tyler.durden/openssh-portable
1
0
Fork 0
mirror of https://github.com/PowerShell/openssh-portable.git synced 2025-07-28 16:24:39 +02:00
Code Issues Packages Projects Releases Wiki Activity

- djm@cvs.openbsd.org 2011/09/09 22:38:21

Browse Source 
[sshd.c]
     kill the preauth privsep child on fatal errors in the monitor;
     ok markus@
This commit is contained in:
Damien Miller 2011-09-22 21:38:30 +10:00
parent 0603d98b4e
commit 9ee2c606c1
2 changed files with 21 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
ChangeLog
View File

@ -47,6 +47,10 @@
suppress adding '--' to remote commandlines when the first argument suppress adding '--' to remote commandlines when the first argument
does not start with '-'. saves breakage on some difficult-to-upgrade does not start with '-'. saves breakage on some difficult-to-upgrade
embedded/router platforms; feedback & ok dtucker ok markus embedded/router platforms; feedback & ok dtucker ok markus
- djm@cvs.openbsd.org 2011/09/09 22:38:21
[sshd.c]
kill the preauth privsep child on fatal errors in the monitor;
ok markus@
20110909 20110909
- (dtucker) [entropy.h] Bug #1932: remove old definition of init_rng. From - (dtucker) [entropy.h] Bug #1932: remove old definition of init_rng. From

22
sshd.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: sshd.c,v 1.385 2011/06/23 09:34:13 djm Exp $ */ /* $OpenBSD: sshd.c,v 1.386 2011/09/09 22:38:21 djm Exp $ */
/* /*
* Author: Tatu Ylonen <ylo@cs.hut.fi> * Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@ -239,6 +239,7 @@ int startup_pipe; /* in child */
/* variables used for privilege separation */ /* variables used for privilege separation */
int use_privsep = -1; int use_privsep = -1;
struct monitor *pmonitor = NULL; struct monitor *pmonitor = NULL;
int privsep_is_preauth = 1;
/* global authentication context */ /* global authentication context */
Authctxt *the_authctxt = NULL; Authctxt *the_authctxt = NULL;
@ -650,10 +651,13 @@ privsep_preauth(Authctxt *authctxt)
/* Wait for the child's exit status */ /* Wait for the child's exit status */
while (waitpid(pid, &status, 0) < 0) { while (waitpid(pid, &status, 0) < 0) {
if (errno != EINTR) if (errno == EINTR)
fatal("%s: waitpid: %s", __func__, continue;
strerror(errno)); pmonitor->m_pid = -1;
fatal("%s: waitpid: %s", __func__, strerror(errno));
} }
privsep_is_preauth = 0;
pmonitor->m_pid = -1;
if (WIFEXITED(status)) { if (WIFEXITED(status)) {
if (WEXITSTATUS(status) != 0) if (WEXITSTATUS(status) != 0)
fatal("%s: preauth child exited with status %d", fatal("%s: preauth child exited with status %d",
@ -2360,8 +2364,16 @@ do_ssh2_kex(void)
void void
cleanup_exit(int i) cleanup_exit(int i)
{ {
if (the_authctxt) if (the_authctxt) {
do_cleanup(the_authctxt); do_cleanup(the_authctxt);
if (privsep_is_preauth && pmonitor->m_pid > 1) {
debug("Killing privsep child %d", pmonitor->m_pid);
if (kill(pmonitor->m_pid, SIGKILL) != 0 &&
errno == ESRCH)
error("%s: kill(%d): %s", __func__,
pmonitor->m_pid, strerror(errno));
}
}
#ifdef SSH_AUDIT_EVENTS #ifdef SSH_AUDIT_EVENTS
/* done after do_cleanup so it can cancel the PAM auth 'thread' */ /* done after do_cleanup so it can cancel the PAM auth 'thread' */
if (!use_privsep || mm_is_monitor()) if (!use_privsep || mm_is_monitor())