diff options
-rw-r--r-- | ChangeLog | 6 | ||||
-rw-r--r-- | misc.c | 22 | ||||
-rw-r--r-- | misc.h | 3 | ||||
-rw-r--r-- | scp.c | 5 | ||||
-rw-r--r-- | sftp-server.c | 6 | ||||
-rw-r--r-- | sftp.c | 5 | ||||
-rw-r--r-- | ssh-add.c | 5 | ||||
-rw-r--r-- | ssh-agent.c | 5 | ||||
-rw-r--r-- | ssh-keygen.c | 5 | ||||
-rw-r--r-- | ssh-keyscan.c | 5 | ||||
-rw-r--r-- | ssh-keysign.c | 9 | ||||
-rw-r--r-- | ssh.c | 5 | ||||
-rw-r--r-- | sshd.c | 5 |
13 files changed, 73 insertions, 13 deletions
@@ -6,6 +6,10 @@ | |||
6 | - markus@cvs.openbsd.org 2005/09/09 19:18:05 | 6 | - markus@cvs.openbsd.org 2005/09/09 19:18:05 |
7 | [clientloop.c] | 7 | [clientloop.c] |
8 | typo; from mark at mcs.vuw.ac.nz, bug #1082 | 8 | typo; from mark at mcs.vuw.ac.nz, bug #1082 |
9 | - djm@cvs.openbsd.org 2005/09/13 23:40:07 | ||
10 | [sshd.c ssh.c misc.h sftp.c ssh-keygen.c ssh-keysign.c sftp-server.c | ||
11 | scp.c misc.c ssh-keyscan.c ssh-add.c ssh-agent.c] | ||
12 | ensure that stdio fds are attached; ok deraadt@ | ||
9 | 13 | ||
10 | 20050930 | 14 | 20050930 |
11 | - (dtucker) [openbsd-compat/openbsd-compat.h] Bug #1096: Add prototype | 15 | - (dtucker) [openbsd-compat/openbsd-compat.h] Bug #1096: Add prototype |
@@ -3046,4 +3050,4 @@ | |||
3046 | - (djm) Trim deprecated options from INSTALL. Mention UsePAM | 3050 | - (djm) Trim deprecated options from INSTALL. Mention UsePAM |
3047 | - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu | 3051 | - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu |
3048 | 3052 | ||
3049 | $Id: ChangeLog,v 1.3903 2005/10/03 08:05:26 dtucker Exp $ | 3053 | $Id: ChangeLog,v 1.3904 2005/10/03 08:11:24 dtucker Exp $ |
@@ -24,7 +24,7 @@ | |||
24 | */ | 24 | */ |
25 | 25 | ||
26 | #include "includes.h" | 26 | #include "includes.h" |
27 | RCSID("$OpenBSD: misc.c,v 1.34 2005/07/08 09:26:18 dtucker Exp $"); | 27 | RCSID("$OpenBSD: misc.c,v 1.35 2005/09/13 23:40:07 djm Exp $"); |
28 | 28 | ||
29 | #include "misc.h" | 29 | #include "misc.h" |
30 | #include "log.h" | 30 | #include "log.h" |
@@ -507,6 +507,26 @@ read_keyfile_line(FILE *f, const char *filename, char *buf, size_t bufsz, | |||
507 | return -1; | 507 | return -1; |
508 | } | 508 | } |
509 | 509 | ||
510 | void | ||
511 | sanitise_stdfd(void) | ||
512 | { | ||
513 | int nullfd; | ||
514 | |||
515 | if ((nullfd = open(_PATH_DEVNULL, O_RDWR)) == -1) { | ||
516 | fprintf(stderr, "Couldn't open /dev/null: %s", strerror(errno)); | ||
517 | exit(1); | ||
518 | } | ||
519 | while (nullfd < 2) { | ||
520 | if (dup2(nullfd, nullfd + 1) == -1) { | ||
521 | fprintf(stderr, "dup2: %s", strerror(errno)); | ||
522 | exit(1); | ||
523 | } | ||
524 | nullfd++; | ||
525 | } | ||
526 | if (nullfd > 2) | ||
527 | close(nullfd); | ||
528 | } | ||
529 | |||
510 | char * | 530 | char * |
511 | tohex(const u_char *d, u_int l) | 531 | tohex(const u_char *d, u_int l) |
512 | { | 532 | { |
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: misc.h,v 1.25 2005/07/14 04:00:43 dtucker Exp $ */ | 1 | /* $OpenBSD: misc.h,v 1.26 2005/09/13 23:40:07 djm Exp $ */ |
2 | 2 | ||
3 | /* | 3 | /* |
4 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 4 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
@@ -27,6 +27,7 @@ long convtime(const char *); | |||
27 | char *tilde_expand_filename(const char *, uid_t); | 27 | char *tilde_expand_filename(const char *, uid_t); |
28 | char *percent_expand(const char *, ...) __attribute__((__sentinel__)); | 28 | char *percent_expand(const char *, ...) __attribute__((__sentinel__)); |
29 | char *tohex(const u_char *, u_int); | 29 | char *tohex(const u_char *, u_int); |
30 | void sanitise_stdfd(void); | ||
30 | 31 | ||
31 | struct passwd *pwcopy(struct passwd *); | 32 | struct passwd *pwcopy(struct passwd *); |
32 | 33 | ||
@@ -71,7 +71,7 @@ | |||
71 | */ | 71 | */ |
72 | 72 | ||
73 | #include "includes.h" | 73 | #include "includes.h" |
74 | RCSID("$OpenBSD: scp.c,v 1.125 2005/07/27 10:39:03 dtucker Exp $"); | 74 | RCSID("$OpenBSD: scp.c,v 1.126 2005/09/13 23:40:07 djm Exp $"); |
75 | 75 | ||
76 | #include "xmalloc.h" | 76 | #include "xmalloc.h" |
77 | #include "atomicio.h" | 77 | #include "atomicio.h" |
@@ -222,6 +222,9 @@ main(int argc, char **argv) | |||
222 | extern char *optarg; | 222 | extern char *optarg; |
223 | extern int optind; | 223 | extern int optind; |
224 | 224 | ||
225 | /* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */ | ||
226 | sanitise_stdfd(); | ||
227 | |||
225 | __progname = ssh_get_progname(argv[0]); | 228 | __progname = ssh_get_progname(argv[0]); |
226 | 229 | ||
227 | args.list = NULL; | 230 | args.list = NULL; |
diff --git a/sftp-server.c b/sftp-server.c index 6870e7732..e7d000cff 100644 --- a/sftp-server.c +++ b/sftp-server.c | |||
@@ -14,13 +14,14 @@ | |||
14 | * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. | 14 | * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. |
15 | */ | 15 | */ |
16 | #include "includes.h" | 16 | #include "includes.h" |
17 | RCSID("$OpenBSD: sftp-server.c,v 1.48 2005/06/17 02:44:33 djm Exp $"); | 17 | RCSID("$OpenBSD: sftp-server.c,v 1.49 2005/09/13 23:40:07 djm Exp $"); |
18 | 18 | ||
19 | #include "buffer.h" | 19 | #include "buffer.h" |
20 | #include "bufaux.h" | 20 | #include "bufaux.h" |
21 | #include "getput.h" | 21 | #include "getput.h" |
22 | #include "log.h" | 22 | #include "log.h" |
23 | #include "xmalloc.h" | 23 | #include "xmalloc.h" |
24 | #include "misc.h" | ||
24 | 25 | ||
25 | #include "sftp.h" | 26 | #include "sftp.h" |
26 | #include "sftp-common.h" | 27 | #include "sftp-common.h" |
@@ -1036,6 +1037,9 @@ main(int ac, char **av) | |||
1036 | int in, out, max; | 1037 | int in, out, max; |
1037 | ssize_t len, olen, set_size; | 1038 | ssize_t len, olen, set_size; |
1038 | 1039 | ||
1040 | /* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */ | ||
1041 | sanitise_stdfd(); | ||
1042 | |||
1039 | /* XXX should use getopt */ | 1043 | /* XXX should use getopt */ |
1040 | 1044 | ||
1041 | __progname = ssh_get_progname(av[0]); | 1045 | __progname = ssh_get_progname(av[0]); |
@@ -16,7 +16,7 @@ | |||
16 | 16 | ||
17 | #include "includes.h" | 17 | #include "includes.h" |
18 | 18 | ||
19 | RCSID("$OpenBSD: sftp.c,v 1.66 2005/08/08 13:22:48 jaredy Exp $"); | 19 | RCSID("$OpenBSD: sftp.c,v 1.67 2005/09/13 23:40:07 djm Exp $"); |
20 | 20 | ||
21 | #ifdef USE_LIBEDIT | 21 | #ifdef USE_LIBEDIT |
22 | #include <histedit.h> | 22 | #include <histedit.h> |
@@ -1447,6 +1447,9 @@ main(int argc, char **argv) | |||
1447 | extern int optind; | 1447 | extern int optind; |
1448 | extern char *optarg; | 1448 | extern char *optarg; |
1449 | 1449 | ||
1450 | /* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */ | ||
1451 | sanitise_stdfd(); | ||
1452 | |||
1450 | __progname = ssh_get_progname(argv[0]); | 1453 | __progname = ssh_get_progname(argv[0]); |
1451 | args.list = NULL; | 1454 | args.list = NULL; |
1452 | addargs(&args, "ssh"); /* overwritten with ssh_program */ | 1455 | addargs(&args, "ssh"); /* overwritten with ssh_program */ |
@@ -35,7 +35,7 @@ | |||
35 | */ | 35 | */ |
36 | 36 | ||
37 | #include "includes.h" | 37 | #include "includes.h" |
38 | RCSID("$OpenBSD: ssh-add.c,v 1.72 2005/07/17 07:17:55 djm Exp $"); | 38 | RCSID("$OpenBSD: ssh-add.c,v 1.73 2005/09/13 23:40:07 djm Exp $"); |
39 | 39 | ||
40 | #include <openssl/evp.h> | 40 | #include <openssl/evp.h> |
41 | 41 | ||
@@ -312,6 +312,9 @@ main(int argc, char **argv) | |||
312 | char *sc_reader_id = NULL; | 312 | char *sc_reader_id = NULL; |
313 | int i, ch, deleting = 0, ret = 0; | 313 | int i, ch, deleting = 0, ret = 0; |
314 | 314 | ||
315 | /* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */ | ||
316 | sanitise_stdfd(); | ||
317 | |||
315 | __progname = ssh_get_progname(argv[0]); | 318 | __progname = ssh_get_progname(argv[0]); |
316 | init_rng(); | 319 | init_rng(); |
317 | seed_rng(); | 320 | seed_rng(); |
diff --git a/ssh-agent.c b/ssh-agent.c index dd7e22ad5..6f0ba130d 100644 --- a/ssh-agent.c +++ b/ssh-agent.c | |||
@@ -35,7 +35,7 @@ | |||
35 | 35 | ||
36 | #include "includes.h" | 36 | #include "includes.h" |
37 | #include "openbsd-compat/sys-queue.h" | 37 | #include "openbsd-compat/sys-queue.h" |
38 | RCSID("$OpenBSD: ssh-agent.c,v 1.122 2004/10/29 22:53:56 djm Exp $"); | 38 | RCSID("$OpenBSD: ssh-agent.c,v 1.123 2005/09/13 23:40:07 djm Exp $"); |
39 | 39 | ||
40 | #include <openssl/evp.h> | 40 | #include <openssl/evp.h> |
41 | #include <openssl/md5.h> | 41 | #include <openssl/md5.h> |
@@ -1008,6 +1008,9 @@ main(int ac, char **av) | |||
1008 | pid_t pid; | 1008 | pid_t pid; |
1009 | char pidstrbuf[1 + 3 * sizeof pid]; | 1009 | char pidstrbuf[1 + 3 * sizeof pid]; |
1010 | 1010 | ||
1011 | /* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */ | ||
1012 | sanitise_stdfd(); | ||
1013 | |||
1011 | /* drop */ | 1014 | /* drop */ |
1012 | setegid(getgid()); | 1015 | setegid(getgid()); |
1013 | setgid(getgid()); | 1016 | setgid(getgid()); |
diff --git a/ssh-keygen.c b/ssh-keygen.c index b17851946..92803da45 100644 --- a/ssh-keygen.c +++ b/ssh-keygen.c | |||
@@ -12,7 +12,7 @@ | |||
12 | */ | 12 | */ |
13 | 13 | ||
14 | #include "includes.h" | 14 | #include "includes.h" |
15 | RCSID("$OpenBSD: ssh-keygen.c,v 1.128 2005/07/17 07:17:55 djm Exp $"); | 15 | RCSID("$OpenBSD: ssh-keygen.c,v 1.129 2005/09/13 23:40:07 djm Exp $"); |
16 | 16 | ||
17 | #include <openssl/evp.h> | 17 | #include <openssl/evp.h> |
18 | #include <openssl/pem.h> | 18 | #include <openssl/pem.h> |
@@ -1018,6 +1018,9 @@ main(int ac, char **av) | |||
1018 | extern int optind; | 1018 | extern int optind; |
1019 | extern char *optarg; | 1019 | extern char *optarg; |
1020 | 1020 | ||
1021 | /* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */ | ||
1022 | sanitise_stdfd(); | ||
1023 | |||
1021 | __progname = ssh_get_progname(av[0]); | 1024 | __progname = ssh_get_progname(av[0]); |
1022 | 1025 | ||
1023 | SSLeay_add_all_algorithms(); | 1026 | SSLeay_add_all_algorithms(); |
diff --git a/ssh-keyscan.c b/ssh-keyscan.c index 46f063687..8ac97bd35 100644 --- a/ssh-keyscan.c +++ b/ssh-keyscan.c | |||
@@ -7,7 +7,7 @@ | |||
7 | */ | 7 | */ |
8 | 8 | ||
9 | #include "includes.h" | 9 | #include "includes.h" |
10 | RCSID("$OpenBSD: ssh-keyscan.c,v 1.55 2005/06/17 02:44:33 djm Exp $"); | 10 | RCSID("$OpenBSD: ssh-keyscan.c,v 1.56 2005/09/13 23:40:07 djm Exp $"); |
11 | 11 | ||
12 | #include "openbsd-compat/sys-queue.h" | 12 | #include "openbsd-compat/sys-queue.h" |
13 | 13 | ||
@@ -712,6 +712,9 @@ main(int argc, char **argv) | |||
712 | seed_rng(); | 712 | seed_rng(); |
713 | TAILQ_INIT(&tq); | 713 | TAILQ_INIT(&tq); |
714 | 714 | ||
715 | /* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */ | ||
716 | sanitise_stdfd(); | ||
717 | |||
715 | if (argc <= 1) | 718 | if (argc <= 1) |
716 | usage(); | 719 | usage(); |
717 | 720 | ||
diff --git a/ssh-keysign.c b/ssh-keysign.c index 04597a91d..dae3a2e8c 100644 --- a/ssh-keysign.c +++ b/ssh-keysign.c | |||
@@ -22,7 +22,7 @@ | |||
22 | * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 22 | * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
23 | */ | 23 | */ |
24 | #include "includes.h" | 24 | #include "includes.h" |
25 | RCSID("$OpenBSD: ssh-keysign.c,v 1.18 2004/08/23 14:29:23 dtucker Exp $"); | 25 | RCSID("$OpenBSD: ssh-keysign.c,v 1.19 2005/09/13 23:40:07 djm Exp $"); |
26 | 26 | ||
27 | #include <openssl/evp.h> | 27 | #include <openssl/evp.h> |
28 | #include <openssl/rand.h> | 28 | #include <openssl/rand.h> |
@@ -148,6 +148,13 @@ main(int argc, char **argv) | |||
148 | u_int slen, dlen; | 148 | u_int slen, dlen; |
149 | u_int32_t rnd[256]; | 149 | u_int32_t rnd[256]; |
150 | 150 | ||
151 | /* Ensure that stdin and stdout are connected */ | ||
152 | if ((fd = open(_PATH_DEVNULL, O_RDWR)) < 2) | ||
153 | exit(1); | ||
154 | /* Leave /dev/null fd iff it is attached to stderr */ | ||
155 | if (fd > 2) | ||
156 | close(fd); | ||
157 | |||
151 | key_fd[0] = open(_PATH_HOST_RSA_KEY_FILE, O_RDONLY); | 158 | key_fd[0] = open(_PATH_HOST_RSA_KEY_FILE, O_RDONLY); |
152 | key_fd[1] = open(_PATH_HOST_DSA_KEY_FILE, O_RDONLY); | 159 | key_fd[1] = open(_PATH_HOST_DSA_KEY_FILE, O_RDONLY); |
153 | 160 | ||
@@ -40,7 +40,7 @@ | |||
40 | */ | 40 | */ |
41 | 41 | ||
42 | #include "includes.h" | 42 | #include "includes.h" |
43 | RCSID("$OpenBSD: ssh.c,v 1.249 2005/07/30 01:26:16 djm Exp $"); | 43 | RCSID("$OpenBSD: ssh.c,v 1.250 2005/09/13 23:40:07 djm Exp $"); |
44 | 44 | ||
45 | #include <openssl/evp.h> | 45 | #include <openssl/evp.h> |
46 | #include <openssl/err.h> | 46 | #include <openssl/err.h> |
@@ -188,6 +188,9 @@ main(int ac, char **av) | |||
188 | struct servent *sp; | 188 | struct servent *sp; |
189 | Forward fwd; | 189 | Forward fwd; |
190 | 190 | ||
191 | /* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */ | ||
192 | sanitise_stdfd(); | ||
193 | |||
191 | __progname = ssh_get_progname(av[0]); | 194 | __progname = ssh_get_progname(av[0]); |
192 | init_rng(); | 195 | init_rng(); |
193 | 196 | ||
@@ -42,7 +42,7 @@ | |||
42 | */ | 42 | */ |
43 | 43 | ||
44 | #include "includes.h" | 44 | #include "includes.h" |
45 | RCSID("$OpenBSD: sshd.c,v 1.312 2005/07/25 11:59:40 markus Exp $"); | 45 | RCSID("$OpenBSD: sshd.c,v 1.313 2005/09/13 23:40:07 djm Exp $"); |
46 | 46 | ||
47 | #include <openssl/dh.h> | 47 | #include <openssl/dh.h> |
48 | #include <openssl/bn.h> | 48 | #include <openssl/bn.h> |
@@ -924,6 +924,9 @@ main(int ac, char **av) | |||
924 | if (geteuid() == 0 && setgroups(0, NULL) == -1) | 924 | if (geteuid() == 0 && setgroups(0, NULL) == -1) |
925 | debug("setgroups(): %.200s", strerror(errno)); | 925 | debug("setgroups(): %.200s", strerror(errno)); |
926 | 926 | ||
927 | /* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */ | ||
928 | sanitise_stdfd(); | ||
929 | |||
927 | /* Initialize configuration options to their default values. */ | 930 | /* Initialize configuration options to their default values. */ |
928 | initialize_server_options(&options); | 931 | initialize_server_options(&options); |
929 | 932 | ||