- djm@cvs.openbsd.org 2005/09/13 23:40:07

[sshd.c ssh.c misc.h sftp.c ssh-keygen.c ssh-keysign.c sftp-server.c scp.c misc.c ssh-keyscan.c ssh-add.c ssh-agent.c] ensure that stdio fds are attached; ok deraadt@
2005-10-03 18:11:24 +10:00 · 2005-10-03 18:11:24 +10:00 · ce321d8a30
parent d89dbf29ff
commit ce321d8a30
13 changed files with 73 additions and 13 deletions
--- a/6
+++ b/6
@ -6,6 +6,10 @@
   - markus@cvs.openbsd.org 2005/09/09 19:18:05
     [clientloop.c]
     typo; from mark at mcs.vuw.ac.nz, bug #1082
+   - djm@cvs.openbsd.org 2005/09/13 23:40:07
+     [sshd.c ssh.c misc.h sftp.c ssh-keygen.c ssh-keysign.c sftp-server.c
+     scp.c misc.c ssh-keyscan.c ssh-add.c ssh-agent.c]
+     ensure that stdio fds are attached; ok deraadt@

 20050930
 - (dtucker) [openbsd-compat/openbsd-compat.h] Bug #1096: Add prototype
@ -3046,4 +3050,4 @@
   - (djm) Trim deprecated options from INSTALL. Mention UsePAM
   - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu

-$Id: ChangeLog,v 1.3903 2005/10/03 08:05:26 dtucker Exp $
+$Id: ChangeLog,v 1.3904 2005/10/03 08:11:24 dtucker Exp $
--- a/misc.c
+++ b/misc.c
@ -24,7 +24,7 @@
 */

 #include "includes.h"
-RCSID("$OpenBSD: misc.c,v 1.34 2005/07/08 09:26:18 dtucker Exp $");
+RCSID("$OpenBSD: misc.c,v 1.35 2005/09/13 23:40:07 djm Exp $");

 #include "misc.h"
 #include "log.h"
@ -507,6 +507,26 @@ read_keyfile_line(FILE *f, const char *filename, char *buf, size_t bufsz,
 	return -1;
 }

+void
+sanitise_stdfd(void)
+{
+	int nullfd;
+
+	if ((nullfd = open(_PATH_DEVNULL, O_RDWR)) == -1) {
+		fprintf(stderr, "Couldn't open /dev/null: %s", strerror(errno));
+		exit(1);
+	}
+	while (nullfd < 2) {
+		if (dup2(nullfd, nullfd + 1) == -1) {
+			fprintf(stderr, "dup2: %s", strerror(errno));
+			exit(1);
+		}
+		nullfd++;
+	}
+	if (nullfd > 2)
+		close(nullfd);
+}
+
 char *
 tohex(const u_char *d, u_int l)
 {
--- a/misc.h
+++ b/misc.h
@ -1,4 +1,4 @@
-/*	$OpenBSD: misc.h,v 1.25 2005/07/14 04:00:43 dtucker Exp $	*/
+/*	$OpenBSD: misc.h,v 1.26 2005/09/13 23:40:07 djm Exp $	*/

 /*
 * Author: Tatu Ylonen <ylo@cs.hut.fi>
@ -27,6 +27,7 @@ long	 convtime(const char *);
 char	*tilde_expand_filename(const char *, uid_t);
 char	*percent_expand(const char *, ...) __attribute__((__sentinel__));
 char	*tohex(const u_char *, u_int);
+void	 sanitise_stdfd(void);

 struct passwd *pwcopy(struct passwd *);

--- a/scp.c
+++ b/scp.c
@ -71,7 +71,7 @@
 */

 #include "includes.h"
-RCSID("$OpenBSD: scp.c,v 1.125 2005/07/27 10:39:03 dtucker Exp $");
+RCSID("$OpenBSD: scp.c,v 1.126 2005/09/13 23:40:07 djm Exp $");

 #include "xmalloc.h"
 #include "atomicio.h"
@ -222,6 +222,9 @@ main(int argc, char **argv)
 	extern char *optarg;
 	extern int optind;

+	/* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */
+	sanitise_stdfd();
+
 	__progname = ssh_get_progname(argv[0]);

 	args.list = NULL;
--- a/sftp-server.c
+++ b/sftp-server.c
@ -14,13 +14,14 @@
 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 */
 #include "includes.h"
-RCSID("$OpenBSD: sftp-server.c,v 1.48 2005/06/17 02:44:33 djm Exp $");
+RCSID("$OpenBSD: sftp-server.c,v 1.49 2005/09/13 23:40:07 djm Exp $");

 #include "buffer.h"
 #include "bufaux.h"
 #include "getput.h"
 #include "log.h"
 #include "xmalloc.h"
+#include "misc.h"

 #include "sftp.h"
 #include "sftp-common.h"
@ -1036,6 +1037,9 @@ main(int ac, char **av)
 	int in, out, max;
 	ssize_t len, olen, set_size;

+	/* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */
+	sanitise_stdfd();
+
 	/* XXX should use getopt */

 	__progname = ssh_get_progname(av[0]);
--- a/sftp.c
+++ b/sftp.c
@ -16,7 +16,7 @@

 #include "includes.h"

-RCSID("$OpenBSD: sftp.c,v 1.66 2005/08/08 13:22:48 jaredy Exp $");
+RCSID("$OpenBSD: sftp.c,v 1.67 2005/09/13 23:40:07 djm Exp $");

 #ifdef USE_LIBEDIT
 #include <histedit.h>
@ -1447,6 +1447,9 @@ main(int argc, char **argv)
 	extern int optind;
 	extern char *optarg;

+	/* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */
+	sanitise_stdfd();
+
 	__progname = ssh_get_progname(argv[0]);
 	args.list = NULL;
 	addargs(&args, "ssh");		/* overwritten with ssh_program */
--- a/ssh-add.c
+++ b/ssh-add.c
@ -35,7 +35,7 @@
 */

 #include "includes.h"
-RCSID("$OpenBSD: ssh-add.c,v 1.72 2005/07/17 07:17:55 djm Exp $");
+RCSID("$OpenBSD: ssh-add.c,v 1.73 2005/09/13 23:40:07 djm Exp $");

 #include <openssl/evp.h>

@ -312,6 +312,9 @@ main(int argc, char **argv)
 	char *sc_reader_id = NULL;
 	int i, ch, deleting = 0, ret = 0;

+	/* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */
+	sanitise_stdfd();
+
 	__progname = ssh_get_progname(argv[0]);
 	init_rng();
 	seed_rng();
--- a/ssh-agent.c
+++ b/ssh-agent.c
@ -35,7 +35,7 @@

 #include "includes.h"
 #include "openbsd-compat/sys-queue.h"
-RCSID("$OpenBSD: ssh-agent.c,v 1.122 2004/10/29 22:53:56 djm Exp $");
+RCSID("$OpenBSD: ssh-agent.c,v 1.123 2005/09/13 23:40:07 djm Exp $");

 #include <openssl/evp.h>
 #include <openssl/md5.h>
@ -1008,6 +1008,9 @@ main(int ac, char **av)
 	pid_t pid;
 	char pidstrbuf[1 + 3 * sizeof pid];

+	/* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */
+	sanitise_stdfd();
+
 	/* drop */
 	setegid(getgid());
 	setgid(getgid());
--- a/ssh-keygen.c
+++ b/ssh-keygen.c
@ -12,7 +12,7 @@
 */

 #include "includes.h"
-RCSID("$OpenBSD: ssh-keygen.c,v 1.128 2005/07/17 07:17:55 djm Exp $");
+RCSID("$OpenBSD: ssh-keygen.c,v 1.129 2005/09/13 23:40:07 djm Exp $");

 #include <openssl/evp.h>
 #include <openssl/pem.h>
@ -1018,6 +1018,9 @@ main(int ac, char **av)
 	extern int optind;
 	extern char *optarg;

+	/* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */
+	sanitise_stdfd();
+
 	__progname = ssh_get_progname(av[0]);

 	SSLeay_add_all_algorithms();
--- a/ssh-keyscan.c
+++ b/ssh-keyscan.c
@ -7,7 +7,7 @@
 */

 #include "includes.h"
-RCSID("$OpenBSD: ssh-keyscan.c,v 1.55 2005/06/17 02:44:33 djm Exp $");
+RCSID("$OpenBSD: ssh-keyscan.c,v 1.56 2005/09/13 23:40:07 djm Exp $");

 #include "openbsd-compat/sys-queue.h"

@ -712,6 +712,9 @@ main(int argc, char **argv)
 	seed_rng();
 	TAILQ_INIT(&tq);

+	/* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */
+	sanitise_stdfd();
+
 	if (argc <= 1)
 		usage();

--- a/ssh-keysign.c
+++ b/ssh-keysign.c
@ -22,7 +22,7 @@
 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 */
 #include "includes.h"
-RCSID("$OpenBSD: ssh-keysign.c,v 1.18 2004/08/23 14:29:23 dtucker Exp $");
+RCSID("$OpenBSD: ssh-keysign.c,v 1.19 2005/09/13 23:40:07 djm Exp $");

 #include <openssl/evp.h>
 #include <openssl/rand.h>
@ -148,6 +148,13 @@ main(int argc, char **argv)
 	u_int slen, dlen;
 	u_int32_t rnd[256];

+	/* Ensure that stdin and stdout are connected */
+	if ((fd = open(_PATH_DEVNULL, O_RDWR)) < 2)
+		exit(1);
+	/* Leave /dev/null fd iff it is attached to stderr */
+	if (fd > 2)
+		close(fd);
+
 	key_fd[0] = open(_PATH_HOST_RSA_KEY_FILE, O_RDONLY);
 	key_fd[1] = open(_PATH_HOST_DSA_KEY_FILE, O_RDONLY);

--- a/ssh.c
+++ b/ssh.c
@ -40,7 +40,7 @@
 */

 #include "includes.h"
-RCSID("$OpenBSD: ssh.c,v 1.249 2005/07/30 01:26:16 djm Exp $");
+RCSID("$OpenBSD: ssh.c,v 1.250 2005/09/13 23:40:07 djm Exp $");

 #include <openssl/evp.h>
 #include <openssl/err.h>
@ -188,6 +188,9 @@ main(int ac, char **av)
 	struct servent *sp;
 	Forward fwd;

+	/* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */
+	sanitise_stdfd();
+
 	__progname = ssh_get_progname(av[0]);
 	init_rng();

--- a/sshd.c
+++ b/sshd.c
@ -42,7 +42,7 @@
 */

 #include "includes.h"
-RCSID("$OpenBSD: sshd.c,v 1.312 2005/07/25 11:59:40 markus Exp $");
+RCSID("$OpenBSD: sshd.c,v 1.313 2005/09/13 23:40:07 djm Exp $");

 #include <openssl/dh.h>
 #include <openssl/bn.h>
@ -924,6 +924,9 @@ main(int ac, char **av)
 	if (geteuid() == 0 && setgroups(0, NULL) == -1)
 		debug("setgroups(): %.200s", strerror(errno));

+	/* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */
+	sanitise_stdfd();
+
 	/* Initialize configuration options to their default values. */
 	initialize_server_options(&options);