- OpenBSD CVS updates:

   - [packet.c]
     use getpeername() in packet_connection_is_on_socket(), fixes sshd -i;
     from Holger.Trapp@Informatik.TU-Chemnitz.DE
   - [sshd.c]
     log with level log() not fatal() if peer behaves badly.
   - [readpass.c]
     instead of blocking SIGINT, catch it ourselves, so that we can clean
     the tty modes up and kill ourselves -- instead of our process group
     leader (scp, cvs, ...) going away and leaving us in noecho mode.
     people with cbreak shells never even noticed..

diff --git a/ChangeLog b/ChangeLog
index cc05e2a1de6aad3d8a628560e4e200f52adac678..352ac1a72f4bc5ece890155bf69b9121133750f8 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -7,6 +7,17 @@
  - Irix uses preformatted manpages
  - Missing htons() in bsd-bindresvport.c, fix from Holger Trapp
    <Holger.Trapp@Informatik.TU-Chemnitz.DE>
+ - OpenBSD CVS updates:
+   - [packet.c]
+     use getpeername() in packet_connection_is_on_socket(), fixes sshd -i;
+     from Holger.Trapp@Informatik.TU-Chemnitz.DE
+   - [sshd.c]
+     log with level log() not fatal() if peer behaves badly.
+   - [readpass.c]
+     instead of blocking SIGINT, catch it ourselves, so that we can clean 
+     the tty modes up and kill ourselves -- instead of our process group 
+     leader (scp, cvs, ...) going away and leaving us in noecho mode.  
+     people with cbreak shells never even noticed..
 
 20000120
  - Don't use getaddrinfo on AIX

diff --git a/packet.c b/packet.c
index 1b9f59475cbbfc9d09c64d808365e44e9477bec6..a8de0056d1fefba2cfcd8fe25d857018ee7fcf5d 100644 (file)
--- a/packet.c
+++ b/packet.c
@@ -117,11 +117,11 @@ packet_connection_is_on_socket()
                return 1;
        fromlen = sizeof(from);
        memset(&from, 0, sizeof(from));
-       if (getpeername(connection_in, (struct sockaddr *) & from, &fromlen) < 0)
+       if (getpeername(connection_in, (struct sockaddr *)&from, &fromlen) < 0)
                return 0;
        tolen = sizeof(to);
        memset(&to, 0, sizeof(to));
-       if (getsockname(connection_out, (struct sockaddr *)&to, &tolen) < 0)
+       if (getpeername(connection_out, (struct sockaddr *)&to, &tolen) < 0)
                return 0;
        if (fromlen != tolen || memcmp(&from, &to, fromlen) != 0)
                return 0;

diff --git a/readpass.c b/readpass.c
index b8f53734b5a1ea7d4f49d59b6934adc5e32a3488..c8258aaa133d99e8c6dee834ddbaf863f735817d 100644 (file)
--- a/readpass.c
+++ b/readpass.c
@@ -37,6 +37,14 @@ RCSID("$Id$");
 #include "xmalloc.h"
 #include "ssh.h"
 
+volatile int intr;
+
+void
+intcatch()
+{
+       intr = 1;
+}
+
 /*
  * Reads a passphrase from /dev/tty with echo turned off.  Returns the
  * passphrase (allocated with xmalloc), being very careful to ensure that
@@ -48,6 +56,7 @@ read_passphrase(const char *prompt, int from_stdin)
        char buf[1024], *p, ch;
        struct termios tio, saved_tio;
        sigset_t oset, nset;
+       struct sigaction sa, osa;
        int input, output, echo = 0;
   
        if (from_stdin) {
@@ -61,13 +70,17 @@ read_passphrase(const char *prompt, int from_stdin)
 
        /* block signals, get terminal modes and turn off echo */
        sigemptyset(&nset);
-       sigaddset(&nset, SIGINT);
        sigaddset(&nset, SIGTSTP);
        (void) sigprocmask(SIG_BLOCK, &nset, &oset);
+       memset(&sa, 0, sizeof(sa));
+       sa.sa_handler = intcatch;
+       (void) sigaction(SIGINT, &sa, &osa);
 
-       if (tcgetattr(input, &tio) == 0 && (tio.c_lflag & ECHO)) {
+       intr = 0;
+
+       if (tcgetattr(input, &saved_tio) == 0 && (saved_tio.c_lflag & ECHO)) {
                echo = 1;
-               saved_tio = tio;
+               tio = saved_tio;
                tio.c_lflag &= ~(ECHO | ECHOE | ECHOK | ECHONL);
                (void) tcsetattr(input, TCSANOW, &tio);
        }
@@ -75,16 +88,28 @@ read_passphrase(const char *prompt, int from_stdin)
        fflush(stdout);
 
        (void)write(output, prompt, strlen(prompt));
-       for (p = buf; read(input, &ch, 1) == 1 && ch != '\n';)
+       for (p = buf; read(input, &ch, 1) == 1 && ch != '\n';) {
+               if (intr)
+                       break;
                if (p < buf + sizeof(buf) - 1)
                        *p++ = ch;
+       }
        *p = '\0';
-       (void)write(output, "\n", 1);
+       if (!intr)
+               (void)write(output, "\n", 1);
 
        /* restore terminal modes and allow signals */
        if (echo)
                tcsetattr(input, TCSANOW, &saved_tio);
        (void) sigprocmask(SIG_SETMASK, &oset, NULL);
+       (void) sigaction(SIGINT, &osa, NULL);
+
+       if (intr) {
+               kill(getpid(), SIGINT);
+               sigemptyset(&nset);
+               /* XXX tty has not neccessarily drained by now? */
+               sigsuspend(&nset);
+       }
 
        if (!from_stdin)
                (void)close(input);

diff --git a/sshd.c b/sshd.c
index 03a9ce120891e555f3c602fdb3b72d61e371f667..7f761bb141e4baff04297697c78145a60a0b284d 100644 (file)
--- a/sshd.c
+++ b/sshd.c
@@ -11,7 +11,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: sshd.c,v 1.79 2000/01/18 13:45:05 markus Exp $");
+RCSID("$OpenBSD: sshd.c,v 1.80 2000/01/20 15:19:22 markus Exp $");
 
 #include "xmalloc.h"
 #include "rsa.h"
@@ -784,13 +784,17 @@ main(int ac, char **av)
                /* Send our protocol version identification. */
                snprintf(buf, sizeof buf, "SSH-%d.%d-%.100s\n",
                         PROTOCOL_MAJOR, PROTOCOL_MINOR, SSH_VERSION);
-               if (atomicio(write, sock_out, buf, strlen(buf)) != strlen(buf))
-                       fatal("Could not write ident string to %s.", remote_ip);
+               if (atomicio(write, sock_out, buf, strlen(buf)) != strlen(buf)) {
+                       log("Could not write ident string to %s.", remote_ip);
+                       fatal_cleanup();
+               }
 
                /* Read other side\'s version identification. */
                for (i = 0; i < sizeof(buf) - 1; i++) {
-                       if (read(sock_in, &buf[i], 1) != 1)
-                               fatal("Did not receive ident string from %s.", remote_ip);
+                       if (read(sock_in, &buf[i], 1) != 1) {
+                               log("Did not receive ident string from %s.", remote_ip);
+                               fatal_cleanup();
+                       }
                        if (buf[i] == '\r') {
                                buf[i] = '\n';
                                buf[i + 1] = 0;
@@ -816,8 +820,9 @@ main(int ac, char **av)
                (void) atomicio(write, sock_out, s, strlen(s));
                close(sock_in);
                close(sock_out);
-               fatal("Bad protocol version identification '%.100s' from %s",
-                     buf, remote_ip);
+               log("Bad protocol version identification '%.100s' from %s",
+                   buf, remote_ip);
+               fatal_cleanup();
        }
        debug("Client protocol version %d.%d; client software version %.100s",
              remote_major, remote_minor, remote_version);
@@ -827,8 +832,9 @@ main(int ac, char **av)
                (void) atomicio(write, sock_out, s, strlen(s));
                close(sock_in);
                close(sock_out);
-               fatal("Protocol major versions differ for %s: %d vs. %d",
-                     remote_ip, PROTOCOL_MAJOR, remote_major);
+               log("Protocol major versions differ for %s: %d vs. %d",
+                   remote_ip, PROTOCOL_MAJOR, remote_major);
+               fatal_cleanup();
        }
        /* Check that the client has sufficiently high software version. */
        if (remote_major == 1 && remote_minor < 3)