upstream: Instead of using possibly complex ssh_signal(), write all
the parts of the grace_alarm_handler() using the exact things allowed by the signal-safe rules. This is a good rule of thumb: Handlers should be written to either set a global volatile sig_atomic_t inspected from outside, and/or directly perform only safe operations listed in our sigaction(2) manual page. ok djm markus OpenBSD-Commit-ID: 14168ae8368aab76e4ed79e17a667cb46f404ecd
This commit is contained in:
parent
b8793e2b08
commit
d6bcd13297
|
@ -1,4 +1,4 @@
|
||||||
/* $OpenBSD: sshd-session.c,v 1.3 2024/06/06 17:15:25 djm Exp $ */
|
/* $OpenBSD: sshd-session.c,v 1.4 2024/06/26 23:16:52 deraadt Exp $ */
|
||||||
/*
|
/*
|
||||||
* SSH2 implementation:
|
* SSH2 implementation:
|
||||||
* Privilege Separation:
|
* Privilege Separation:
|
||||||
|
@ -197,6 +197,8 @@ static void do_ssh2_kex(struct ssh *);
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Signal handler for the alarm after the login grace period has expired.
|
* Signal handler for the alarm after the login grace period has expired.
|
||||||
|
* As usual, this may only take signal-safe actions, even though it is
|
||||||
|
* terminal.
|
||||||
*/
|
*/
|
||||||
static void
|
static void
|
||||||
grace_alarm_handler(int sig)
|
grace_alarm_handler(int sig)
|
||||||
|
@ -206,7 +208,14 @@ grace_alarm_handler(int sig)
|
||||||
* keys command helpers or privsep children.
|
* keys command helpers or privsep children.
|
||||||
*/
|
*/
|
||||||
if (getpgid(0) == getpid()) {
|
if (getpgid(0) == getpid()) {
|
||||||
ssh_signal(SIGTERM, SIG_IGN);
|
struct sigaction sa;
|
||||||
|
|
||||||
|
/* mask all other signals while in handler */
|
||||||
|
memset(&sa, 0, sizeof(sa));
|
||||||
|
sa.sa_handler = SIG_IGN;
|
||||||
|
sigfillset(&sa.sa_mask);
|
||||||
|
sa.sa_flags = SA_RESTART;
|
||||||
|
(void)sigaction(SIGTERM, &sa, NULL);
|
||||||
kill(0, SIGTERM);
|
kill(0, SIGTERM);
|
||||||
}
|
}
|
||||||
_exit(EXIT_LOGIN_GRACE);
|
_exit(EXIT_LOGIN_GRACE);
|
||||||
|
|
Loading…
Reference in New Issue