[sshd.c ssh.c misc.h sftp.c ssh-keygen.c ssh-keysign.c sftp-server.c
scp.c misc.c ssh-keyscan.c ssh-add.c ssh-agent.c]
ensure that stdio fds are attached; ok deraadt@
13 files changed:
- markus@cvs.openbsd.org 2005/09/09 19:18:05
[clientloop.c]
typo; from mark at mcs.vuw.ac.nz, bug #1082
- markus@cvs.openbsd.org 2005/09/09 19:18:05
[clientloop.c]
typo; from mark at mcs.vuw.ac.nz, bug #1082
+ - djm@cvs.openbsd.org 2005/09/13 23:40:07
+ [sshd.c ssh.c misc.h sftp.c ssh-keygen.c ssh-keysign.c sftp-server.c
+ scp.c misc.c ssh-keyscan.c ssh-add.c ssh-agent.c]
+ ensure that stdio fds are attached; ok deraadt@
20050930
- (dtucker) [openbsd-compat/openbsd-compat.h] Bug #1096: Add prototype
20050930
- (dtucker) [openbsd-compat/openbsd-compat.h] Bug #1096: Add prototype
-RCSID("$OpenBSD: misc.c,v 1.34 2005/07/08 09:26:18 dtucker Exp $");
+RCSID("$OpenBSD: misc.c,v 1.35 2005/09/13 23:40:07 djm Exp $");
#include "misc.h"
#include "log.h"
#include "misc.h"
#include "log.h"
+void
+sanitise_stdfd(void)
+{
+ int nullfd;
+
+ if ((nullfd = open(_PATH_DEVNULL, O_RDWR)) == -1) {
+ fprintf(stderr, "Couldn't open /dev/null: %s", strerror(errno));
+ exit(1);
+ }
+ while (nullfd < 2) {
+ if (dup2(nullfd, nullfd + 1) == -1) {
+ fprintf(stderr, "dup2: %s", strerror(errno));
+ exit(1);
+ }
+ nullfd++;
+ }
+ if (nullfd > 2)
+ close(nullfd);
+}
+
char *
tohex(const u_char *d, u_int l)
{
char *
tohex(const u_char *d, u_int l)
{
-/* $OpenBSD: misc.h,v 1.25 2005/07/14 04:00:43 dtucker Exp $ */
+/* $OpenBSD: misc.h,v 1.26 2005/09/13 23:40:07 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
char *tilde_expand_filename(const char *, uid_t);
char *percent_expand(const char *, ...) __attribute__((__sentinel__));
char *tohex(const u_char *, u_int);
char *tilde_expand_filename(const char *, uid_t);
char *percent_expand(const char *, ...) __attribute__((__sentinel__));
char *tohex(const u_char *, u_int);
+void sanitise_stdfd(void);
struct passwd *pwcopy(struct passwd *);
struct passwd *pwcopy(struct passwd *);
-RCSID("$OpenBSD: scp.c,v 1.125 2005/07/27 10:39:03 dtucker Exp $");
+RCSID("$OpenBSD: scp.c,v 1.126 2005/09/13 23:40:07 djm Exp $");
#include "xmalloc.h"
#include "atomicio.h"
#include "xmalloc.h"
#include "atomicio.h"
extern char *optarg;
extern int optind;
extern char *optarg;
extern int optind;
+ /* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */
+ sanitise_stdfd();
+
__progname = ssh_get_progname(argv[0]);
args.list = NULL;
__progname = ssh_get_progname(argv[0]);
args.list = NULL;
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
#include "includes.h"
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
#include "includes.h"
-RCSID("$OpenBSD: sftp-server.c,v 1.48 2005/06/17 02:44:33 djm Exp $");
+RCSID("$OpenBSD: sftp-server.c,v 1.49 2005/09/13 23:40:07 djm Exp $");
#include "buffer.h"
#include "bufaux.h"
#include "getput.h"
#include "log.h"
#include "xmalloc.h"
#include "buffer.h"
#include "bufaux.h"
#include "getput.h"
#include "log.h"
#include "xmalloc.h"
#include "sftp.h"
#include "sftp-common.h"
#include "sftp.h"
#include "sftp-common.h"
int in, out, max;
ssize_t len, olen, set_size;
int in, out, max;
ssize_t len, olen, set_size;
+ /* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */
+ sanitise_stdfd();
+
/* XXX should use getopt */
__progname = ssh_get_progname(av[0]);
/* XXX should use getopt */
__progname = ssh_get_progname(av[0]);
-RCSID("$OpenBSD: sftp.c,v 1.66 2005/08/08 13:22:48 jaredy Exp $");
+RCSID("$OpenBSD: sftp.c,v 1.67 2005/09/13 23:40:07 djm Exp $");
#ifdef USE_LIBEDIT
#include <histedit.h>
#ifdef USE_LIBEDIT
#include <histedit.h>
extern int optind;
extern char *optarg;
extern int optind;
extern char *optarg;
+ /* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */
+ sanitise_stdfd();
+
__progname = ssh_get_progname(argv[0]);
args.list = NULL;
addargs(&args, "ssh"); /* overwritten with ssh_program */
__progname = ssh_get_progname(argv[0]);
args.list = NULL;
addargs(&args, "ssh"); /* overwritten with ssh_program */
-RCSID("$OpenBSD: ssh-add.c,v 1.72 2005/07/17 07:17:55 djm Exp $");
+RCSID("$OpenBSD: ssh-add.c,v 1.73 2005/09/13 23:40:07 djm Exp $");
char *sc_reader_id = NULL;
int i, ch, deleting = 0, ret = 0;
char *sc_reader_id = NULL;
int i, ch, deleting = 0, ret = 0;
+ /* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */
+ sanitise_stdfd();
+
__progname = ssh_get_progname(argv[0]);
init_rng();
seed_rng();
__progname = ssh_get_progname(argv[0]);
init_rng();
seed_rng();
#include "includes.h"
#include "openbsd-compat/sys-queue.h"
#include "includes.h"
#include "openbsd-compat/sys-queue.h"
-RCSID("$OpenBSD: ssh-agent.c,v 1.122 2004/10/29 22:53:56 djm Exp $");
+RCSID("$OpenBSD: ssh-agent.c,v 1.123 2005/09/13 23:40:07 djm Exp $");
#include <openssl/evp.h>
#include <openssl/md5.h>
#include <openssl/evp.h>
#include <openssl/md5.h>
pid_t pid;
char pidstrbuf[1 + 3 * sizeof pid];
pid_t pid;
char pidstrbuf[1 + 3 * sizeof pid];
+ /* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */
+ sanitise_stdfd();
+
/* drop */
setegid(getgid());
setgid(getgid());
/* drop */
setegid(getgid());
setgid(getgid());
-RCSID("$OpenBSD: ssh-keygen.c,v 1.128 2005/07/17 07:17:55 djm Exp $");
+RCSID("$OpenBSD: ssh-keygen.c,v 1.129 2005/09/13 23:40:07 djm Exp $");
#include <openssl/evp.h>
#include <openssl/pem.h>
#include <openssl/evp.h>
#include <openssl/pem.h>
extern int optind;
extern char *optarg;
extern int optind;
extern char *optarg;
+ /* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */
+ sanitise_stdfd();
+
__progname = ssh_get_progname(av[0]);
SSLeay_add_all_algorithms();
__progname = ssh_get_progname(av[0]);
SSLeay_add_all_algorithms();
-RCSID("$OpenBSD: ssh-keyscan.c,v 1.55 2005/06/17 02:44:33 djm Exp $");
+RCSID("$OpenBSD: ssh-keyscan.c,v 1.56 2005/09/13 23:40:07 djm Exp $");
#include "openbsd-compat/sys-queue.h"
#include "openbsd-compat/sys-queue.h"
seed_rng();
TAILQ_INIT(&tq);
seed_rng();
TAILQ_INIT(&tq);
+ /* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */
+ sanitise_stdfd();
+
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
#include "includes.h"
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
#include "includes.h"
-RCSID("$OpenBSD: ssh-keysign.c,v 1.18 2004/08/23 14:29:23 dtucker Exp $");
+RCSID("$OpenBSD: ssh-keysign.c,v 1.19 2005/09/13 23:40:07 djm Exp $");
#include <openssl/evp.h>
#include <openssl/rand.h>
#include <openssl/evp.h>
#include <openssl/rand.h>
u_int slen, dlen;
u_int32_t rnd[256];
u_int slen, dlen;
u_int32_t rnd[256];
+ /* Ensure that stdin and stdout are connected */
+ if ((fd = open(_PATH_DEVNULL, O_RDWR)) < 2)
+ exit(1);
+ /* Leave /dev/null fd iff it is attached to stderr */
+ if (fd > 2)
+ close(fd);
+
key_fd[0] = open(_PATH_HOST_RSA_KEY_FILE, O_RDONLY);
key_fd[1] = open(_PATH_HOST_DSA_KEY_FILE, O_RDONLY);
key_fd[0] = open(_PATH_HOST_RSA_KEY_FILE, O_RDONLY);
key_fd[1] = open(_PATH_HOST_DSA_KEY_FILE, O_RDONLY);
-RCSID("$OpenBSD: ssh.c,v 1.249 2005/07/30 01:26:16 djm Exp $");
+RCSID("$OpenBSD: ssh.c,v 1.250 2005/09/13 23:40:07 djm Exp $");
#include <openssl/evp.h>
#include <openssl/err.h>
#include <openssl/evp.h>
#include <openssl/err.h>
struct servent *sp;
Forward fwd;
struct servent *sp;
Forward fwd;
+ /* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */
+ sanitise_stdfd();
+
__progname = ssh_get_progname(av[0]);
init_rng();
__progname = ssh_get_progname(av[0]);
init_rng();
-RCSID("$OpenBSD: sshd.c,v 1.312 2005/07/25 11:59:40 markus Exp $");
+RCSID("$OpenBSD: sshd.c,v 1.313 2005/09/13 23:40:07 djm Exp $");
#include <openssl/dh.h>
#include <openssl/bn.h>
#include <openssl/dh.h>
#include <openssl/bn.h>
if (geteuid() == 0 && setgroups(0, NULL) == -1)
debug("setgroups(): %.200s", strerror(errno));
if (geteuid() == 0 && setgroups(0, NULL) == -1)
debug("setgroups(): %.200s", strerror(errno));
+ /* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */
+ sanitise_stdfd();
+
/* Initialize configuration options to their default values. */
initialize_server_options(&options);
/* Initialize configuration options to their default values. */
initialize_server_options(&options);