 @@ -1,41 +1,41 @@
-/*	$NetBSD: auth2-pubkey.c,v 1.12 2015/07/03 00:59:59 christos Exp $	*/
+/*	$NetBSD: auth2-pubkey.c,v 1.13 2015/07/06 15:09:17 christos Exp $	*/
 /* $OpenBSD: auth2-pubkey.c,v 1.53 2015/06/15 18:44:22 jsing Exp $ */
 /*
  * Copyright (c) 2000 Markus Friedl.  All rights reserved.
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
  * 1. Redistributions of source code must retain the above copyright
  *    notice, this list of conditions and the following disclaimer.
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in the
  *    documentation and/or other materials provided with the distribution.
+ *
  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
  * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
  * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
  * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
  * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
  * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
  * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
  * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  */
 #include "includes.h"
-__RCSID("$NetBSD: auth2-pubkey.c,v 1.12 2015/07/03 00:59:59 christos Exp $");
+__RCSID("$NetBSD: auth2-pubkey.c,v 1.13 2015/07/06 15:09:17 christos Exp $");
 #include <sys/types.h>
 #include <sys/stat.h>
 #include <sys/wait.h>
 #include <errno.h>
 #include <fcntl.h>
 #include <paths.h>
 #include <pwd.h>
 #include <signal.h>
 #include <stdio.h>
 #include <stdarg.h>
 #include <string.h>
 #include <time.h>
 @@ -464,27 +464,30 @@ subprocess(const char *tag, struct passw
 			signal(i, SIG_DFL);
 		if ((devnull = open(_PATH_DEVNULL, O_RDWR)) == -1) {
 			error("%s: open %s: %s", tag, _PATH_DEVNULL,
 			    strerror(errno));
 			_exit(1);
+		}
 		/* Keep stderr around a while longer to catch errors */
 		if (dup2(devnull, STDIN_FILENO) == -1 ||
 		    dup2(p[1], STDOUT_FILENO) == -1) {
 			error("%s: dup2: %s", tag, strerror(errno));
 			_exit(1);
+		}
-		closefrom(STDERR_FILENO + 1);
+		if (closefrom(STDERR_FILENO + 1) == -1) {
 			error("closefrom: %s", strerror(errno));
 			_exit(1);
+		}
 		/* Don't use permanently_set_uid() here to avoid fatal() */
 		if (setgid(pw->pw_gid) == -1) {
 			error("setgid %u: %s", (u_int)pw->pw_gid,
 			    strerror(errno));
 			_exit(1);
+		}
 		if (setuid(pw->pw_uid) == -1) {
 			error("setuid %u: %s", (u_int)pw->pw_uid,
 			    strerror(errno));
 			_exit(1);
+		}
 		/* stdin is pointed to /dev/null at this point */

 @@ -1,30 +1,30 @@
-/*	$NetBSD: readconf.c,v 1.14 2015/07/03 01:00:00 christos Exp $	*/
+/*	$NetBSD: readconf.c,v 1.15 2015/07/06 15:09:17 christos Exp $	*/
 /* $OpenBSD: readconf.c,v 1.237 2015/06/26 05:13:20 djm Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
  *                    All rights reserved
  * Functions for reading the configuration files.
+ *
  * As far as I am concerned, the code I have written for this software
  * can be used freely for any purpose.  Any derived versions of this
  * software must be clearly marked as such, and if the derived work is
  * incompatible with the protocol description in the RFC file, it must be
  * called by a name other than "ssh" or "Secure Shell".
  */
 #include "includes.h"
-__RCSID("$NetBSD: readconf.c,v 1.14 2015/07/03 01:00:00 christos Exp $");
+__RCSID("$NetBSD: readconf.c,v 1.15 2015/07/06 15:09:17 christos Exp $");
 #include <sys/types.h>
 #include <sys/stat.h>
 #include <sys/socket.h>
 #include <sys/wait.h>
 #include <sys/un.h>
 #include <netinet/in.h>
 #include <netinet/ip.h>
 #include <ctype.h>
 #include <errno.h>
 #include <fcntl.h>
 #include <netdb.h>
 @@ -457,27 +457,28 @@ execute_in_shell(const char *cmd)
 	if ((pid = fork()) == 0) {
 		char *argv[4];
 		/* Child.  Permanently give up superuser privileges. */
 		permanently_drop_suid(original_real_uid);
 		/* Redirect child stdin and stdout. Leave stderr */
 		if (dup2(devnull, STDIN_FILENO) == -1)
 			fatal("dup2: %s", strerror(errno));
 		if (dup2(devnull, STDOUT_FILENO) == -1)
 			fatal("dup2: %s", strerror(errno));
 		if (devnull > STDERR_FILENO)
 			close(devnull);
-		closefrom(STDERR_FILENO + 1);
+		if (closefrom(STDERR_FILENO + 1) == -1)
 			fatal("closefrom: %s", strerror(errno));
 		argv[0] = __UNCONST(shell);
 		argv[1] = __UNCONST("-c");
 		argv[2] = command_string;
 		argv[3] = NULL;
 		execv(argv[0], argv);
 		error("Unable to execute '%.100s': %s", cmd, strerror(errno));
 		/* Die with signal to make this error apparent to parent. */
 		signal(SIGTERM, SIG_DFL);
 		kill(getpid(), SIGTERM);
 		_exit(1);
+	}

 @@ -1,14 +1,14 @@
-/*	$NetBSD: session.c,v 1.15 2015/07/03 01:00:00 christos Exp $	*/
+/*	$NetBSD: session.c,v 1.16 2015/07/06 15:09:17 christos Exp $	*/
 /* $OpenBSD: session.c,v 1.278 2015/04/24 01:36:00 deraadt Exp $ */
 /*
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
  *                    All rights reserved
+ *
  * As far as I am concerned, the code I have written for this software
  * can be used freely for any purpose.  Any derived versions of this
  * software must be clearly marked as such, and if the derived work is
  * incompatible with the protocol description in the RFC file, it must be
  * called by a name other than "ssh" or "Secure Shell".
+ *
  * SSH2 support by Markus Friedl.
  * Copyright (c) 2000, 2001 Markus Friedl.  All rights reserved.
 @@ -25,27 +25,27 @@
  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
  * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
  * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
  * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
  * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
  * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
  * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
  * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  */
 #include "includes.h"
-__RCSID("$NetBSD: session.c,v 1.15 2015/07/03 01:00:00 christos Exp $");
+__RCSID("$NetBSD: session.c,v 1.16 2015/07/06 15:09:17 christos Exp $");
 #include <sys/types.h>
 #include <sys/wait.h>
 #include <sys/un.h>
 #include <sys/stat.h>
 #include <sys/socket.h>
 #include <sys/queue.h>
 #include <errno.h>
 #include <fcntl.h>
 #include <grp.h>
 #include <login_cap.h>
 #include <netdb.h>
 #include <paths.h>
 @@ -1547,27 +1547,27 @@ child_close_fds(void)
 	/*
 	 * Close any extra file descriptors.  Note that there may still be
 	 * descriptors left by system functions.  They will be closed later.
 	 */
 	endpwent();
 	/*
 	 * Close any extra open file descriptors so that we don't have them
 	 * hanging around in clients.  Note that we want to do this after
 	 * initgroups, because at least on Solaris 2.3 it leaves file
 	 * descriptors open.
 	 */
-	closefrom(STDERR_FILENO + 1);
+	(void)closefrom(STDERR_FILENO + 1);
+}
 /*
  * Performs common processing for the child, such as setting up the
  * environment, closing extra file descriptors, setting the user and group
  * ids, and executing the command or shell.
  */
 #define ARGV_MAX 10
 void
 do_child(Session *s, const char *command)
+{
 	extern char **environ;
 	char **env;
 @@ -1678,27 +1678,27 @@ do_child(Session *s, const char *command
 	/* Change current directory to the user's home directory. */
 	if (chdir(pw->pw_dir) < 0) {
 		/* Suppress missing homedir warning for chroot case */
 		r = login_getcapbool(lc, "requirehome", 0);
 		if (r || options.chroot_directory == NULL ||
 		    strcasecmp(options.chroot_directory, "none") == 0)
 			fprintf(stderr, "Could not chdir to home "
 			    "directory %s: %s\n", pw->pw_dir,
 			    strerror(errno));
 		if (r)
 			exit(1);
+	}
-	closefrom(STDERR_FILENO + 1);
+	(void)closefrom(STDERR_FILENO + 1);
 	if (!options.use_login)
 		do_rc_files(s, shell);
 	/* restore SIGPIPE for child */
 	signal(SIGPIPE, SIG_DFL);
 	if (s->is_subsystem == SUBSYSTEM_INT_SFTP_ERROR) {
 		printf("This service allows sftp connections only.\n");
 		fflush(NULL);
 		exit(1);
 	} else if (s->is_subsystem == SUBSYSTEM_INT_SFTP) {
 		extern int optind, optreset;

 @@ -1,14 +1,14 @@
-/*	$NetBSD: ssh.c,v 1.17 2015/07/03 01:00:00 christos Exp $	*/
+/*	$NetBSD: ssh.c,v 1.18 2015/07/06 15:09:17 christos Exp $	*/
 /* $OpenBSD: ssh.c,v 1.418 2015/05/04 06:10:48 djm Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
  *                    All rights reserved
  * Ssh client program.  This program can be used to log into a remote machine.
  * The software supports strong authentication, encryption, and forwarding
  * of X11, TCP/IP, and authentication connections.
+ *
  * As far as I am concerned, the code I have written for this software
  * can be used freely for any purpose.  Any derived versions of this
  * software must be clearly marked as such, and if the derived work is
  * incompatible with the protocol description in the RFC file, it must be
 @@ -32,27 +32,27 @@
  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
  * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
  * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
  * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
  * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
  * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
  * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
  * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  */
 #include "includes.h"
-__RCSID("$NetBSD: ssh.c,v 1.17 2015/07/03 01:00:00 christos Exp $");
+__RCSID("$NetBSD: ssh.c,v 1.18 2015/07/06 15:09:17 christos Exp $");
 #include <sys/types.h>
 #include <sys/param.h>
 #include <sys/ioctl.h>
 #include <sys/queue.h>
 #include <sys/resource.h>
 #include <sys/socket.h>
 #include <sys/stat.h>
 #include <sys/time.h>
 #include <sys/wait.h>
 #include <ctype.h>
 #include <errno.h>
 #include <fcntl.h>
 @@ -505,27 +505,28 @@ main(int ac, char **av)
 	struct Forward fwd;
 	struct addrinfo *addrs = NULL;
 	struct ssh_digest_ctx *md;
 	u_char conn_hash[SSH_DIGEST_MAX_LENGTH];
 	char *conn_hash_hex;
 	/* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */
 	sanitise_stdfd();
 	/*
 	 * Discard other fds that are hanging around. These can cause problem
 	 * with backgrounded ssh processes started by ControlPersist.
 	 */
-	closefrom(STDERR_FILENO + 1);
+	if (closefrom(STDERR_FILENO + 1) == -1)
 		fatal("closefrom failed: %.100s", strerror(errno));
 	/*
 	 * Save the original real uid.  It will be needed later (uid-swapping
 	 * may clobber the real uid).
 	 */
 	original_real_uid = getuid();
 	original_effective_uid = geteuid();
 	/*
 	 * Use uid-swapping to give up root privileges for the duration of
 	 * option processing.  We will re-instantiate the rights when we are
 	 * ready to create the privileged port, and will permanently drop
 	 * them when the port has been created (actually, when the connection

 @@ -1,14 +1,14 @@
-/*	$NetBSD: sshconnect2.c,v 1.20 2015/07/03 01:00:00 christos Exp $	*/
+/*	$NetBSD: sshconnect2.c,v 1.21 2015/07/06 15:09:17 christos Exp $	*/
 /* $OpenBSD: sshconnect2.c,v 1.224 2015/05/04 06:10:48 djm Exp $ */
 /*
  * Copyright (c) 2000 Markus Friedl.  All rights reserved.
  * Copyright (c) 2008 Damien Miller.  All rights reserved.
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
  * 1. Redistributions of source code must retain the above copyright
  *    notice, this list of conditions and the following disclaimer.
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in the
  *    documentation and/or other materials provided with the distribution.
 @@ -16,27 +16,27 @@
  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
  * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
  * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
  * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
  * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
  * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
  * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
  * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  */
 #include "includes.h"
-__RCSID("$NetBSD: sshconnect2.c,v 1.20 2015/07/03 01:00:00 christos Exp $");
+__RCSID("$NetBSD: sshconnect2.c,v 1.21 2015/07/06 15:09:17 christos Exp $");
 #include <sys/types.h>
 #include <sys/socket.h>
 #include <sys/wait.h>
 #include <sys/queue.h>
 #include <sys/stat.h>
 #include <errno.h>
 #include <fcntl.h>
 #include <netdb.h>
 #include <stdio.h>
 #include <string.h>
 #include <signal.h>
 #include <pwd.h>
 @@ -1533,27 +1533,28 @@ ssh_keysign(struct sshkey *key, u_char *
 		fcntl(sock, F_SETFD, 0);
 		permanently_drop_suid(getuid());
 		close(from[0]);
 		if (dup2(from[1], STDOUT_FILENO) < 0)
 			fatal("%s: dup2: %s", __func__, strerror(errno));
 		close(to[1]);
 		if (dup2(to[0], STDIN_FILENO) < 0)
 			fatal("%s: dup2: %s", __func__, strerror(errno));
 		close(from[1]);
 		close(to[0]);
 		/* Close everything but stdio and the socket */
 		for (i = STDERR_FILENO + 1; i < sock; i++)
 			close(i);
-		closefrom(sock + 1);
+		if (closefrom(sock + 1) < 0)
 			fatal("%s: closefrom: %s", __func__, strerror(errno));
 		debug3("%s: [child] pid=%ld, exec %s",
 		    __func__, (long)getpid(), _PATH_SSH_KEY_SIGN);
 		execl(_PATH_SSH_KEY_SIGN, _PATH_SSH_KEY_SIGN, (char *) 0);
 		fatal("%s: exec(%s): %s", __func__, _PATH_SSH_KEY_SIGN,
 		    strerror(errno));
+	}
 	close(from[1]);
 	close(to[0]);
 	if ((b = sshbuf_new()) == NULL)
 		fatal("%s: sshbuf_new failed", __func__);
 	/* send # of sock, data to be signed */
 	if ((r = sshbuf_put_u32(b, sock) != 0) ||

 @@ -1,14 +1,14 @@
-/*	$NetBSD: sshd.c,v 1.19 2015/07/03 01:00:00 christos Exp $	*/
+/*	$NetBSD: sshd.c,v 1.20 2015/07/06 15:09:17 christos Exp $	*/
 /* $OpenBSD: sshd.c,v 1.450 2015/05/24 23:39:16 djm Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
  *                    All rights reserved
  * This program is the ssh daemon.  It listens for connections from clients,
  * and performs authentication, executes use commands or shell, and forwards
  * information to/from the application to the user client over an encrypted
  * connection.  This can also handle forwarding of X11, TCP/IP, and
  * authentication agent connections.
+ *
  * As far as I am concerned, the code I have written for this software
  * can be used freely for any purpose.  Any derived versions of this
 @@ -34,27 +34,27 @@
  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
  * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
  * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
  * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
  * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
  * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
  * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
  * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  */
 #include "includes.h"
-__RCSID("$NetBSD: sshd.c,v 1.19 2015/07/03 01:00:00 christos Exp $");
+__RCSID("$NetBSD: sshd.c,v 1.20 2015/07/06 15:09:17 christos Exp $");
 #include <sys/types.h>
 #include <sys/param.h>
 #include <sys/ioctl.h>
 #include <sys/wait.h>
 #include <sys/tree.h>
 #include <sys/stat.h>
 #include <sys/socket.h>
 #include <sys/time.h>
 #include <sys/queue.h>
 #include <errno.h>
 #include <fcntl.h>
 #include <netdb.h>
 @@ -1562,29 +1562,31 @@ main(int ac, char **av)
 			free(line);
 			break;
 		case '?':
 		default:
 			usage();
 			break;
+		}
+	}
 	if (rexeced_flag || inetd_flag)
 		rexec_flag = 0;
 	if (!test_flag && (rexec_flag && (av[0] == NULL || *av[0] != '/')))
 		fatal("sshd re-exec requires execution with an absolute path");
 	if (rexeced_flag)
-		closefrom(REEXEC_MIN_FREE_FD);
+		r = closefrom(REEXEC_MIN_FREE_FD);
 	else
-		closefrom(REEXEC_DEVCRYPTO_RESERVED_FD);
+		r = closefrom(REEXEC_DEVCRYPTO_RESERVED_FD);
 	if (r == -1)
 		fatal("closefrom failed: %.200s", strerror(errno));
 #ifdef WITH_OPENSSL
 	OpenSSL_add_all_algorithms();
 #endif
 	/* If requested, redirect the logs to the specified logfile. */
 	if (logfile != NULL) {
 		log_redirect_stderr_to(logfile);
 		free(logfile);
+	}
 	/*
 	 * Force logging to stderr until we have loaded the private host
 	 * key (unless started from inetd)