletions
@@ -57,6 +57,12 @@ | |||
57 | [channels.c mux.c readconf.c readconf.h ssh.h] | 57 | [channels.c mux.c readconf.c readconf.h ssh.h] |
58 | bz#1327: remove hardcoded limit of 100 permitopen clauses and port | 58 | bz#1327: remove hardcoded limit of 100 permitopen clauses and port |
59 | forwards per direction; ok markus@ stevesk@ | 59 | forwards per direction; ok markus@ stevesk@ |
60 | - djm@cvs.openbsd.org 2010/06/25 07:20:04 | ||
61 | [channels.c session.c] | ||
62 | bz#1750: fix requirement for /dev/null inside ChrootDirectory for | ||
63 | internal-sftp accidentally introduced in r1.253 by removing the code | ||
64 | that opens and dup /dev/null to stderr and modifying the channels code | ||
65 | to read stderr but discard it instead; ok markus@ | ||
60 | 66 | ||
61 | 20100622 | 67 | 20100622 |
62 | - (djm) [loginrec.c] crank LINFO_NAMESIZE (username length) to 512 | 68 | - (djm) [loginrec.c] crank LINFO_NAMESIZE (username length) to 512 |
diff --git a/channels.c b/channels.c index 2f2798ddd..fe08257df 100644 --- a/channels.c +++ b/channels.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: channels.c,v 1.305 2010/06/25 07:14:45 djm Exp $ */ | 1 | /* $OpenBSD: channels.c,v 1.306 2010/06/25 07:20:04 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
@@ -839,8 +839,9 @@ channel_pre_open(Channel *c, fd_set *readset, fd_set *writeset) | |||
839 | if (c->extended_usage == CHAN_EXTENDED_WRITE && | 839 | if (c->extended_usage == CHAN_EXTENDED_WRITE && |
840 | buffer_len(&c->extended) > 0) | 840 | buffer_len(&c->extended) > 0) |
841 | FD_SET(c->efd, writeset); | 841 | FD_SET(c->efd, writeset); |
842 | else if (!(c->flags & CHAN_EOF_SENT) && | 842 | else if (c->efd != -1 && !(c->flags & CHAN_EOF_SENT) && |
843 | c->extended_usage == CHAN_EXTENDED_READ && | 843 | (c->extended_usage == CHAN_EXTENDED_READ || |
844 | c->extended_usage == CHAN_EXTENDED_IGNORE) && | ||
844 | buffer_len(&c->extended) < c->remote_window) | 845 | buffer_len(&c->extended) < c->remote_window) |
845 | FD_SET(c->efd, readset); | 846 | FD_SET(c->efd, readset); |
846 | } | 847 | } |
@@ -1756,7 +1757,9 @@ channel_handle_efd(Channel *c, fd_set *readset, fd_set *writeset) | |||
1756 | buffer_consume(&c->extended, len); | 1757 | buffer_consume(&c->extended, len); |
1757 | c->local_consumed += len; | 1758 | c->local_consumed += len; |
1758 | } | 1759 | } |
1759 | } else if (c->extended_usage == CHAN_EXTENDED_READ && | 1760 | } else if (c->efd != -1 && |
1761 | (c->extended_usage == CHAN_EXTENDED_READ || | ||
1762 | c->extended_usage == CHAN_EXTENDED_IGNORE) && | ||
1760 | (c->detach_close || FD_ISSET(c->efd, readset))) { | 1763 | (c->detach_close || FD_ISSET(c->efd, readset))) { |
1761 | len = read(c->efd, buf, sizeof(buf)); | 1764 | len = read(c->efd, buf, sizeof(buf)); |
1762 | debug2("channel %d: read %d from efd %d", | 1765 | debug2("channel %d: read %d from efd %d", |
@@ -1769,7 +1772,11 @@ channel_handle_efd(Channel *c, fd_set *readset, fd_set *writeset) | |||
1769 | c->self, c->efd); | 1772 | c->self, c->efd); |
1770 | channel_close_fd(&c->efd); | 1773 | channel_close_fd(&c->efd); |
1771 | } else { | 1774 | } else { |
1772 | buffer_append(&c->extended, buf, len); | 1775 | if (c->extended_usage == CHAN_EXTENDED_IGNORE) { |
1776 | debug3("channel %d: discard efd", | ||
1777 | c->self); | ||
1778 | } else | ||
1779 | buffer_append(&c->extended, buf, len); | ||
1773 | } | 1780 | } |
1774 | } | 1781 | } |
1775 | } | 1782 | } |
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: session.c,v 1.255 2010/06/22 04:59:12 djm Exp $ */ | 1 | /* $OpenBSD: session.c,v 1.256 2010/06/25 07:20:04 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 3 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
4 | * All rights reserved | 4 | * All rights reserved |
@@ -105,7 +105,7 @@ | |||
105 | /* func */ | 105 | /* func */ |
106 | 106 | ||
107 | Session *session_new(void); | 107 | Session *session_new(void); |
108 | void session_set_fds(Session *, int, int, int, int); | 108 | void session_set_fds(Session *, int, int, int, int, int); |
109 | void session_pty_cleanup(Session *); | 109 | void session_pty_cleanup(Session *); |
110 | void session_proctitle(Session *); | 110 | void session_proctitle(Session *); |
111 | int session_setup_x11fwd(Session *); | 111 | int session_setup_x11fwd(Session *); |
@@ -462,27 +462,14 @@ do_exec_no_pty(Session *s, const char *command) | |||
462 | close(pin[1]); | 462 | close(pin[1]); |
463 | return -1; | 463 | return -1; |
464 | } | 464 | } |
465 | if (s->is_subsystem) { | 465 | if (pipe(perr) < 0) { |
466 | if ((perr[1] = open(_PATH_DEVNULL, O_WRONLY)) == -1) { | 466 | error("%s: pipe err: %.100s", __func__, |
467 | error("%s: open(%s): %s", __func__, _PATH_DEVNULL, | 467 | strerror(errno)); |
468 | strerror(errno)); | 468 | close(pin[0]); |
469 | close(pin[0]); | 469 | close(pin[1]); |
470 | close(pin[1]); | 470 | close(pout[0]); |
471 | close(pout[0]); | 471 | close(pout[1]); |
472 | close(pout[1]); | 472 | return -1; |
473 | return -1; | ||
474 | } | ||
475 | perr[0] = -1; | ||
476 | } else { | ||
477 | if (pipe(perr) < 0) { | ||
478 | error("%s: pipe err: %.100s", __func__, | ||
479 | strerror(errno)); | ||
480 | close(pin[0]); | ||
481 | close(pin[1]); | ||
482 | close(pout[0]); | ||
483 | close(pout[1]); | ||
484 | return -1; | ||
485 | } | ||
486 | } | 473 | } |
487 | #else | 474 | #else |
488 | int inout[2], err[2]; | 475 | int inout[2], err[2]; |
@@ -495,23 +482,12 @@ do_exec_no_pty(Session *s, const char *command) | |||
495 | error("%s: socketpair #1: %.100s", __func__, strerror(errno)); | 482 | error("%s: socketpair #1: %.100s", __func__, strerror(errno)); |
496 | return -1; | 483 | return -1; |
497 | } | 484 | } |
498 | if (s->is_subsystem) { | 485 | if (socketpair(AF_UNIX, SOCK_STREAM, 0, err) < 0) { |
499 | if ((err[0] = open(_PATH_DEVNULL, O_WRONLY)) == -1) { | 486 | error("%s: socketpair #2: %.100s", __func__, |
500 | error("%s: open(%s): %s", __func__, _PATH_DEVNULL, | 487 | strerror(errno)); |
501 | strerror(errno)); | 488 | close(inout[0]); |
502 | close(inout[0]); | 489 | close(inout[1]); |
503 | close(inout[1]); | 490 | return -1; |
504 | return -1; | ||
505 | } | ||
506 | err[1] = -1; | ||
507 | } else { | ||
508 | if (socketpair(AF_UNIX, SOCK_STREAM, 0, err) < 0) { | ||
509 | error("%s: socketpair #2: %.100s", __func__, | ||
510 | strerror(errno)); | ||
511 | close(inout[0]); | ||
512 | close(inout[1]); | ||
513 | return -1; | ||
514 | } | ||
515 | } | 491 | } |
516 | #endif | 492 | #endif |
517 | 493 | ||
@@ -526,15 +502,13 @@ do_exec_no_pty(Session *s, const char *command) | |||
526 | close(pin[1]); | 502 | close(pin[1]); |
527 | close(pout[0]); | 503 | close(pout[0]); |
528 | close(pout[1]); | 504 | close(pout[1]); |
529 | if (perr[0] != -1) | 505 | close(perr[0]); |
530 | close(perr[0]); | ||
531 | close(perr[1]); | 506 | close(perr[1]); |
532 | #else | 507 | #else |
533 | close(inout[0]); | 508 | close(inout[0]); |
534 | close(inout[1]); | 509 | close(inout[1]); |
535 | close(err[0]); | 510 | close(err[0]); |
536 | if (err[1] != -1) | 511 | close(err[1]); |
537 | close(err[1]); | ||
538 | #endif | 512 | #endif |
539 | return -1; | 513 | return -1; |
540 | case 0: | 514 | case 0: |
@@ -568,8 +542,7 @@ do_exec_no_pty(Session *s, const char *command) | |||
568 | close(pout[1]); | 542 | close(pout[1]); |
569 | 543 | ||
570 | /* Redirect stderr. */ | 544 | /* Redirect stderr. */ |
571 | if (perr[0] != -1) | 545 | close(perr[0]); |
572 | close(perr[0]); | ||
573 | if (dup2(perr[1], 2) < 0) | 546 | if (dup2(perr[1], 2) < 0) |
574 | perror("dup2 stderr"); | 547 | perror("dup2 stderr"); |
575 | close(perr[1]); | 548 | close(perr[1]); |
@@ -580,8 +553,7 @@ do_exec_no_pty(Session *s, const char *command) | |||
580 | * seem to depend on it. | 553 | * seem to depend on it. |
581 | */ | 554 | */ |
582 | close(inout[1]); | 555 | close(inout[1]); |
583 | if (err[1] != -1) | 556 | close(err[1]); |
584 | close(err[1]); | ||
585 | if (dup2(inout[0], 0) < 0) /* stdin */ | 557 | if (dup2(inout[0], 0) < 0) /* stdin */ |
586 | perror("dup2 stdin"); | 558 | perror("dup2 stdin"); |
587 | if (dup2(inout[0], 1) < 0) /* stdout (same as stdin) */ | 559 | if (dup2(inout[0], 1) < 0) /* stdout (same as stdin) */ |
@@ -629,7 +601,8 @@ do_exec_no_pty(Session *s, const char *command) | |||
629 | close(perr[1]); | 601 | close(perr[1]); |
630 | 602 | ||
631 | if (compat20) { | 603 | if (compat20) { |
632 | session_set_fds(s, pin[1], pout[0], perr[0], 0); | 604 | session_set_fds(s, pin[1], pout[0], perr[0], |
605 | s->is_subsystem, 0); | ||
633 | } else { | 606 | } else { |
634 | /* Enter the interactive session. */ | 607 | /* Enter the interactive session. */ |
635 | server_loop(pid, pin[1], pout[0], perr[0]); | 608 | server_loop(pid, pin[1], pout[0], perr[0]); |
@@ -645,7 +618,8 @@ do_exec_no_pty(Session *s, const char *command) | |||
645 | * handle the case that fdin and fdout are the same. | 618 | * handle the case that fdin and fdout are the same. |
646 | */ | 619 | */ |
647 | if (compat20) { | 620 | if (compat20) { |
648 | session_set_fds(s, inout[1], inout[1], err[1], 0); | 621 | session_set_fds(s, inout[1], inout[1], err[1], |
622 | s->is_subsystem, 0); | ||
649 | } else { | 623 | } else { |
650 | server_loop(pid, inout[1], inout[1], err[1]); | 624 | server_loop(pid, inout[1], inout[1], err[1]); |
651 | /* server_loop has closed inout[1] and err[1]. */ | 625 | /* server_loop has closed inout[1] and err[1]. */ |
@@ -767,7 +741,7 @@ do_exec_pty(Session *s, const char *command) | |||
767 | s->ptymaster = ptymaster; | 741 | s->ptymaster = ptymaster; |
768 | packet_set_interactive(1); | 742 | packet_set_interactive(1); |
769 | if (compat20) { | 743 | if (compat20) { |
770 | session_set_fds(s, ptyfd, fdout, -1, 1); | 744 | session_set_fds(s, ptyfd, fdout, -1, 1, 1); |
771 | } else { | 745 | } else { |
772 | server_loop(pid, ptyfd, fdout, -1); | 746 | server_loop(pid, ptyfd, fdout, -1); |
773 | /* server_loop _has_ closed ptyfd and fdout. */ | 747 | /* server_loop _has_ closed ptyfd and fdout. */ |
@@ -2348,7 +2322,8 @@ session_input_channel_req(Channel *c, const char *rtype) | |||
2348 | } | 2322 | } |
2349 | 2323 | ||
2350 | void | 2324 | void |
2351 | session_set_fds(Session *s, int fdin, int fdout, int fderr, int is_tty) | 2325 | session_set_fds(Session *s, int fdin, int fdout, int fderr, int ignore_fderr, |
2326 | int is_tty) | ||
2352 | { | 2327 | { |
2353 | if (!compat20) | 2328 | if (!compat20) |
2354 | fatal("session_set_fds: called for proto != 2.0"); | 2329 | fatal("session_set_fds: called for proto != 2.0"); |
@@ -2360,7 +2335,7 @@ session_set_fds(Session *s, int fdin, int fdout, int fderr, int is_tty) | |||
2360 | fatal("no channel for session %d", s->self); | 2335 | fatal("no channel for session %d", s->self); |
2361 | channel_set_fds(s->chanid, | 2336 | channel_set_fds(s->chanid, |
2362 | fdout, fdin, fderr, | 2337 | fdout, fdin, fderr, |
2363 | fderr == -1 ? CHAN_EXTENDED_IGNORE : CHAN_EXTENDED_READ, | 2338 | ignore_fderr ? CHAN_EXTENDED_IGNORE : CHAN_EXTENDED_READ, |
2364 | 1, is_tty, CHAN_SES_WINDOW_DEFAULT); | 2339 | 1, is_tty, CHAN_SES_WINDOW_DEFAULT); |
2365 | } | 2340 | } |
2366 | 2341 | ||