- djm@cvs.openbsd.org 2005/09/13 23:40:07

     [sshd.c ssh.c misc.h sftp.c ssh-keygen.c ssh-keysign.c sftp-server.c
     scp.c misc.c ssh-keyscan.c ssh-add.c ssh-agent.c]
     ensure that stdio fds are attached; ok deraadt@

diff --git a/ChangeLog b/ChangeLog
index db5a67c2a3a58159e7379ceda124e32bafb0769f..bab6e22fc19e30860600cbe69a4cb6c65614d97b 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -6,6 +6,10 @@
    - markus@cvs.openbsd.org 2005/09/09 19:18:05
      [clientloop.c]
      typo; from mark at mcs.vuw.ac.nz, bug #1082
+   - djm@cvs.openbsd.org 2005/09/13 23:40:07
+     [sshd.c ssh.c misc.h sftp.c ssh-keygen.c ssh-keysign.c sftp-server.c
+     scp.c misc.c ssh-keyscan.c ssh-add.c ssh-agent.c]
+     ensure that stdio fds are attached; ok deraadt@
 
 20050930
  - (dtucker) [openbsd-compat/openbsd-compat.h] Bug #1096: Add prototype

diff --git a/misc.c b/misc.c
index 2dd8ae6e36ff0df528f9e5544a539ef86cac00ee..27b947f0c79f54ba0cb6aedc68e231e77cb116dc 100644 (file)
--- a/misc.c
+++ b/misc.c
@@ -24,7 +24,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: misc.c,v 1.34 2005/07/08 09:26:18 dtucker Exp $");
+RCSID("$OpenBSD: misc.c,v 1.35 2005/09/13 23:40:07 djm Exp $");
 
 #include "misc.h"
 #include "log.h"
@@ -507,6 +507,26 @@ read_keyfile_line(FILE *f, const char *filename, char *buf, size_t bufsz,
        return -1;
 }
 
+void
+sanitise_stdfd(void)
+{
+       int nullfd;
+
+       if ((nullfd = open(_PATH_DEVNULL, O_RDWR)) == -1) {
+               fprintf(stderr, "Couldn't open /dev/null: %s", strerror(errno));
+               exit(1);
+       }
+       while (nullfd < 2) {
+               if (dup2(nullfd, nullfd + 1) == -1) {
+                       fprintf(stderr, "dup2: %s", strerror(errno));
+                       exit(1);
+               }
+               nullfd++;
+       }
+       if (nullfd > 2)
+               close(nullfd);
+}
+
 char *
 tohex(const u_char *d, u_int l)
 {

diff --git a/misc.h b/misc.h
index 2d630feb5f87f0fc805cec34f29da41f210c039c..51541336cf396ad9e830f19a36102ed3bdc6aad3 100644 (file)
--- a/misc.h
+++ b/misc.h
@@ -1,4 +1,4 @@
-/*     $OpenBSD: misc.h,v 1.25 2005/07/14 04:00:43 dtucker Exp $       */
+/*     $OpenBSD: misc.h,v 1.26 2005/09/13 23:40:07 djm Exp $   */
 
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -27,6 +27,7 @@ long   convtime(const char *);
 char   *tilde_expand_filename(const char *, uid_t);
 char   *percent_expand(const char *, ...) __attribute__((__sentinel__));
 char   *tohex(const u_char *, u_int);
+void    sanitise_stdfd(void);
 
 struct passwd *pwcopy(struct passwd *);
 

diff --git a/scp.c b/scp.c
index 1407aa71d8c194c888e47e930b4b492d45cf5e6b..58c00442f53c9f1139197d32bdb865391313b34c 100644 (file)
--- a/scp.c
+++ b/scp.c
@@ -71,7 +71,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: scp.c,v 1.125 2005/07/27 10:39:03 dtucker Exp $");
+RCSID("$OpenBSD: scp.c,v 1.126 2005/09/13 23:40:07 djm Exp $");
 
 #include "xmalloc.h"
 #include "atomicio.h"
@@ -222,6 +222,9 @@ main(int argc, char **argv)
        extern char *optarg;
        extern int optind;
 
+       /* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */
+       sanitise_stdfd();
+
        __progname = ssh_get_progname(argv[0]);
 
        args.list = NULL;

diff --git a/sftp-server.c b/sftp-server.c
index 6870e7732039ec94661aea29fd3f703da0a31f9c..e7d000cffe93bd8613ba4f088e931cf0f762eae1 100644 (file)
--- a/sftp-server.c
+++ b/sftp-server.c
@@ -14,13 +14,14 @@
  * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  */
 #include "includes.h"
-RCSID("$OpenBSD: sftp-server.c,v 1.48 2005/06/17 02:44:33 djm Exp $");
+RCSID("$OpenBSD: sftp-server.c,v 1.49 2005/09/13 23:40:07 djm Exp $");
 
 #include "buffer.h"
 #include "bufaux.h"
 #include "getput.h"
 #include "log.h"
 #include "xmalloc.h"
+#include "misc.h"
 
 #include "sftp.h"
 #include "sftp-common.h"
@@ -1036,6 +1037,9 @@ main(int ac, char **av)
        int in, out, max;
        ssize_t len, olen, set_size;
 
+       /* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */
+       sanitise_stdfd();
+
        /* XXX should use getopt */
 
        __progname = ssh_get_progname(av[0]);

diff --git a/sftp.c b/sftp.c
index f98ed7d27505c0cf24f4b8f7cb2c292b49f9087c..f29927c0f65546e1b0c879ba761a413f53a408ef 100644 (file)
--- a/sftp.c
+++ b/sftp.c
@@ -16,7 +16,7 @@
 
 #include "includes.h"
 
-RCSID("$OpenBSD: sftp.c,v 1.66 2005/08/08 13:22:48 jaredy Exp $");
+RCSID("$OpenBSD: sftp.c,v 1.67 2005/09/13 23:40:07 djm Exp $");
 
 #ifdef USE_LIBEDIT
 #include <histedit.h>
@@ -1447,6 +1447,9 @@ main(int argc, char **argv)
        extern int optind;
        extern char *optarg;
 
+       /* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */
+       sanitise_stdfd();
+
        __progname = ssh_get_progname(argv[0]);
        args.list = NULL;
        addargs(&args, "ssh");          /* overwritten with ssh_program */

diff --git a/ssh-add.c b/ssh-add.c
index a3428769c9bdf0f17f2cc660b6451faef7747a25..749a76829b7dc1e868af7540e06738441aabf8b2 100644 (file)
--- a/ssh-add.c
+++ b/ssh-add.c
@@ -35,7 +35,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: ssh-add.c,v 1.72 2005/07/17 07:17:55 djm Exp $");
+RCSID("$OpenBSD: ssh-add.c,v 1.73 2005/09/13 23:40:07 djm Exp $");
 
 #include <openssl/evp.h>
 
@@ -312,6 +312,9 @@ main(int argc, char **argv)
        char *sc_reader_id = NULL;
        int i, ch, deleting = 0, ret = 0;
 
+       /* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */
+       sanitise_stdfd();
+
        __progname = ssh_get_progname(argv[0]);
        init_rng();
        seed_rng();

diff --git a/ssh-agent.c b/ssh-agent.c
index dd7e22ad5ade39924351bd19f030e658f842309b..6f0ba130d8cc131b407beb2dd7cfaa6fdfc7f68a 100644 (file)
--- a/ssh-agent.c
+++ b/ssh-agent.c
@@ -35,7 +35,7 @@
 
 #include "includes.h"
 #include "openbsd-compat/sys-queue.h"
-RCSID("$OpenBSD: ssh-agent.c,v 1.122 2004/10/29 22:53:56 djm Exp $");
+RCSID("$OpenBSD: ssh-agent.c,v 1.123 2005/09/13 23:40:07 djm Exp $");
 
 #include <openssl/evp.h>
 #include <openssl/md5.h>
@@ -1008,6 +1008,9 @@ main(int ac, char **av)
        pid_t pid;
        char pidstrbuf[1 + 3 * sizeof pid];
 
+       /* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */
+       sanitise_stdfd();
+
        /* drop */
        setegid(getgid());
        setgid(getgid());

diff --git a/ssh-keygen.c b/ssh-keygen.c
index b17851946c5abcfa03c9763669954c1fc116e3c9..92803da45bf37b9d87427b7693dcdda2fe80ca57 100644 (file)
--- a/ssh-keygen.c
+++ b/ssh-keygen.c
@@ -12,7 +12,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: ssh-keygen.c,v 1.128 2005/07/17 07:17:55 djm Exp $");
+RCSID("$OpenBSD: ssh-keygen.c,v 1.129 2005/09/13 23:40:07 djm Exp $");
 
 #include <openssl/evp.h>
 #include <openssl/pem.h>
@@ -1018,6 +1018,9 @@ main(int ac, char **av)
        extern int optind;
        extern char *optarg;
 
+       /* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */
+       sanitise_stdfd();
+
        __progname = ssh_get_progname(av[0]);
 
        SSLeay_add_all_algorithms();

diff --git a/ssh-keyscan.c b/ssh-keyscan.c
index 46f063687b16fad1e3feb97f8df95c3b5a1f548a..8ac97bd356995d0f80e32780de131672ea73e5da 100644 (file)
--- a/ssh-keyscan.c
+++ b/ssh-keyscan.c
@@ -7,7 +7,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: ssh-keyscan.c,v 1.55 2005/06/17 02:44:33 djm Exp $");
+RCSID("$OpenBSD: ssh-keyscan.c,v 1.56 2005/09/13 23:40:07 djm Exp $");
 
 #include "openbsd-compat/sys-queue.h"
 
@@ -712,6 +712,9 @@ main(int argc, char **argv)
        seed_rng();
        TAILQ_INIT(&tq);
 
+       /* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */
+       sanitise_stdfd();
+
        if (argc <= 1)
                usage();
 

diff --git a/ssh-keysign.c b/ssh-keysign.c
index 04597a91d4d45eb2f4ed6ca8b897bd920d2aae6d..dae3a2e8c91b811c267b61dfd1deaa8efe62618c 100644 (file)
--- a/ssh-keysign.c
+++ b/ssh-keysign.c
@@ -22,7 +22,7 @@
  * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  */
 #include "includes.h"
-RCSID("$OpenBSD: ssh-keysign.c,v 1.18 2004/08/23 14:29:23 dtucker Exp $");
+RCSID("$OpenBSD: ssh-keysign.c,v 1.19 2005/09/13 23:40:07 djm Exp $");
 
 #include <openssl/evp.h>
 #include <openssl/rand.h>
@@ -148,6 +148,13 @@ main(int argc, char **argv)
        u_int slen, dlen;
        u_int32_t rnd[256];
 
+       /* Ensure that stdin and stdout are connected */
+       if ((fd = open(_PATH_DEVNULL, O_RDWR)) < 2)
+               exit(1);
+       /* Leave /dev/null fd iff it is attached to stderr */
+       if (fd > 2)
+               close(fd);
+
        key_fd[0] = open(_PATH_HOST_RSA_KEY_FILE, O_RDONLY);
        key_fd[1] = open(_PATH_HOST_DSA_KEY_FILE, O_RDONLY);
 

diff --git a/ssh.c b/ssh.c
index c9e5aac7a9af4e7c4e4e412c7f384ca270cbce20..31d09b1be0662269504bbb062fdbf7c17f215b74 100644 (file)
--- a/ssh.c
+++ b/ssh.c
@@ -40,7 +40,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: ssh.c,v 1.249 2005/07/30 01:26:16 djm Exp $");
+RCSID("$OpenBSD: ssh.c,v 1.250 2005/09/13 23:40:07 djm Exp $");
 
 #include <openssl/evp.h>
 #include <openssl/err.h>
@@ -188,6 +188,9 @@ main(int ac, char **av)
        struct servent *sp;
        Forward fwd;
 
+       /* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */
+       sanitise_stdfd();
+
        __progname = ssh_get_progname(av[0]);
        init_rng();
 

diff --git a/sshd.c b/sshd.c
index e9125a2294f73327e7017b6a72c37523e7914f74..ceb85dd54441e060fb2f6751108e80b8ffdfd8a3 100644 (file)
--- a/sshd.c
+++ b/sshd.c
@@ -42,7 +42,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: sshd.c,v 1.312 2005/07/25 11:59:40 markus Exp $");
+RCSID("$OpenBSD: sshd.c,v 1.313 2005/09/13 23:40:07 djm Exp $");
 
 #include <openssl/dh.h>
 #include <openssl/bn.h>
@@ -924,6 +924,9 @@ main(int ac, char **av)
        if (geteuid() == 0 && setgroups(0, NULL) == -1)
                debug("setgroups(): %.200s", strerror(errno));
 
+       /* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */
+       sanitise_stdfd();
+
        /* Initialize configuration options to their default values. */
        initialize_server_options(&options);