upstream: stricter validation of messaging socket fd number; disallow

usage of stderr. Based on GHPR492 by RealHurrison OpenBSD-Commit-ID: 73dbbe82ea16f73ce1d044d3232bc869ae2f2ce8
2024-04-30 05:53:03 +00:00 · 2024-04-30 05:53:03 +00:00 · 2e69a72405
parent da757b022b
commit 2e69a72405
1 changed files with 2 additions and 2 deletions
--- a/ssh-keysign.c
+++ b/ssh-keysign.c
@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-keysign.c,v 1.73 2024/01/11 01:51:16 djm Exp $ */
+/* $OpenBSD: ssh-keysign.c,v 1.74 2024/04/30 05:53:03 djm Exp $ */
 /*
 * Copyright (c) 2002 Markus Friedl.  All rights reserved.
 *
@ -268,7 +268,7 @@ main(int argc, char **argv)
 		    __progname, rver, version);
 	if ((r = sshbuf_get_u32(b, (u_int *)&fd)) != 0)
 		fatal_r(r, "%s: buffer error", __progname);
-	if (fd < 0 || fd == STDIN_FILENO || fd == STDOUT_FILENO)
+	if (fd <= STDERR_FILENO)
 		fatal("%s: bad fd = %d", __progname, fd);
 	if ((host = get_local_name(fd)) == NULL)
 		fatal("%s: cannot get local name for fd", __progname);