1 files changed, 22 insertions, 21 deletions
diff --git a/sshconnect2.c b/sshconnect2.c
index dffee90b1..87fa70a40 100644
--- a/sshconnect2.c
+++ b/sshconnect2.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sshconnect2.c,v 1.303 2019/02/12 23:53:10 djm Exp $ */
+/* $OpenBSD: sshconnect2.c,v 1.308 2019/08/05 11:50:33 dtucker Exp $ */
 /*
 * Copyright (c) 2000 Markus Friedl.  All rights reserved.
 * Copyright (c) 2008 Damien Miller.  All rights reserved.
@@ -570,14 +570,13 @@ input_userauth_failure(int type, u_int32_t seq, struct ssh *ssh)
        Authctxt *authctxt = ssh->authctxt;
        char *authlist = NULL;
        u_char partial;
-        int r;
        if (authctxt == NULL)
                fatal("input_userauth_failure: no authentication context");
-        if ((r = sshpkt_get_cstring(ssh, &authlist, NULL)) != 0 ||
+        if (sshpkt_get_cstring(ssh, &authlist, NULL) != 0 ||
-            (r = sshpkt_get_u8(ssh, &partial)) != 0 ||
+            sshpkt_get_u8(ssh, &partial) != 0 ||
-            (r = sshpkt_get_end(ssh)) != 0)
+            sshpkt_get_end(ssh) != 0)
                goto out;
        if (partial != 0) {
@@ -1405,10 +1404,10 @@ load_identity_file(Identity *id)
 {
        struct sshkey *private = NULL;
        char prompt[300], *passphrase, *comment;
-        int r, perm_ok = 0, quit = 0, i;
+        int r, quit = 0, i;
        struct stat st;
-        if (stat(id->filename, &st) < 0) {
+        if (stat(id->filename, &st) == -1) {
                (id->userprovided ? logit : debug3)("no such identity: %s: %s",
                    id->filename, strerror(errno));
                return NULL;
@@ -1427,7 +1426,7 @@ load_identity_file(Identity *id)
                        }
                }
                switch ((r = sshkey_load_private_type(KEY_UNSPEC, id->filename,
-                    passphrase, &private, &comment, &perm_ok))) {
+                    passphrase, &private, &comment))) {
                case 0:
                        break;
                case SSH_ERR_KEY_WRONG_PASSPHRASE:
@@ -1833,7 +1832,7 @@ ssh_keysign(struct ssh *ssh, struct sshkey *key, u_char **sigp, size_t *lenp,
        struct sshbuf *b;
        struct stat st;
        pid_t pid;
-        int i, r, to[2], from[2], status;
+        int r, to[2], from[2], status;
        int sock = ssh_packet_get_connection_in(ssh);
        u_char rversion = 0, version = 2;
        void (*osigchld)(int);
@@ -1841,7 +1840,7 @@ ssh_keysign(struct ssh *ssh, struct sshkey *key, u_char **sigp, size_t *lenp,
        *sigp = NULL;
        *lenp = 0;
-        if (stat(_PATH_SSH_KEY_SIGN, &st) < 0) {
+        if (stat(_PATH_SSH_KEY_SIGN, &st) == -1) {
                error("%s: not installed: %s", __func__, strerror(errno));
                return -1;
        }
@@ -1849,34 +1848,35 @@ ssh_keysign(struct ssh *ssh, struct sshkey *key, u_char **sigp, size_t *lenp,
                error("%s: fflush: %s", __func__, strerror(errno));
                return -1;
        }
-        if (pipe(to) < 0) {
+        if (pipe(to) == -1) {
                error("%s: pipe: %s", __func__, strerror(errno));
                return -1;
        }
-        if (pipe(from) < 0) {
+        if (pipe(from) == -1) {
                error("%s: pipe: %s", __func__, strerror(errno));
                return -1;
        }
-        if ((pid = fork()) < 0) {
+        if ((pid = fork()) == -1) {
                error("%s: fork: %s", __func__, strerror(errno));
                return -1;
        }
        osigchld = signal(SIGCHLD, SIG_DFL);
        if (pid == 0) {
-                /* keep the socket on exec */
-                fcntl(sock, F_SETFD, 0);
                close(from[0]);
-                if (dup2(from[1], STDOUT_FILENO) < 0)
+                if (dup2(from[1], STDOUT_FILENO) == -1)
                        fatal("%s: dup2: %s", __func__, strerror(errno));
                close(to[1]);
-                if (dup2(to[0], STDIN_FILENO) < 0)
+                if (dup2(to[0], STDIN_FILENO) == -1)
                        fatal("%s: dup2: %s", __func__, strerror(errno));
                close(from[1]);
                close(to[0]);
-                /* Close everything but stdio and the socket */
-                for (i = STDERR_FILENO + 1; i < sock; i++)
+                if (dup2(sock, STDERR_FILENO + 1) == -1)
-                        close(i);
+                        fatal("%s: dup2: %s", __func__, strerror(errno));
+                sock = STDERR_FILENO + 1;
+                fcntl(sock, F_SETFD, 0);        /* keep the socket on exec */
                closefrom(sock + 1);
                debug3("%s: [child] pid=%ld, exec %s",
                    __func__, (long)getpid(), _PATH_SSH_KEY_SIGN);
                execl(_PATH_SSH_KEY_SIGN, _PATH_SSH_KEY_SIGN, (char *)NULL);
@@ -1885,6 +1885,7 @@ ssh_keysign(struct ssh *ssh, struct sshkey *key, u_char **sigp, size_t *lenp,
        }
        close(from[1]);
        close(to[0]);
+        sock = STDERR_FILENO + 1;
        if ((b = sshbuf_new()) == NULL)
                fatal("%s: sshbuf_new failed", __func__);
@@ -1904,7 +1905,7 @@ ssh_keysign(struct ssh *ssh, struct sshkey *key, u_char **sigp, size_t *lenp,
        }
        errno = 0;
-        while (waitpid(pid, &status, 0) < 0) {
+        while (waitpid(pid, &status, 0) == -1) {
                if (errno != EINTR) {
                        error("%s: waitpid %ld: %s",
                            __func__, (long)pid, strerror(errno));

diff --git a/sshconnect2.c b/sshconnect2.c index dffee90b1..87fa70a40 100644 --- a/sshconnect2.c +++ b/sshconnect2.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: sshconnect2.c,v 1.303 2019/02/12 23:53:10 djm Exp $ */	1	/* $OpenBSD: sshconnect2.c,v 1.308 2019/08/05 11:50:33 dtucker Exp $ */
2	/*	2	/*
3	* Copyright (c) 2000 Markus Friedl. All rights reserved.	3	* Copyright (c) 2000 Markus Friedl. All rights reserved.
4	* Copyright (c) 2008 Damien Miller. All rights reserved.	4	* Copyright (c) 2008 Damien Miller. All rights reserved.
@@ -570,14 +570,13 @@ input_userauth_failure(int type, u_int32_t seq, struct ssh *ssh)
570	Authctxt *authctxt = ssh->authctxt;	570	Authctxt *authctxt = ssh->authctxt;
571	char *authlist = NULL;	571	char *authlist = NULL;
572	u_char partial;	572	u_char partial;
573	int r;
574		573
575	if (authctxt == NULL)	574	if (authctxt == NULL)
576	fatal("input_userauth_failure: no authentication context");	575	fatal("input_userauth_failure: no authentication context");
577		576
578	if ((r = sshpkt_get_cstring(ssh, &authlist, NULL)) != 0 \|\|	577	if (sshpkt_get_cstring(ssh, &authlist, NULL) != 0 \|\|
579	(r = sshpkt_get_u8(ssh, &partial)) != 0 \|\|	578	sshpkt_get_u8(ssh, &partial) != 0 \|\|
580	(r = sshpkt_get_end(ssh)) != 0)	579	sshpkt_get_end(ssh) != 0)
581	goto out;	580	goto out;
582		581
583	if (partial != 0) {	582	if (partial != 0) {
@@ -1405,10 +1404,10 @@ load_identity_file(Identity *id)
1405	{	1404	{
1406	struct sshkey *private = NULL;	1405	struct sshkey *private = NULL;
1407	char prompt[300], passphrase, comment;	1406	char prompt[300], passphrase, comment;
1408	int r, perm_ok = 0, quit = 0, i;	1407	int r, quit = 0, i;
1409	struct stat st;	1408	struct stat st;
1410		1409
1411	if (stat(id->filename, &st) < 0) {	1410	if (stat(id->filename, &st) == -1) {
1412	(id->userprovided ? logit : debug3)("no such identity: %s: %s",	1411	(id->userprovided ? logit : debug3)("no such identity: %s: %s",
1413	id->filename, strerror(errno));	1412	id->filename, strerror(errno));
1414	return NULL;	1413	return NULL;
@@ -1427,7 +1426,7 @@ load_identity_file(Identity *id)
1427	}	1426	}
1428	}	1427	}
1429	switch ((r = sshkey_load_private_type(KEY_UNSPEC, id->filename,	1428	switch ((r = sshkey_load_private_type(KEY_UNSPEC, id->filename,
1430	passphrase, &private, &comment, &perm_ok))) {	1429	passphrase, &private, &comment))) {
1431	case 0:	1430	case 0:
1432	break;	1431	break;
1433	case SSH_ERR_KEY_WRONG_PASSPHRASE:	1432	case SSH_ERR_KEY_WRONG_PASSPHRASE:
@@ -1833,7 +1832,7 @@ ssh_keysign(struct ssh ssh, struct sshkey key, u_char *sigp, size_t lenp,
1833	struct sshbuf *b;	1832	struct sshbuf *b;
1834	struct stat st;	1833	struct stat st;
1835	pid_t pid;	1834	pid_t pid;
1836	int i, r, to[2], from[2], status;	1835	int r, to[2], from[2], status;
1837	int sock = ssh_packet_get_connection_in(ssh);	1836	int sock = ssh_packet_get_connection_in(ssh);
1838	u_char rversion = 0, version = 2;	1837	u_char rversion = 0, version = 2;
1839	void (*osigchld)(int);	1838	void (*osigchld)(int);
@@ -1841,7 +1840,7 @@ ssh_keysign(struct ssh ssh, struct sshkey key, u_char *sigp, size_t lenp,
1841	*sigp = NULL;	1840	*sigp = NULL;
1842	*lenp = 0;	1841	*lenp = 0;
1843		1842
1844	if (stat(_PATH_SSH_KEY_SIGN, &st) < 0) {	1843	if (stat(_PATH_SSH_KEY_SIGN, &st) == -1) {
1845	error("%s: not installed: %s", __func__, strerror(errno));	1844	error("%s: not installed: %s", __func__, strerror(errno));
1846	return -1;	1845	return -1;
1847	}	1846	}
@@ -1849,34 +1848,35 @@ ssh_keysign(struct ssh ssh, struct sshkey key, u_char *sigp, size_t lenp,
1849	error("%s: fflush: %s", __func__, strerror(errno));	1848	error("%s: fflush: %s", __func__, strerror(errno));
1850	return -1;	1849	return -1;
1851	}	1850	}
1852	if (pipe(to) < 0) {	1851	if (pipe(to) == -1) {
1853	error("%s: pipe: %s", __func__, strerror(errno));	1852	error("%s: pipe: %s", __func__, strerror(errno));
1854	return -1;	1853	return -1;
1855	}	1854	}
1856	if (pipe(from) < 0) {	1855	if (pipe(from) == -1) {
1857	error("%s: pipe: %s", __func__, strerror(errno));	1856	error("%s: pipe: %s", __func__, strerror(errno));
1858	return -1;	1857	return -1;
1859	}	1858	}
1860	if ((pid = fork()) < 0) {	1859	if ((pid = fork()) == -1) {
1861	error("%s: fork: %s", __func__, strerror(errno));	1860	error("%s: fork: %s", __func__, strerror(errno));
1862	return -1;	1861	return -1;
1863	}	1862	}
1864	osigchld = signal(SIGCHLD, SIG_DFL);	1863	osigchld = signal(SIGCHLD, SIG_DFL);
1865	if (pid == 0) {	1864	if (pid == 0) {
1866	/* keep the socket on exec */
1867	fcntl(sock, F_SETFD, 0);
1868	close(from[0]);	1865	close(from[0]);
1869	if (dup2(from[1], STDOUT_FILENO) < 0)	1866	if (dup2(from[1], STDOUT_FILENO) == -1)
1870	fatal("%s: dup2: %s", __func__, strerror(errno));	1867	fatal("%s: dup2: %s", __func__, strerror(errno));
1871	close(to[1]);	1868	close(to[1]);
1872	if (dup2(to[0], STDIN_FILENO) < 0)	1869	if (dup2(to[0], STDIN_FILENO) == -1)
1873	fatal("%s: dup2: %s", __func__, strerror(errno));	1870	fatal("%s: dup2: %s", __func__, strerror(errno));
1874	close(from[1]);	1871	close(from[1]);
1875	close(to[0]);	1872	close(to[0]);
1876	/* Close everything but stdio and the socket */	1873
1877	for (i = STDERR_FILENO + 1; i < sock; i++)	1874	if (dup2(sock, STDERR_FILENO + 1) == -1)
1878	close(i);	1875	fatal("%s: dup2: %s", __func__, strerror(errno));
		1876	sock = STDERR_FILENO + 1;
		1877	fcntl(sock, F_SETFD, 0); /* keep the socket on exec */
1879	closefrom(sock + 1);	1878	closefrom(sock + 1);
		1879
1880	debug3("%s: [child] pid=%ld, exec %s",	1880	debug3("%s: [child] pid=%ld, exec %s",
1881	__func__, (long)getpid(), _PATH_SSH_KEY_SIGN);	1881	__func__, (long)getpid(), _PATH_SSH_KEY_SIGN);
1882	execl(_PATH_SSH_KEY_SIGN, _PATH_SSH_KEY_SIGN, (char *)NULL);	1882	execl(_PATH_SSH_KEY_SIGN, _PATH_SSH_KEY_SIGN, (char *)NULL);
@@ -1885,6 +1885,7 @@ ssh_keysign(struct ssh ssh, struct sshkey key, u_char *sigp, size_t lenp,
1885	}	1885	}
1886	close(from[1]);	1886	close(from[1]);
1887	close(to[0]);	1887	close(to[0]);
		1888	sock = STDERR_FILENO + 1;
1888		1889
1889	if ((b = sshbuf_new()) == NULL)	1890	if ((b = sshbuf_new()) == NULL)
1890	fatal("%s: sshbuf_new failed", __func__);	1891	fatal("%s: sshbuf_new failed", __func__);
@@ -1904,7 +1905,7 @@ ssh_keysign(struct ssh ssh, struct sshkey key, u_char *sigp, size_t lenp,
1904	}	1905	}
1905		1906
1906	errno = 0;	1907	errno = 0;
1907	while (waitpid(pid, &status, 0) < 0) {	1908	while (waitpid(pid, &status, 0) == -1) {
1908	if (errno != EINTR) {	1909	if (errno != EINTR) {
1909	error("%s: waitpid %ld: %s",	1910	error("%s: waitpid %ld: %s",
1910	__func__, (long)pid, strerror(errno));	1911	__func__, (long)pid, strerror(errno));