tyler.durden
/
openssh-portable
mirror of https://github.com/PowerShell/openssh-portable.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

upstream: be really strict with fds reserved for communication with the 

separate sshd-session process - reserve them early and fatal if we can't
dup2(2) them later. The pre-split fallback to re-reading the configuration
files is not possible, so sshd-session absolutely requires the fd the
configuration is passed over to be in order.

ok deraadt@

OpenBSD-Commit-ID: 308a98ef3c8a6665ebf92c7c9a0fc9600ccd7065
This commit is contained in:
djm@openbsd.org 2024-06-01 07:03:37 +00:00 committed by Damien Miller
parent f1c8918cb9
commit 8785491123
No known key found for this signature in database
1 changed files with 19 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
sshd.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: sshd.c,v 1.604 2024/05/31 09:01:08 djm Exp $ */ /* $OpenBSD: sshd.c,v 1.605 2024/06/01 07:03:37 djm Exp $ */
/* /*
* Copyright (c) 2000, 2001, 2002 Markus Friedl. All rights reserved. * Copyright (c) 2000, 2001, 2002 Markus Friedl. All rights reserved.
* Copyright (c) 2002 Niels Provos. All rights reserved. * Copyright (c) 2002 Niels Provos. All rights reserved.
@ -900,7 +900,7 @@ main(int ac, char **av)
char *config_file_name = _PATH_SERVER_CONFIG_FILE; char *config_file_name = _PATH_SERVER_CONFIG_FILE;
int r, opt, do_dump_cfg = 0, keytype, already_daemon, have_agent = 0; int r, opt, do_dump_cfg = 0, keytype, already_daemon, have_agent = 0;
int sock_in = -1, sock_out = -1, newsock = -1, rexec_argc = 0; int sock_in = -1, sock_out = -1, newsock = -1, rexec_argc = 0;
int config_s[2] = { -1 , -1 }, have_connection_info = 0; int devnull, config_s[2] = { -1 , -1 }, have_connection_info = 0;
int need_chroot = 1; int need_chroot = 1;
char *fp, *line, *logfile = NULL, **rexec_argv = NULL; char *fp, *line, *logfile = NULL, **rexec_argv = NULL;
struct stat sb; struct stat sb;
@ -1059,7 +1059,16 @@ main(int ac, char **av)
} }
if (!test_flag && !do_dump_cfg && !path_absolute(av[0])) if (!test_flag && !do_dump_cfg && !path_absolute(av[0]))
fatal("sshd requires execution with an absolute path"); fatal("sshd requires execution with an absolute path");
closefrom(REEXEC_DEVCRYPTO_RESERVED_FD);
closefrom(STDERR_FILENO + 1);
/* Reserve fds we'll need later for reexec things */
if ((devnull = open(_PATH_DEVNULL, O_RDWR)) == -1)
fatal("open %s: %s", _PATH_DEVNULL, strerror(errno));
while (devnull < REEXEC_MIN_FREE_FD) {
if ((devnull = dup(devnull)) == -1)
fatal("dup %s: %s", _PATH_DEVNULL, strerror(errno));
}
seed_rng(); seed_rng();
@ -1458,22 +1467,25 @@ main(int ac, char **av)
sock_in, sock_out, newsock, startup_pipe, config_s[0], config_s[1]); sock_in, sock_out, newsock, startup_pipe, config_s[0], config_s[1]);
if (!inetd_flag) { if (!inetd_flag) {
if (dup2(newsock, STDIN_FILENO) == -1) if (dup2(newsock, STDIN_FILENO) == -1)
debug3("dup2 stdin: %s", strerror(errno)); fatal("dup2 stdin: %s", strerror(errno));
if (dup2(STDIN_FILENO, STDOUT_FILENO) == -1) if (dup2(STDIN_FILENO, STDOUT_FILENO) == -1)
debug3("dup2 stdout: %s", strerror(errno)); fatal("dup2 stdout: %s", strerror(errno));
if (newsock > STDOUT_FILENO)
close(newsock);
} }
if (config_s[1] != REEXEC_CONFIG_PASS_FD) { if (config_s[1] != REEXEC_CONFIG_PASS_FD) {
if (dup2(config_s[1], REEXEC_CONFIG_PASS_FD) == -1) if (dup2(config_s[1], REEXEC_CONFIG_PASS_FD) == -1)
debug3("dup2 config_s: %s", strerror(errno)); fatal("dup2 config_s: %s", strerror(errno));
close(config_s[1]); close(config_s[1]);
} }
if (startup_pipe == -1) if (startup_pipe == -1)
close(REEXEC_STARTUP_PIPE_FD); close(REEXEC_STARTUP_PIPE_FD);
else if (startup_pipe != REEXEC_STARTUP_PIPE_FD) { else if (startup_pipe != REEXEC_STARTUP_PIPE_FD) {
if (dup2(startup_pipe, REEXEC_STARTUP_PIPE_FD) == -1) if (dup2(startup_pipe, REEXEC_STARTUP_PIPE_FD) == -1)
debug3("dup2 startup_p: %s", strerror(errno)); fatal("dup2 startup_p: %s", strerror(errno));
close(startup_pipe); close(startup_pipe);
} }
closefrom(REEXEC_MIN_FREE_FD);
ssh_signal(SIGHUP, SIG_IGN); /* avoid reset to SIG_DFL */ ssh_signal(SIGHUP, SIG_IGN); /* avoid reset to SIG_DFL */
execv(rexec_argv[0], rexec_argv); execv(rexec_argv[0], rexec_argv);