upstream: pack pollfd array before server_accept_loop() ppoll()

call, and terminate sshd if ppoll() returns errno==EINVAL avoids spin in ppoll when MaxStartups > RLIMIT_NOFILE, reported by Daniel Micay feedback/ok deraadt OpenBSD-Commit-ID: dbab1c24993ac977ec24d83283b8b7528f7c2c15
2025-07-31 01:35:11 +02:00 · 2022-03-01 01:59:19 +00:00 · 2022-03-01 01:59:19 +00:00 · 379b30120d
commit 379b30120d
parent eceafbe0bd
1 changed files with 19 additions and 10 deletions
--- a/sshd.c
+++ b/sshd.c
@ -1,4 +1,4 @@
-/* $OpenBSD: sshd.c,v 1.583 2022/02/01 07:57:32 dtucker Exp $ */
+/* $OpenBSD: sshd.c,v 1.584 2022/03/01 01:59:19 djm Exp $ */
 /*
 * Author: Tatu Ylonen <ylo@cs.hut.fi>
 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@ -1129,9 +1129,9 @@ static void
 server_accept_loop(int *sock_in, int *sock_out, int *newsock, int *config_s)
 {
 	struct pollfd *pfd = NULL;
-	int i, j, ret;
+	int i, j, ret, npfd;
 	int ostartups = -1, startups = 0, listening = 0, lameduck = 0;
-	int startup_p[2] = { -1 , -1 };
+	int startup_p[2] = { -1 , -1 }, *startup_pollfd;
 	char c = 0;
 	struct sockaddr_storage from;
 	socklen_t fromlen;
@ -1142,6 +1142,7 @@ server_accept_loop(int *sock_in, int *sock_out, int *newsock, int *config_s)
 	/* pipes connected to unauthenticated child sshd processes */
 	startup_pipes = xcalloc(options.max_startups, sizeof(int));
 	startup_flags = xcalloc(options.max_startups, sizeof(int));
 	startup_pollfd = xcalloc(options.max_startups, sizeof(int));
 	for (i = 0; i < options.max_startups; i++)
 		startup_pipes[i] = -1;
@ -1157,6 +1158,7 @@ server_accept_loop(int *sock_in, int *sock_out, int *newsock, int *config_s)
 	sigaddset(&nsigset, SIGTERM);
 	sigaddset(&nsigset, SIGQUIT);
 	/* sized for worst-case */
 	pfd = xcalloc(num_listen_socks + options.max_startups,
 	    sizeof(struct pollfd));
@ -1196,24 +1198,31 @@ server_accept_loop(int *sock_in, int *sock_out, int *newsock, int *config_s)
 			pfd[i].fd = listen_socks[i];
 			pfd[i].events = POLLIN;
 		}
 		npfd = num_listen_socks;
 		for (i = 0; i < options.max_startups; i++) {
-			pfd[num_listen_socks+i].fd = startup_pipes[i];
+			startup_pollfd[i] = -1;
-			if (startup_pipes[i] != -1)
+			if (startup_pipes[i] != -1) {
-				pfd[num_listen_socks+i].events = POLLIN;
+				pfd[npfd].fd = startup_pipes[i];
 				pfd[npfd].events = POLLIN;
 				startup_pollfd[i] = npfd++;
 			}
 		}
 		/* Wait until a connection arrives or a child exits. */
-		ret = ppoll(pfd, num_listen_socks + options.max_startups,
+		ret = ppoll(pfd, npfd, NULL, &osigset);
-		    NULL, &osigset);
+		if (ret == -1 && errno != EINTR) {
 		if (ret == -1 && errno != EINTR)
 			error("ppoll: %.100s", strerror(errno));
 			if (errno == EINVAL)
 				cleanup_exit(1); /* can't recover */
 		}
 		sigprocmask(SIG_SETMASK, &osigset, NULL);
 		if (ret == -1)
 			continue;
 		for (i = 0; i < options.max_startups; i++) {
 			if (startup_pipes[i] == -1 ||
-			    !(pfd[num_listen_socks+i].revents & (POLLIN|POLLHUP)))
+			    startup_pollfd[i] == -1 ||
 			    !(pfd[startup_pollfd[i]].revents & (POLLIN|POLLHUP)))
 				continue;
 			switch (read(startup_pipes[i], &c, sizeof(c))) {
 			case -1: