1 files changed, 51 insertions, 2 deletions
diff --git a/sshd.c b/sshd.c
index 4228ca550..f61d79ec7 100644
--- a/sshd.c
+++ b/sshd.c
@@ -253,6 +253,11 @@ Buffer loginmsg;
 /* Unprivileged user */
 struct passwd *privsep_pw = NULL;
+#ifdef OOM_ADJUST
+/* Linux out-of-memory killer adjustment */
+static char oom_adj_save[8];
+#endif
 /* Prototypes for various functions defined later in this file. */
 void destroy_sensitive_data(void);
 void demote_sensitive_data(void);
@@ -419,7 +424,7 @@ sshd_exchange_identification(int sock_in, int sock_out)
                minor = PROTOCOL_MINOR_1;
        }
        snprintf(buf, sizeof buf, "SSH-%d.%d-%.100s%s", major, minor,
-            SSH_VERSION, newline);
+            SSH_RELEASE, newline);
        server_version_string = xstrdup(buf);
        /* Send our protocol version identification. */
@@ -907,6 +912,31 @@ recv_rexec_state(int fd, Buffer *conf)
        debug3("%s: done", __func__);
 }
+#ifdef OOM_ADJUST
+/*
+ * If requested in the environment, tell the Linux kernel's out-of-memory
+ * killer to avoid sshd. The old state will be restored when forking child
+ * processes.
+ */
+static void
+oom_adjust_startup(void)
+{
+        const char *oom_adj = getenv("SSHD_OOM_ADJUST");
+        if (!oom_adj || !*oom_adj)
+                return;
+        oom_adj_get(oom_adj_save, sizeof(oom_adj_save));
+        oom_adj_set(oom_adj);
+}
+static void
+oom_restore(void)
+{
+        if (oom_adj_save[0])
+                oom_adj_set(oom_adj_save);
+}
+#endif
 /* Accept a connection from inetd */
 static void
 server_accept_inetd(int *sock_in, int *sock_out)
@@ -1324,7 +1354,12 @@ main(int ac, char **av)
                        /* ignored */
                        break;
                case 'q':
-                        options.log_level = SYSLOG_LEVEL_QUIET;
+                        if (options.log_level == SYSLOG_LEVEL_QUIET) { 
+                                options.log_level = SYSLOG_LEVEL_SILENT; 
+                        } 
+                        else if (options.log_level != SYSLOG_LEVEL_SILENT) { 
+                                options.log_level = SYSLOG_LEVEL_QUIET; 
+                        } 
                        break;
                case 'b':
                        options.server_key_bits = (int)strtonum(optarg, 256,
@@ -1517,6 +1552,11 @@ main(int ac, char **av)
                        sensitive_data.host_keys[i] = NULL;
                        continue;
                }
+                if (reject_blacklisted_key(key, 1) == 1) {
+                        key_free(key);
+                        sensitive_data.host_keys[i] = NULL;
+                        continue;
+                }
                switch (key->type) {
                case KEY_RSA1:
                        sensitive_data.ssh1_host_key = key;
@@ -1664,6 +1704,11 @@ main(int ac, char **av)
        /* ignore SIGPIPE */
        signal(SIGPIPE, SIG_IGN);
+#ifdef OOM_ADJUST
+        /* Adjust out-of-memory killer */
+        oom_adjust_startup();
+#endif
        /* Get a connection, either from inetd or a listening TCP socket */
        if (inetd_flag) {
                server_accept_inetd(&sock_in, &sock_out);
@@ -1702,6 +1747,10 @@ main(int ac, char **av)
        /* This is the child processing a new connection. */
        setproctitle("%s", "[accepted]");
+#ifdef OOM_ADJUST
+        oom_restore();
+#endif
        /*
         * Create a new session and process group since the 4.4BSD
         * setlogin() affects the entire process group.  We don't

diff --git a/sshd.c b/sshd.c index 4228ca550..f61d79ec7 100644 --- a/sshd.c +++ b/sshd.c
@@ -253,6 +253,11 @@ Buffer loginmsg;
253	/* Unprivileged user */	253	/* Unprivileged user */
254	struct passwd *privsep_pw = NULL;	254	struct passwd *privsep_pw = NULL;
255		255
		256	#ifdef OOM_ADJUST
		257	/* Linux out-of-memory killer adjustment */
		258	static char oom_adj_save[8];
		259	#endif
		260
256	/* Prototypes for various functions defined later in this file. */	261	/* Prototypes for various functions defined later in this file. */
257	void destroy_sensitive_data(void);	262	void destroy_sensitive_data(void);
258	void demote_sensitive_data(void);	263	void demote_sensitive_data(void);
@@ -419,7 +424,7 @@ sshd_exchange_identification(int sock_in, int sock_out)
419	minor = PROTOCOL_MINOR_1;	424	minor = PROTOCOL_MINOR_1;
420	}	425	}
421	snprintf(buf, sizeof buf, "SSH-%d.%d-%.100s%s", major, minor,	426	snprintf(buf, sizeof buf, "SSH-%d.%d-%.100s%s", major, minor,
422	SSH_VERSION, newline);	427	SSH_RELEASE, newline);
423	server_version_string = xstrdup(buf);	428	server_version_string = xstrdup(buf);
424		429
425	/* Send our protocol version identification. */	430	/* Send our protocol version identification. */
@@ -907,6 +912,31 @@ recv_rexec_state(int fd, Buffer *conf)
907	debug3("%s: done", __func__);	912	debug3("%s: done", __func__);
908	}	913	}
909		914
		915	#ifdef OOM_ADJUST
		916	/*
		917	* If requested in the environment, tell the Linux kernel's out-of-memory
		918	* killer to avoid sshd. The old state will be restored when forking child
		919	* processes.
		920	*/
		921	static void
		922	oom_adjust_startup(void)
		923	{
		924	const char *oom_adj = getenv("SSHD_OOM_ADJUST");
		925
		926	if (!oom_adj \|\| !*oom_adj)
		927	return;
		928	oom_adj_get(oom_adj_save, sizeof(oom_adj_save));
		929	oom_adj_set(oom_adj);
		930	}
		931
		932	static void
		933	oom_restore(void)
		934	{
		935	if (oom_adj_save[0])
		936	oom_adj_set(oom_adj_save);
		937	}
		938	#endif
		939
910	/* Accept a connection from inetd */	940	/* Accept a connection from inetd */
911	static void	941	static void
912	server_accept_inetd(int sock_in, int sock_out)	942	server_accept_inetd(int sock_in, int sock_out)
@@ -1324,7 +1354,12 @@ main(int ac, char **av)
1324	/* ignored */	1354	/* ignored */
1325	break;	1355	break;
1326	case 'q':	1356	case 'q':
1327	options.log_level = SYSLOG_LEVEL_QUIET;	1357	if (options.log_level == SYSLOG_LEVEL_QUIET) {
		1358	options.log_level = SYSLOG_LEVEL_SILENT;
		1359	}
		1360	else if (options.log_level != SYSLOG_LEVEL_SILENT) {
		1361	options.log_level = SYSLOG_LEVEL_QUIET;
		1362	}
1328	break;	1363	break;
1329	case 'b':	1364	case 'b':
1330	options.server_key_bits = (int)strtonum(optarg, 256,	1365	options.server_key_bits = (int)strtonum(optarg, 256,
@@ -1517,6 +1552,11 @@ main(int ac, char **av)
1517	sensitive_data.host_keys[i] = NULL;	1552	sensitive_data.host_keys[i] = NULL;
1518	continue;	1553	continue;
1519	}	1554	}
		1555	if (reject_blacklisted_key(key, 1) == 1) {
		1556	key_free(key);
		1557	sensitive_data.host_keys[i] = NULL;
		1558	continue;
		1559	}
1520	switch (key->type) {	1560	switch (key->type) {
1521	case KEY_RSA1:	1561	case KEY_RSA1:
1522	sensitive_data.ssh1_host_key = key;	1562	sensitive_data.ssh1_host_key = key;
@@ -1664,6 +1704,11 @@ main(int ac, char **av)
1664	/* ignore SIGPIPE */	1704	/* ignore SIGPIPE */
1665	signal(SIGPIPE, SIG_IGN);	1705	signal(SIGPIPE, SIG_IGN);
1666		1706
		1707	#ifdef OOM_ADJUST
		1708	/* Adjust out-of-memory killer */
		1709	oom_adjust_startup();
		1710	#endif
		1711
1667	/* Get a connection, either from inetd or a listening TCP socket */	1712	/* Get a connection, either from inetd or a listening TCP socket */
1668	if (inetd_flag) {	1713	if (inetd_flag) {
1669	server_accept_inetd(&sock_in, &sock_out);	1714	server_accept_inetd(&sock_in, &sock_out);
@@ -1702,6 +1747,10 @@ main(int ac, char **av)
1702	/* This is the child processing a new connection. */	1747	/* This is the child processing a new connection. */
1703	setproctitle("%s", "[accepted]");	1748	setproctitle("%s", "[accepted]");
1704		1749
		1750	#ifdef OOM_ADJUST
		1751	oom_restore();
		1752	#endif
		1753
1705	/*	1754	/*
1706	* Create a new session and process group since the 4.4BSD	1755	* Create a new session and process group since the 4.4BSD
1707	* setlogin() affects the entire process group. We don't	1756	* setlogin() affects the entire process group. We don't