From fc77ccdc2ce6d5d06628b8da5048a6a5f6ffca5a Mon Sep 17 00:00:00 2001
From: "markus@openbsd.org" <markus@openbsd.org>
Date: Thu, 14 Jan 2016 22:56:56 +0000
Subject: upstream commit

fd leaks; report Qualys Security Advisory team; ok
 deraadt@

Upstream-ID: 4ec0f12b9d8fa202293c9effa115464185aa071d
---
 sshconnect.c  | 3 ++-
 sshconnect2.c | 3 ++-
 2 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/sshconnect.c b/sshconnect.c
index a22710d9f..356ec79f0 100644
--- a/sshconnect.c
+++ b/sshconnect.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sshconnect.c,v 1.270 2016/01/14 16:17:40 markus Exp $ */
+/* $OpenBSD: sshconnect.c,v 1.271 2016/01/14 22:56:56 markus Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -167,6 +167,7 @@ ssh_proxy_fdpass_connect(const char *host, u_short port,
 
 	if ((sock = mm_receive_fd(sp[1])) == -1)
 		fatal("proxy dialer did not pass back a connection");
+	close(sp[1]);
 
 	while (waitpid(pid, NULL, 0) == -1)
 		if (errno != EINTR)
diff --git a/sshconnect2.c b/sshconnect2.c
index 1f918533f..4d426c33c 100644
--- a/sshconnect2.c
+++ b/sshconnect2.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sshconnect2.c,v 1.236 2016/01/14 16:17:40 markus Exp $ */
+/* $OpenBSD: sshconnect2.c,v 1.237 2016/01/14 22:56:56 markus Exp $ */
 /*
  * Copyright (c) 2000 Markus Friedl.  All rights reserved.
  * Copyright (c) 2008 Damien Miller.  All rights reserved.
@@ -1344,6 +1344,7 @@ pubkey_prepare(Authctxt *authctxt)
 		if (r != SSH_ERR_AGENT_NO_IDENTITIES)
 			debug("%s: ssh_fetch_identitylist: %s",
 			    __func__, ssh_err(r));
+		close(agent_fd);
 	} else {
 		for (j = 0; j < idlist->nkeys; j++) {
 			found = 0;
-- 
cgit v1.2.3