- djm@cvs.openbsd.org 2006/01/05 23:43:53

[misc.c]
     check that stdio file descriptors are actually closed before clobbering
     them in sanitise_stdfd(). problems occurred when a lower numbered fd was
     closed, but higher ones weren't. spotted by, and patch tested by
     Frédéric Olivié

ChangeLog

@@ -29,6 +29,12 @@
    - jmc@cvs.openbsd.org 2006/01/04 19:50:09
      [ssh.1]
      -.Xr gzip 1 ,
+   - djm@cvs.openbsd.org 2006/01/05 23:43:53
+     [misc.c]
+     check that stdio file descriptors are actually closed before clobbering
+     them in sanitise_stdfd(). problems occurred when a lower numbered fd was
+     closed, but higher ones weren't. spotted by, and patch tested by
+     Frédéric Olivié
 
 20060103
  - (djm) [channels.c] clean up harmless merge error, from reyk@
@@ -3663,4 +3669,4 @@
    - (djm) Trim deprecated options from INSTALL. Mention UsePAM
    - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu
 
-$Id: ChangeLog,v 1.4081 2006/01/06 03:50:26 djm Exp $
+$Id: ChangeLog,v 1.4082 2006/01/06 03:50:44 djm Exp $

misc.c

@@ -24,7 +24,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: misc.c,v 1.40 2006/01/02 07:53:44 reyk Exp $");
+RCSID("$OpenBSD: misc.c,v 1.41 2006/01/05 23:43:53 djm Exp $");
 
 #ifdef SSH_TUN_OPENBSD
 #include <net/if.h>
@@ -616,18 +616,20 @@ tun_open(int tun, int mode)
 void
 sanitise_stdfd(void)
 {
-	int nullfd;
+	int nullfd, dupfd;
 
-	if ((nullfd = open(_PATH_DEVNULL, O_RDWR)) == -1) {
+	if ((nullfd = dupfd = open(_PATH_DEVNULL, O_RDWR)) == -1) {
 		fprintf(stderr, "Couldn't open /dev/null: %s", strerror(errno));
 		exit(1);
 	}
-	while (nullfd < 2) {
-		if (dup2(nullfd, nullfd + 1) == -1) {
+	while (++dupfd <= 2) {
+		/* Only clobber closed fds */
+		if (fcntl(dupfd, F_GETFL, 0) >= 0)
+			continue;
+		if (dup2(nullfd, dupfd) == -1) {
 			fprintf(stderr, "dup2: %s", strerror(errno));
 			exit(1);
 		}
-		nullfd++;
 	}
 	if (nullfd > 2)
 		close(nullfd);