CID 1309355: check error return from closefrom(3) where appropriate.diff -r1.12 -r1.13 src/crypto/external/bsd/openssh/dist/auth2-pubkey.c
(christos)
--- src/crypto/external/bsd/openssh/dist/auth2-pubkey.c 2015/07/03 00:59:59 1.12
+++ src/crypto/external/bsd/openssh/dist/auth2-pubkey.c 2015/07/06 15:09:17 1.13
@@ -1,41 +1,41 @@ | @@ -1,41 +1,41 @@ | |||
1 | /* $NetBSD: auth2-pubkey.c,v 1.12 2015/07/03 00:59:59 christos Exp $ */ | 1 | /* $NetBSD: auth2-pubkey.c,v 1.13 2015/07/06 15:09:17 christos Exp $ */ | |
2 | /* $OpenBSD: auth2-pubkey.c,v 1.53 2015/06/15 18:44:22 jsing Exp $ */ | 2 | /* $OpenBSD: auth2-pubkey.c,v 1.53 2015/06/15 18:44:22 jsing Exp $ */ | |
3 | /* | 3 | /* | |
4 | * Copyright (c) 2000 Markus Friedl. All rights reserved. | 4 | * Copyright (c) 2000 Markus Friedl. All rights reserved. | |
5 | * | 5 | * | |
6 | * Redistribution and use in source and binary forms, with or without | 6 | * Redistribution and use in source and binary forms, with or without | |
7 | * modification, are permitted provided that the following conditions | 7 | * modification, are permitted provided that the following conditions | |
8 | * are met: | 8 | * are met: | |
9 | * 1. Redistributions of source code must retain the above copyright | 9 | * 1. Redistributions of source code must retain the above copyright | |
10 | * notice, this list of conditions and the following disclaimer. | 10 | * notice, this list of conditions and the following disclaimer. | |
11 | * 2. Redistributions in binary form must reproduce the above copyright | 11 | * 2. Redistributions in binary form must reproduce the above copyright | |
12 | * notice, this list of conditions and the following disclaimer in the | 12 | * notice, this list of conditions and the following disclaimer in the | |
13 | * documentation and/or other materials provided with the distribution. | 13 | * documentation and/or other materials provided with the distribution. | |
14 | * | 14 | * | |
15 | * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR | 15 | * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR | |
16 | * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES | 16 | * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES | |
17 | * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. | 17 | * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. | |
18 | * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, | 18 | * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, | |
19 | * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | 19 | * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | |
20 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, | 20 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, | |
21 | * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY | 21 | * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY | |
22 | * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT | 22 | * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT | |
23 | * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | 23 | * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | |
24 | * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 24 | * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | |
25 | */ | 25 | */ | |
26 | 26 | |||
27 | #include "includes.h" | 27 | #include "includes.h" | |
28 | __RCSID("$NetBSD: auth2-pubkey.c,v 1.12 2015/07/03 00:59:59 christos Exp $"); | 28 | __RCSID("$NetBSD: auth2-pubkey.c,v 1.13 2015/07/06 15:09:17 christos Exp $"); | |
29 | #include <sys/types.h> | 29 | #include <sys/types.h> | |
30 | #include <sys/stat.h> | 30 | #include <sys/stat.h> | |
31 | #include <sys/wait.h> | 31 | #include <sys/wait.h> | |
32 | 32 | |||
33 | #include <errno.h> | 33 | #include <errno.h> | |
34 | #include <fcntl.h> | 34 | #include <fcntl.h> | |
35 | #include <paths.h> | 35 | #include <paths.h> | |
36 | #include <pwd.h> | 36 | #include <pwd.h> | |
37 | #include <signal.h> | 37 | #include <signal.h> | |
38 | #include <stdio.h> | 38 | #include <stdio.h> | |
39 | #include <stdarg.h> | 39 | #include <stdarg.h> | |
40 | #include <string.h> | 40 | #include <string.h> | |
41 | #include <time.h> | 41 | #include <time.h> | |
@@ -464,27 +464,30 @@ subprocess(const char *tag, struct passw | @@ -464,27 +464,30 @@ subprocess(const char *tag, struct passw | |||
464 | signal(i, SIG_DFL); | 464 | signal(i, SIG_DFL); | |
465 | 465 | |||
466 | if ((devnull = open(_PATH_DEVNULL, O_RDWR)) == -1) { | 466 | if ((devnull = open(_PATH_DEVNULL, O_RDWR)) == -1) { | |
467 | error("%s: open %s: %s", tag, _PATH_DEVNULL, | 467 | error("%s: open %s: %s", tag, _PATH_DEVNULL, | |
468 | strerror(errno)); | 468 | strerror(errno)); | |
469 | _exit(1); | 469 | _exit(1); | |
470 | } | 470 | } | |
471 | /* Keep stderr around a while longer to catch errors */ | 471 | /* Keep stderr around a while longer to catch errors */ | |
472 | if (dup2(devnull, STDIN_FILENO) == -1 || | 472 | if (dup2(devnull, STDIN_FILENO) == -1 || | |
473 | dup2(p[1], STDOUT_FILENO) == -1) { | 473 | dup2(p[1], STDOUT_FILENO) == -1) { | |
474 | error("%s: dup2: %s", tag, strerror(errno)); | 474 | error("%s: dup2: %s", tag, strerror(errno)); | |
475 | _exit(1); | 475 | _exit(1); | |
476 | } | 476 | } | |
477 | closefrom(STDERR_FILENO + 1); | 477 | if (closefrom(STDERR_FILENO + 1) == -1) { | |
478 | error("closefrom: %s", strerror(errno)); | |||
479 | _exit(1); | |||
480 | } | |||
478 | 481 | |||
479 | /* Don't use permanently_set_uid() here to avoid fatal() */ | 482 | /* Don't use permanently_set_uid() here to avoid fatal() */ | |
480 | if (setgid(pw->pw_gid) == -1) { | 483 | if (setgid(pw->pw_gid) == -1) { | |
481 | error("setgid %u: %s", (u_int)pw->pw_gid, | 484 | error("setgid %u: %s", (u_int)pw->pw_gid, | |
482 | strerror(errno)); | 485 | strerror(errno)); | |
483 | _exit(1); | 486 | _exit(1); | |
484 | } | 487 | } | |
485 | if (setuid(pw->pw_uid) == -1) { | 488 | if (setuid(pw->pw_uid) == -1) { | |
486 | error("setuid %u: %s", (u_int)pw->pw_uid, | 489 | error("setuid %u: %s", (u_int)pw->pw_uid, | |
487 | strerror(errno)); | 490 | strerror(errno)); | |
488 | _exit(1); | 491 | _exit(1); | |
489 | } | 492 | } | |
490 | /* stdin is pointed to /dev/null at this point */ | 493 | /* stdin is pointed to /dev/null at this point */ |
--- src/crypto/external/bsd/openssh/dist/readconf.c 2015/07/03 01:00:00 1.14
+++ src/crypto/external/bsd/openssh/dist/readconf.c 2015/07/06 15:09:17 1.15
@@ -1,30 +1,30 @@ | @@ -1,30 +1,30 @@ | |||
1 | /* $NetBSD: readconf.c,v 1.14 2015/07/03 01:00:00 christos Exp $ */ | 1 | /* $NetBSD: readconf.c,v 1.15 2015/07/06 15:09:17 christos Exp $ */ | |
2 | /* $OpenBSD: readconf.c,v 1.237 2015/06/26 05:13:20 djm Exp $ */ | 2 | /* $OpenBSD: readconf.c,v 1.237 2015/06/26 05:13:20 djm Exp $ */ | |
3 | /* | 3 | /* | |
4 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 4 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | |
5 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 5 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | |
6 | * All rights reserved | 6 | * All rights reserved | |
7 | * Functions for reading the configuration files. | 7 | * Functions for reading the configuration files. | |
8 | * | 8 | * | |
9 | * As far as I am concerned, the code I have written for this software | 9 | * As far as I am concerned, the code I have written for this software | |
10 | * can be used freely for any purpose. Any derived versions of this | 10 | * can be used freely for any purpose. Any derived versions of this | |
11 | * software must be clearly marked as such, and if the derived work is | 11 | * software must be clearly marked as such, and if the derived work is | |
12 | * incompatible with the protocol description in the RFC file, it must be | 12 | * incompatible with the protocol description in the RFC file, it must be | |
13 | * called by a name other than "ssh" or "Secure Shell". | 13 | * called by a name other than "ssh" or "Secure Shell". | |
14 | */ | 14 | */ | |
15 | 15 | |||
16 | #include "includes.h" | 16 | #include "includes.h" | |
17 | __RCSID("$NetBSD: readconf.c,v 1.14 2015/07/03 01:00:00 christos Exp $"); | 17 | __RCSID("$NetBSD: readconf.c,v 1.15 2015/07/06 15:09:17 christos Exp $"); | |
18 | #include <sys/types.h> | 18 | #include <sys/types.h> | |
19 | #include <sys/stat.h> | 19 | #include <sys/stat.h> | |
20 | #include <sys/socket.h> | 20 | #include <sys/socket.h> | |
21 | #include <sys/wait.h> | 21 | #include <sys/wait.h> | |
22 | #include <sys/un.h> | 22 | #include <sys/un.h> | |
23 | 23 | |||
24 | #include <netinet/in.h> | 24 | #include <netinet/in.h> | |
25 | #include <netinet/ip.h> | 25 | #include <netinet/ip.h> | |
26 | 26 | |||
27 | #include <ctype.h> | 27 | #include <ctype.h> | |
28 | #include <errno.h> | 28 | #include <errno.h> | |
29 | #include <fcntl.h> | 29 | #include <fcntl.h> | |
30 | #include <netdb.h> | 30 | #include <netdb.h> | |
@@ -457,27 +457,28 @@ execute_in_shell(const char *cmd) | @@ -457,27 +457,28 @@ execute_in_shell(const char *cmd) | |||
457 | if ((pid = fork()) == 0) { | 457 | if ((pid = fork()) == 0) { | |
458 | char *argv[4]; | 458 | char *argv[4]; | |
459 | 459 | |||
460 | /* Child. Permanently give up superuser privileges. */ | 460 | /* Child. Permanently give up superuser privileges. */ | |
461 | permanently_drop_suid(original_real_uid); | 461 | permanently_drop_suid(original_real_uid); | |
462 | 462 | |||
463 | /* Redirect child stdin and stdout. Leave stderr */ | 463 | /* Redirect child stdin and stdout. Leave stderr */ | |
464 | if (dup2(devnull, STDIN_FILENO) == -1) | 464 | if (dup2(devnull, STDIN_FILENO) == -1) | |
465 | fatal("dup2: %s", strerror(errno)); | 465 | fatal("dup2: %s", strerror(errno)); | |
466 | if (dup2(devnull, STDOUT_FILENO) == -1) | 466 | if (dup2(devnull, STDOUT_FILENO) == -1) | |
467 | fatal("dup2: %s", strerror(errno)); | 467 | fatal("dup2: %s", strerror(errno)); | |
468 | if (devnull > STDERR_FILENO) | 468 | if (devnull > STDERR_FILENO) | |
469 | close(devnull); | 469 | close(devnull); | |
470 | closefrom(STDERR_FILENO + 1); | 470 | if (closefrom(STDERR_FILENO + 1) == -1) | |
471 | fatal("closefrom: %s", strerror(errno)); | |||
471 | 472 | |||
472 | argv[0] = __UNCONST(shell); | 473 | argv[0] = __UNCONST(shell); | |
473 | argv[1] = __UNCONST("-c"); | 474 | argv[1] = __UNCONST("-c"); | |
474 | argv[2] = command_string; | 475 | argv[2] = command_string; | |
475 | argv[3] = NULL; | 476 | argv[3] = NULL; | |
476 | 477 | |||
477 | execv(argv[0], argv); | 478 | execv(argv[0], argv); | |
478 | error("Unable to execute '%.100s': %s", cmd, strerror(errno)); | 479 | error("Unable to execute '%.100s': %s", cmd, strerror(errno)); | |
479 | /* Die with signal to make this error apparent to parent. */ | 480 | /* Die with signal to make this error apparent to parent. */ | |
480 | signal(SIGTERM, SIG_DFL); | 481 | signal(SIGTERM, SIG_DFL); | |
481 | kill(getpid(), SIGTERM); | 482 | kill(getpid(), SIGTERM); | |
482 | _exit(1); | 483 | _exit(1); | |
483 | } | 484 | } |
--- src/crypto/external/bsd/openssh/dist/session.c 2015/07/03 01:00:00 1.15
+++ src/crypto/external/bsd/openssh/dist/session.c 2015/07/06 15:09:17 1.16
@@ -1,14 +1,14 @@ | @@ -1,14 +1,14 @@ | |||
1 | /* $NetBSD: session.c,v 1.15 2015/07/03 01:00:00 christos Exp $ */ | 1 | /* $NetBSD: session.c,v 1.16 2015/07/06 15:09:17 christos Exp $ */ | |
2 | /* $OpenBSD: session.c,v 1.278 2015/04/24 01:36:00 deraadt Exp $ */ | 2 | /* $OpenBSD: session.c,v 1.278 2015/04/24 01:36:00 deraadt Exp $ */ | |
3 | /* | 3 | /* | |
4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | |
5 | * All rights reserved | 5 | * All rights reserved | |
6 | * | 6 | * | |
7 | * As far as I am concerned, the code I have written for this software | 7 | * As far as I am concerned, the code I have written for this software | |
8 | * can be used freely for any purpose. Any derived versions of this | 8 | * can be used freely for any purpose. Any derived versions of this | |
9 | * software must be clearly marked as such, and if the derived work is | 9 | * software must be clearly marked as such, and if the derived work is | |
10 | * incompatible with the protocol description in the RFC file, it must be | 10 | * incompatible with the protocol description in the RFC file, it must be | |
11 | * called by a name other than "ssh" or "Secure Shell". | 11 | * called by a name other than "ssh" or "Secure Shell". | |
12 | * | 12 | * | |
13 | * SSH2 support by Markus Friedl. | 13 | * SSH2 support by Markus Friedl. | |
14 | * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. | 14 | * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. | |
@@ -25,27 +25,27 @@ | @@ -25,27 +25,27 @@ | |||
25 | * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR | 25 | * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR | |
26 | * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES | 26 | * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES | |
27 | * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. | 27 | * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. | |
28 | * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, | 28 | * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, | |
29 | * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | 29 | * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | |
30 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, | 30 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, | |
31 | * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY | 31 | * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY | |
32 | * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT | 32 | * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT | |
33 | * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | 33 | * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | |
34 | * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 34 | * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | |
35 | */ | 35 | */ | |
36 | 36 | |||
37 | #include "includes.h" | 37 | #include "includes.h" | |
38 | __RCSID("$NetBSD: session.c,v 1.15 2015/07/03 01:00:00 christos Exp $"); | 38 | __RCSID("$NetBSD: session.c,v 1.16 2015/07/06 15:09:17 christos Exp $"); | |
39 | #include <sys/types.h> | 39 | #include <sys/types.h> | |
40 | #include <sys/wait.h> | 40 | #include <sys/wait.h> | |
41 | #include <sys/un.h> | 41 | #include <sys/un.h> | |
42 | #include <sys/stat.h> | 42 | #include <sys/stat.h> | |
43 | #include <sys/socket.h> | 43 | #include <sys/socket.h> | |
44 | #include <sys/queue.h> | 44 | #include <sys/queue.h> | |
45 | 45 | |||
46 | #include <errno.h> | 46 | #include <errno.h> | |
47 | #include <fcntl.h> | 47 | #include <fcntl.h> | |
48 | #include <grp.h> | 48 | #include <grp.h> | |
49 | #include <login_cap.h> | 49 | #include <login_cap.h> | |
50 | #include <netdb.h> | 50 | #include <netdb.h> | |
51 | #include <paths.h> | 51 | #include <paths.h> | |
@@ -1547,27 +1547,27 @@ child_close_fds(void) | @@ -1547,27 +1547,27 @@ child_close_fds(void) | |||
1547 | 1547 | |||
1548 | /* | 1548 | /* | |
1549 | * Close any extra file descriptors. Note that there may still be | 1549 | * Close any extra file descriptors. Note that there may still be | |
1550 | * descriptors left by system functions. They will be closed later. | 1550 | * descriptors left by system functions. They will be closed later. | |
1551 | */ | 1551 | */ | |
1552 | endpwent(); | 1552 | endpwent(); | |
1553 | 1553 | |||
1554 | /* | 1554 | /* | |
1555 | * Close any extra open file descriptors so that we don't have them | 1555 | * Close any extra open file descriptors so that we don't have them | |
1556 | * hanging around in clients. Note that we want to do this after | 1556 | * hanging around in clients. Note that we want to do this after | |
1557 | * initgroups, because at least on Solaris 2.3 it leaves file | 1557 | * initgroups, because at least on Solaris 2.3 it leaves file | |
1558 | * descriptors open. | 1558 | * descriptors open. | |
1559 | */ | 1559 | */ | |
1560 | closefrom(STDERR_FILENO + 1); | 1560 | (void)closefrom(STDERR_FILENO + 1); | |
1561 | } | 1561 | } | |
1562 | 1562 | |||
1563 | /* | 1563 | /* | |
1564 | * Performs common processing for the child, such as setting up the | 1564 | * Performs common processing for the child, such as setting up the | |
1565 | * environment, closing extra file descriptors, setting the user and group | 1565 | * environment, closing extra file descriptors, setting the user and group | |
1566 | * ids, and executing the command or shell. | 1566 | * ids, and executing the command or shell. | |
1567 | */ | 1567 | */ | |
1568 | #define ARGV_MAX 10 | 1568 | #define ARGV_MAX 10 | |
1569 | void | 1569 | void | |
1570 | do_child(Session *s, const char *command) | 1570 | do_child(Session *s, const char *command) | |
1571 | { | 1571 | { | |
1572 | extern char **environ; | 1572 | extern char **environ; | |
1573 | char **env; | 1573 | char **env; | |
@@ -1678,27 +1678,27 @@ do_child(Session *s, const char *command | @@ -1678,27 +1678,27 @@ do_child(Session *s, const char *command | |||
1678 | /* Change current directory to the user's home directory. */ | 1678 | /* Change current directory to the user's home directory. */ | |
1679 | if (chdir(pw->pw_dir) < 0) { | 1679 | if (chdir(pw->pw_dir) < 0) { | |
1680 | /* Suppress missing homedir warning for chroot case */ | 1680 | /* Suppress missing homedir warning for chroot case */ | |
1681 | r = login_getcapbool(lc, "requirehome", 0); | 1681 | r = login_getcapbool(lc, "requirehome", 0); | |
1682 | if (r || options.chroot_directory == NULL || | 1682 | if (r || options.chroot_directory == NULL || | |
1683 | strcasecmp(options.chroot_directory, "none") == 0) | 1683 | strcasecmp(options.chroot_directory, "none") == 0) | |
1684 | fprintf(stderr, "Could not chdir to home " | 1684 | fprintf(stderr, "Could not chdir to home " | |
1685 | "directory %s: %s\n", pw->pw_dir, | 1685 | "directory %s: %s\n", pw->pw_dir, | |
1686 | strerror(errno)); | 1686 | strerror(errno)); | |
1687 | if (r) | 1687 | if (r) | |
1688 | exit(1); | 1688 | exit(1); | |
1689 | } | 1689 | } | |
1690 | 1690 | |||
1691 | closefrom(STDERR_FILENO + 1); | 1691 | (void)closefrom(STDERR_FILENO + 1); | |
1692 | 1692 | |||
1693 | if (!options.use_login) | 1693 | if (!options.use_login) | |
1694 | do_rc_files(s, shell); | 1694 | do_rc_files(s, shell); | |
1695 | 1695 | |||
1696 | /* restore SIGPIPE for child */ | 1696 | /* restore SIGPIPE for child */ | |
1697 | signal(SIGPIPE, SIG_DFL); | 1697 | signal(SIGPIPE, SIG_DFL); | |
1698 | 1698 | |||
1699 | if (s->is_subsystem == SUBSYSTEM_INT_SFTP_ERROR) { | 1699 | if (s->is_subsystem == SUBSYSTEM_INT_SFTP_ERROR) { | |
1700 | printf("This service allows sftp connections only.\n"); | 1700 | printf("This service allows sftp connections only.\n"); | |
1701 | fflush(NULL); | 1701 | fflush(NULL); | |
1702 | exit(1); | 1702 | exit(1); | |
1703 | } else if (s->is_subsystem == SUBSYSTEM_INT_SFTP) { | 1703 | } else if (s->is_subsystem == SUBSYSTEM_INT_SFTP) { | |
1704 | extern int optind, optreset; | 1704 | extern int optind, optreset; |
--- src/crypto/external/bsd/openssh/dist/ssh.c 2015/07/03 01:00:00 1.17
+++ src/crypto/external/bsd/openssh/dist/ssh.c 2015/07/06 15:09:17 1.18
@@ -1,14 +1,14 @@ | @@ -1,14 +1,14 @@ | |||
1 | /* $NetBSD: ssh.c,v 1.17 2015/07/03 01:00:00 christos Exp $ */ | 1 | /* $NetBSD: ssh.c,v 1.18 2015/07/06 15:09:17 christos Exp $ */ | |
2 | /* $OpenBSD: ssh.c,v 1.418 2015/05/04 06:10:48 djm Exp $ */ | 2 | /* $OpenBSD: ssh.c,v 1.418 2015/05/04 06:10:48 djm Exp $ */ | |
3 | /* | 3 | /* | |
4 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 4 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | |
5 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 5 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | |
6 | * All rights reserved | 6 | * All rights reserved | |
7 | * Ssh client program. This program can be used to log into a remote machine. | 7 | * Ssh client program. This program can be used to log into a remote machine. | |
8 | * The software supports strong authentication, encryption, and forwarding | 8 | * The software supports strong authentication, encryption, and forwarding | |
9 | * of X11, TCP/IP, and authentication connections. | 9 | * of X11, TCP/IP, and authentication connections. | |
10 | * | 10 | * | |
11 | * As far as I am concerned, the code I have written for this software | 11 | * As far as I am concerned, the code I have written for this software | |
12 | * can be used freely for any purpose. Any derived versions of this | 12 | * can be used freely for any purpose. Any derived versions of this | |
13 | * software must be clearly marked as such, and if the derived work is | 13 | * software must be clearly marked as such, and if the derived work is | |
14 | * incompatible with the protocol description in the RFC file, it must be | 14 | * incompatible with the protocol description in the RFC file, it must be | |
@@ -32,27 +32,27 @@ | @@ -32,27 +32,27 @@ | |||
32 | * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR | 32 | * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR | |
33 | * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES | 33 | * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES | |
34 | * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. | 34 | * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. | |
35 | * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, | 35 | * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, | |
36 | * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | 36 | * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | |
37 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, | 37 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, | |
38 | * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY | 38 | * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY | |
39 | * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT | 39 | * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT | |
40 | * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | 40 | * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | |
41 | * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 41 | * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | |
42 | */ | 42 | */ | |
43 | 43 | |||
44 | #include "includes.h" | 44 | #include "includes.h" | |
45 | __RCSID("$NetBSD: ssh.c,v 1.17 2015/07/03 01:00:00 christos Exp $"); | 45 | __RCSID("$NetBSD: ssh.c,v 1.18 2015/07/06 15:09:17 christos Exp $"); | |
46 | #include <sys/types.h> | 46 | #include <sys/types.h> | |
47 | #include <sys/param.h> | 47 | #include <sys/param.h> | |
48 | #include <sys/ioctl.h> | 48 | #include <sys/ioctl.h> | |
49 | #include <sys/queue.h> | 49 | #include <sys/queue.h> | |
50 | #include <sys/resource.h> | 50 | #include <sys/resource.h> | |
51 | #include <sys/socket.h> | 51 | #include <sys/socket.h> | |
52 | #include <sys/stat.h> | 52 | #include <sys/stat.h> | |
53 | #include <sys/time.h> | 53 | #include <sys/time.h> | |
54 | #include <sys/wait.h> | 54 | #include <sys/wait.h> | |
55 | 55 | |||
56 | #include <ctype.h> | 56 | #include <ctype.h> | |
57 | #include <errno.h> | 57 | #include <errno.h> | |
58 | #include <fcntl.h> | 58 | #include <fcntl.h> | |
@@ -505,27 +505,28 @@ main(int ac, char **av) | @@ -505,27 +505,28 @@ main(int ac, char **av) | |||
505 | struct Forward fwd; | 505 | struct Forward fwd; | |
506 | struct addrinfo *addrs = NULL; | 506 | struct addrinfo *addrs = NULL; | |
507 | struct ssh_digest_ctx *md; | 507 | struct ssh_digest_ctx *md; | |
508 | u_char conn_hash[SSH_DIGEST_MAX_LENGTH]; | 508 | u_char conn_hash[SSH_DIGEST_MAX_LENGTH]; | |
509 | char *conn_hash_hex; | 509 | char *conn_hash_hex; | |
510 | 510 | |||
511 | /* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */ | 511 | /* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */ | |
512 | sanitise_stdfd(); | 512 | sanitise_stdfd(); | |
513 | 513 | |||
514 | /* | 514 | /* | |
515 | * Discard other fds that are hanging around. These can cause problem | 515 | * Discard other fds that are hanging around. These can cause problem | |
516 | * with backgrounded ssh processes started by ControlPersist. | 516 | * with backgrounded ssh processes started by ControlPersist. | |
517 | */ | 517 | */ | |
518 | closefrom(STDERR_FILENO + 1); | 518 | if (closefrom(STDERR_FILENO + 1) == -1) | |
519 | fatal("closefrom failed: %.100s", strerror(errno)); | |||
519 | 520 | |||
520 | /* | 521 | /* | |
521 | * Save the original real uid. It will be needed later (uid-swapping | 522 | * Save the original real uid. It will be needed later (uid-swapping | |
522 | * may clobber the real uid). | 523 | * may clobber the real uid). | |
523 | */ | 524 | */ | |
524 | original_real_uid = getuid(); | 525 | original_real_uid = getuid(); | |
525 | original_effective_uid = geteuid(); | 526 | original_effective_uid = geteuid(); | |
526 | 527 | |||
527 | /* | 528 | /* | |
528 | * Use uid-swapping to give up root privileges for the duration of | 529 | * Use uid-swapping to give up root privileges for the duration of | |
529 | * option processing. We will re-instantiate the rights when we are | 530 | * option processing. We will re-instantiate the rights when we are | |
530 | * ready to create the privileged port, and will permanently drop | 531 | * ready to create the privileged port, and will permanently drop | |
531 | * them when the port has been created (actually, when the connection | 532 | * them when the port has been created (actually, when the connection |
--- src/crypto/external/bsd/openssh/dist/sshconnect2.c 2015/07/03 01:00:00 1.20
+++ src/crypto/external/bsd/openssh/dist/sshconnect2.c 2015/07/06 15:09:17 1.21
@@ -1,14 +1,14 @@ | @@ -1,14 +1,14 @@ | |||
1 | /* $NetBSD: sshconnect2.c,v 1.20 2015/07/03 01:00:00 christos Exp $ */ | 1 | /* $NetBSD: sshconnect2.c,v 1.21 2015/07/06 15:09:17 christos Exp $ */ | |
2 | /* $OpenBSD: sshconnect2.c,v 1.224 2015/05/04 06:10:48 djm Exp $ */ | 2 | /* $OpenBSD: sshconnect2.c,v 1.224 2015/05/04 06:10:48 djm Exp $ */ | |
3 | /* | 3 | /* | |
4 | * Copyright (c) 2000 Markus Friedl. All rights reserved. | 4 | * Copyright (c) 2000 Markus Friedl. All rights reserved. | |
5 | * Copyright (c) 2008 Damien Miller. All rights reserved. | 5 | * Copyright (c) 2008 Damien Miller. All rights reserved. | |
6 | * | 6 | * | |
7 | * Redistribution and use in source and binary forms, with or without | 7 | * Redistribution and use in source and binary forms, with or without | |
8 | * modification, are permitted provided that the following conditions | 8 | * modification, are permitted provided that the following conditions | |
9 | * are met: | 9 | * are met: | |
10 | * 1. Redistributions of source code must retain the above copyright | 10 | * 1. Redistributions of source code must retain the above copyright | |
11 | * notice, this list of conditions and the following disclaimer. | 11 | * notice, this list of conditions and the following disclaimer. | |
12 | * 2. Redistributions in binary form must reproduce the above copyright | 12 | * 2. Redistributions in binary form must reproduce the above copyright | |
13 | * notice, this list of conditions and the following disclaimer in the | 13 | * notice, this list of conditions and the following disclaimer in the | |
14 | * documentation and/or other materials provided with the distribution. | 14 | * documentation and/or other materials provided with the distribution. | |
@@ -16,27 +16,27 @@ | @@ -16,27 +16,27 @@ | |||
16 | * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR | 16 | * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR | |
17 | * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES | 17 | * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES | |
18 | * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. | 18 | * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. | |
19 | * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, | 19 | * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, | |
20 | * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | 20 | * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | |
21 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, | 21 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, | |
22 | * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY | 22 | * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY | |
23 | * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT | 23 | * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT | |
24 | * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | 24 | * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | |
25 | * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 25 | * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | |
26 | */ | 26 | */ | |
27 | 27 | |||
28 | #include "includes.h" | 28 | #include "includes.h" | |
29 | __RCSID("$NetBSD: sshconnect2.c,v 1.20 2015/07/03 01:00:00 christos Exp $"); | 29 | __RCSID("$NetBSD: sshconnect2.c,v 1.21 2015/07/06 15:09:17 christos Exp $"); | |
30 | #include <sys/types.h> | 30 | #include <sys/types.h> | |
31 | #include <sys/socket.h> | 31 | #include <sys/socket.h> | |
32 | #include <sys/wait.h> | 32 | #include <sys/wait.h> | |
33 | #include <sys/queue.h> | 33 | #include <sys/queue.h> | |
34 | #include <sys/stat.h> | 34 | #include <sys/stat.h> | |
35 | 35 | |||
36 | #include <errno.h> | 36 | #include <errno.h> | |
37 | #include <fcntl.h> | 37 | #include <fcntl.h> | |
38 | #include <netdb.h> | 38 | #include <netdb.h> | |
39 | #include <stdio.h> | 39 | #include <stdio.h> | |
40 | #include <string.h> | 40 | #include <string.h> | |
41 | #include <signal.h> | 41 | #include <signal.h> | |
42 | #include <pwd.h> | 42 | #include <pwd.h> | |
@@ -1533,27 +1533,28 @@ ssh_keysign(struct sshkey *key, u_char * | @@ -1533,27 +1533,28 @@ ssh_keysign(struct sshkey *key, u_char * | |||
1533 | fcntl(sock, F_SETFD, 0); | 1533 | fcntl(sock, F_SETFD, 0); | |
1534 | permanently_drop_suid(getuid()); | 1534 | permanently_drop_suid(getuid()); | |
1535 | close(from[0]); | 1535 | close(from[0]); | |
1536 | if (dup2(from[1], STDOUT_FILENO) < 0) | 1536 | if (dup2(from[1], STDOUT_FILENO) < 0) | |
1537 | fatal("%s: dup2: %s", __func__, strerror(errno)); | 1537 | fatal("%s: dup2: %s", __func__, strerror(errno)); | |
1538 | close(to[1]); | 1538 | close(to[1]); | |
1539 | if (dup2(to[0], STDIN_FILENO) < 0) | 1539 | if (dup2(to[0], STDIN_FILENO) < 0) | |
1540 | fatal("%s: dup2: %s", __func__, strerror(errno)); | 1540 | fatal("%s: dup2: %s", __func__, strerror(errno)); | |
1541 | close(from[1]); | 1541 | close(from[1]); | |
1542 | close(to[0]); | 1542 | close(to[0]); | |
1543 | /* Close everything but stdio and the socket */ | 1543 | /* Close everything but stdio and the socket */ | |
1544 | for (i = STDERR_FILENO + 1; i < sock; i++) | 1544 | for (i = STDERR_FILENO + 1; i < sock; i++) | |
1545 | close(i); | 1545 | close(i); | |
1546 | closefrom(sock + 1); | 1546 | if (closefrom(sock + 1) < 0) | |
1547 | fatal("%s: closefrom: %s", __func__, strerror(errno)); | |||
1547 | debug3("%s: [child] pid=%ld, exec %s", | 1548 | debug3("%s: [child] pid=%ld, exec %s", | |
1548 | __func__, (long)getpid(), _PATH_SSH_KEY_SIGN); | 1549 | __func__, (long)getpid(), _PATH_SSH_KEY_SIGN); | |
1549 | execl(_PATH_SSH_KEY_SIGN, _PATH_SSH_KEY_SIGN, (char *) 0); | 1550 | execl(_PATH_SSH_KEY_SIGN, _PATH_SSH_KEY_SIGN, (char *) 0); | |
1550 | fatal("%s: exec(%s): %s", __func__, _PATH_SSH_KEY_SIGN, | 1551 | fatal("%s: exec(%s): %s", __func__, _PATH_SSH_KEY_SIGN, | |
1551 | strerror(errno)); | 1552 | strerror(errno)); | |
1552 | } | 1553 | } | |
1553 | close(from[1]); | 1554 | close(from[1]); | |
1554 | close(to[0]); | 1555 | close(to[0]); | |
1555 | 1556 | |||
1556 | if ((b = sshbuf_new()) == NULL) | 1557 | if ((b = sshbuf_new()) == NULL) | |
1557 | fatal("%s: sshbuf_new failed", __func__); | 1558 | fatal("%s: sshbuf_new failed", __func__); | |
1558 | /* send # of sock, data to be signed */ | 1559 | /* send # of sock, data to be signed */ | |
1559 | if ((r = sshbuf_put_u32(b, sock) != 0) || | 1560 | if ((r = sshbuf_put_u32(b, sock) != 0) || |
--- src/crypto/external/bsd/openssh/dist/sshd.c 2015/07/03 01:00:00 1.19
+++ src/crypto/external/bsd/openssh/dist/sshd.c 2015/07/06 15:09:17 1.20
@@ -1,14 +1,14 @@ | @@ -1,14 +1,14 @@ | |||
1 | /* $NetBSD: sshd.c,v 1.19 2015/07/03 01:00:00 christos Exp $ */ | 1 | /* $NetBSD: sshd.c,v 1.20 2015/07/06 15:09:17 christos Exp $ */ | |
2 | /* $OpenBSD: sshd.c,v 1.450 2015/05/24 23:39:16 djm Exp $ */ | 2 | /* $OpenBSD: sshd.c,v 1.450 2015/05/24 23:39:16 djm Exp $ */ | |
3 | /* | 3 | /* | |
4 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 4 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | |
5 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 5 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | |
6 | * All rights reserved | 6 | * All rights reserved | |
7 | * This program is the ssh daemon. It listens for connections from clients, | 7 | * This program is the ssh daemon. It listens for connections from clients, | |
8 | * and performs authentication, executes use commands or shell, and forwards | 8 | * and performs authentication, executes use commands or shell, and forwards | |
9 | * information to/from the application to the user client over an encrypted | 9 | * information to/from the application to the user client over an encrypted | |
10 | * connection. This can also handle forwarding of X11, TCP/IP, and | 10 | * connection. This can also handle forwarding of X11, TCP/IP, and | |
11 | * authentication agent connections. | 11 | * authentication agent connections. | |
12 | * | 12 | * | |
13 | * As far as I am concerned, the code I have written for this software | 13 | * As far as I am concerned, the code I have written for this software | |
14 | * can be used freely for any purpose. Any derived versions of this | 14 | * can be used freely for any purpose. Any derived versions of this | |
@@ -34,27 +34,27 @@ | @@ -34,27 +34,27 @@ | |||
34 | * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR | 34 | * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR | |
35 | * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES | 35 | * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES | |
36 | * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. | 36 | * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. | |
37 | * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, | 37 | * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, | |
38 | * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | 38 | * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | |
39 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, | 39 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, | |
40 | * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY | 40 | * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY | |
41 | * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT | 41 | * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT | |
42 | * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | 42 | * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | |
43 | * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 43 | * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | |
44 | */ | 44 | */ | |
45 | 45 | |||
46 | #include "includes.h" | 46 | #include "includes.h" | |
47 | __RCSID("$NetBSD: sshd.c,v 1.19 2015/07/03 01:00:00 christos Exp $"); | 47 | __RCSID("$NetBSD: sshd.c,v 1.20 2015/07/06 15:09:17 christos Exp $"); | |
48 | #include <sys/types.h> | 48 | #include <sys/types.h> | |
49 | #include <sys/param.h> | 49 | #include <sys/param.h> | |
50 | #include <sys/ioctl.h> | 50 | #include <sys/ioctl.h> | |
51 | #include <sys/wait.h> | 51 | #include <sys/wait.h> | |
52 | #include <sys/tree.h> | 52 | #include <sys/tree.h> | |
53 | #include <sys/stat.h> | 53 | #include <sys/stat.h> | |
54 | #include <sys/socket.h> | 54 | #include <sys/socket.h> | |
55 | #include <sys/time.h> | 55 | #include <sys/time.h> | |
56 | #include <sys/queue.h> | 56 | #include <sys/queue.h> | |
57 | 57 | |||
58 | #include <errno.h> | 58 | #include <errno.h> | |
59 | #include <fcntl.h> | 59 | #include <fcntl.h> | |
60 | #include <netdb.h> | 60 | #include <netdb.h> | |
@@ -1562,29 +1562,31 @@ main(int ac, char **av) | @@ -1562,29 +1562,31 @@ main(int ac, char **av) | |||
1562 | free(line); | 1562 | free(line); | |
1563 | break; | 1563 | break; | |
1564 | case '?': | 1564 | case '?': | |
1565 | default: | 1565 | default: | |
1566 | usage(); | 1566 | usage(); | |
1567 | break; | 1567 | break; | |
1568 | } | 1568 | } | |
1569 | } | 1569 | } | |
1570 | if (rexeced_flag || inetd_flag) | 1570 | if (rexeced_flag || inetd_flag) | |
1571 | rexec_flag = 0; | 1571 | rexec_flag = 0; | |
1572 | if (!test_flag && (rexec_flag && (av[0] == NULL || *av[0] != '/'))) | 1572 | if (!test_flag && (rexec_flag && (av[0] == NULL || *av[0] != '/'))) | |
1573 | fatal("sshd re-exec requires execution with an absolute path"); | 1573 | fatal("sshd re-exec requires execution with an absolute path"); | |
1574 | if (rexeced_flag) | 1574 | if (rexeced_flag) | |
1575 | closefrom(REEXEC_MIN_FREE_FD); | 1575 | r = closefrom(REEXEC_MIN_FREE_FD); | |
1576 | else | 1576 | else | |
1577 | closefrom(REEXEC_DEVCRYPTO_RESERVED_FD); | 1577 | r = closefrom(REEXEC_DEVCRYPTO_RESERVED_FD); | |
1578 | if (r == -1) | |||
1579 | fatal("closefrom failed: %.200s", strerror(errno)); | |||
1578 | 1580 | |||
1579 | #ifdef WITH_OPENSSL | 1581 | #ifdef WITH_OPENSSL | |
1580 | OpenSSL_add_all_algorithms(); | 1582 | OpenSSL_add_all_algorithms(); | |
1581 | #endif | 1583 | #endif | |
1582 | 1584 | |||
1583 | /* If requested, redirect the logs to the specified logfile. */ | 1585 | /* If requested, redirect the logs to the specified logfile. */ | |
1584 | if (logfile != NULL) { | 1586 | if (logfile != NULL) { | |
1585 | log_redirect_stderr_to(logfile); | 1587 | log_redirect_stderr_to(logfile); | |
1586 | free(logfile); | 1588 | free(logfile); | |
1587 | } | 1589 | } | |
1588 | /* | 1590 | /* | |
1589 | * Force logging to stderr until we have loaded the private host | 1591 | * Force logging to stderr until we have loaded the private host | |
1590 | * key (unless started from inetd) | 1592 | * key (unless started from inetd) |