2 files changed, 6 insertions, 3 deletions

diff --git a/ChangeLog b/ChangeLog
index ebe80e5cd..5d9b9d10e 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -14,6 +14,9 @@
    declspec(dllimport).  The least intrusive way to get rid of these warnings
    is to disable warnings for GCC compiler attributes when building on Cygwin.
    Patch from vinschen at redhat.com.
+ - (dtucker) [sandbox-capsicum.c] Correct some error messages and make the
+   return value check for cap_enter() consistent with the other uses in
+   FreeBSD.  From by Loganaden Velvindron @ AfriNIC via bz#2140.
 
 20140117
  - (dtucker) [aclocal.m4 configure.ac] Add some additional compiler/toolchain
diff --git a/sandbox-capsicum.c b/sandbox-capsicum.c
index 5853a13ef..f648c6ece 100644
--- a/sandbox-capsicum.c
+++ b/sandbox-capsicum.c
@@ -87,9 +87,9 @@ ssh_sandbox_child(struct ssh_sandbox *box)
         if (cap_rights_limit(STDIN_FILENO, &rights) < 0 && errno != ENOSYS)
                 fatal("can't limit stdin: %m");
         if (cap_rights_limit(STDOUT_FILENO, &rights) < 0 && errno != ENOSYS)
-                fatal("can't limit stdin: %m");
+                fatal("can't limit stdout: %m");
         if (cap_rights_limit(STDERR_FILENO, &rights) < 0 && errno != ENOSYS)
-                fatal("can't limit stdin: %m");
+                fatal("can't limit stderr: %m");
 
         cap_rights_init(&rights, CAP_READ, CAP_WRITE);
         if (cap_rights_limit(box->monitor->m_recvfd, &rights) == -1)
@@ -97,7 +97,7 @@ ssh_sandbox_child(struct ssh_sandbox *box)
         cap_rights_init(&rights, CAP_WRITE);
         if (cap_rights_limit(box->monitor->m_log_sendfd, &rights) == -1)
                 fatal("%s: failed to limit the logging socket", __func__);
-        if (cap_enter() != 0 && errno != ENOSYS)
+        if (cap_enter() < 0 && errno != ENOSYS)
                 fatal("%s: failed to enter capability mode", __func__);
 
 }