summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDamien Miller <djm@cvs.openbsd.org>2010-06-25 07:20:05 +0000
committerDamien Miller <djm@cvs.openbsd.org>2010-06-25 07:20:05 +0000
commit3bc361ce722cd2e583d357787c855db75cb54b18 (patch)
tree834ba40ec08636841e56e6228c535919d98231da
parent32fe2a9a9f594557e9fa87668fd44d4c6c3aa89e (diff)
bz#1750: fix requirement for /dev/null inside ChrootDirectory for
internal-sftp accidentally introduced in r1.253 by removing the code that opens and dup /dev/null to stderr and modifying the channels code to read stderr but discard it instead; ok markus@
-rw-r--r--usr.bin/ssh/channels.c17
-rw-r--r--usr.bin/ssh/session.c81
2 files changed, 40 insertions, 58 deletions
diff --git a/usr.bin/ssh/channels.c b/usr.bin/ssh/channels.c
index 08138ca5f56..3c2e8479fca 100644
--- a/usr.bin/ssh/channels.c
+++ b/usr.bin/ssh/channels.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: channels.c,v 1.305 2010/06/25 07:14:45 djm Exp $ */
+/* $OpenBSD: channels.c,v 1.306 2010/06/25 07:20:04 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -834,8 +834,9 @@ channel_pre_open(Channel *c, fd_set *readset, fd_set *writeset)
if (c->extended_usage == CHAN_EXTENDED_WRITE &&
buffer_len(&c->extended) > 0)
FD_SET(c->efd, writeset);
- else if (!(c->flags & CHAN_EOF_SENT) &&
- c->extended_usage == CHAN_EXTENDED_READ &&
+ else if (c->efd != -1 && !(c->flags & CHAN_EOF_SENT) &&
+ (c->extended_usage == CHAN_EXTENDED_READ ||
+ c->extended_usage == CHAN_EXTENDED_IGNORE) &&
buffer_len(&c->extended) < c->remote_window)
FD_SET(c->efd, readset);
}
@@ -1734,7 +1735,9 @@ channel_handle_efd(Channel *c, fd_set *readset, fd_set *writeset)
buffer_consume(&c->extended, len);
c->local_consumed += len;
}
- } else if (c->extended_usage == CHAN_EXTENDED_READ &&
+ } else if (c->efd != -1 &&
+ (c->extended_usage == CHAN_EXTENDED_READ ||
+ c->extended_usage == CHAN_EXTENDED_IGNORE) &&
FD_ISSET(c->efd, readset)) {
len = read(c->efd, buf, sizeof(buf));
debug2("channel %d: read %d from efd %d",
@@ -1746,7 +1749,11 @@ channel_handle_efd(Channel *c, fd_set *readset, fd_set *writeset)
c->self, c->efd);
channel_close_fd(&c->efd);
} else {
- buffer_append(&c->extended, buf, len);
+ if (c->extended_usage == CHAN_EXTENDED_IGNORE) {
+ debug3("channel %d: discard efd",
+ c->self);
+ } else
+ buffer_append(&c->extended, buf, len);
}
}
}
diff --git a/usr.bin/ssh/session.c b/usr.bin/ssh/session.c
index 424d44e52ba..63526e20f95 100644
--- a/usr.bin/ssh/session.c
+++ b/usr.bin/ssh/session.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: session.c,v 1.255 2010/06/22 04:59:12 djm Exp $ */
+/* $OpenBSD: session.c,v 1.256 2010/06/25 07:20:04 djm Exp $ */
/*
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
* All rights reserved
@@ -97,7 +97,7 @@
/* func */
Session *session_new(void);
-void session_set_fds(Session *, int, int, int, int);
+void session_set_fds(Session *, int, int, int, int, int);
void session_pty_cleanup(Session *);
void session_proctitle(Session *);
int session_setup_x11fwd(Session *);
@@ -448,27 +448,14 @@ do_exec_no_pty(Session *s, const char *command)
close(pin[1]);
return -1;
}
- if (s->is_subsystem) {
- if ((perr[1] = open(_PATH_DEVNULL, O_WRONLY)) == -1) {
- error("%s: open(%s): %s", __func__, _PATH_DEVNULL,
- strerror(errno));
- close(pin[0]);
- close(pin[1]);
- close(pout[0]);
- close(pout[1]);
- return -1;
- }
- perr[0] = -1;
- } else {
- if (pipe(perr) < 0) {
- error("%s: pipe err: %.100s", __func__,
- strerror(errno));
- close(pin[0]);
- close(pin[1]);
- close(pout[0]);
- close(pout[1]);
- return -1;
- }
+ if (pipe(perr) < 0) {
+ error("%s: pipe err: %.100s", __func__,
+ strerror(errno));
+ close(pin[0]);
+ close(pin[1]);
+ close(pout[0]);
+ close(pout[1]);
+ return -1;
}
#else
int inout[2], err[2];
@@ -481,23 +468,12 @@ do_exec_no_pty(Session *s, const char *command)
error("%s: socketpair #1: %.100s", __func__, strerror(errno));
return -1;
}
- if (s->is_subsystem) {
- if ((err[0] = open(_PATH_DEVNULL, O_WRONLY)) == -1) {
- error("%s: open(%s): %s", __func__, _PATH_DEVNULL,
- strerror(errno));
- close(inout[0]);
- close(inout[1]);
- return -1;
- }
- err[1] = -1;
- } else {
- if (socketpair(AF_UNIX, SOCK_STREAM, 0, err) < 0) {
- error("%s: socketpair #2: %.100s", __func__,
- strerror(errno));
- close(inout[0]);
- close(inout[1]);
- return -1;
- }
+ if (socketpair(AF_UNIX, SOCK_STREAM, 0, err) < 0) {
+ error("%s: socketpair #2: %.100s", __func__,
+ strerror(errno));
+ close(inout[0]);
+ close(inout[1]);
+ return -1;
}
#endif
@@ -512,15 +488,13 @@ do_exec_no_pty(Session *s, const char *command)
close(pin[1]);
close(pout[0]);
close(pout[1]);
- if (perr[0] != -1)
- close(perr[0]);
+ close(perr[0]);
close(perr[1]);
#else
close(inout[0]);
close(inout[1]);
close(err[0]);
- if (err[1] != -1)
- close(err[1]);
+ close(err[1]);
#endif
return -1;
case 0:
@@ -554,8 +528,7 @@ do_exec_no_pty(Session *s, const char *command)
close(pout[1]);
/* Redirect stderr. */
- if (perr[0] != -1)
- close(perr[0]);
+ close(perr[0]);
if (dup2(perr[1], 2) < 0)
perror("dup2 stderr");
close(perr[1]);
@@ -566,8 +539,7 @@ do_exec_no_pty(Session *s, const char *command)
* seem to depend on it.
*/
close(inout[1]);
- if (err[1] != -1)
- close(err[1]);
+ close(err[1]);
if (dup2(inout[0], 0) < 0) /* stdin */
perror("dup2 stdin");
if (dup2(inout[0], 1) < 0) /* stdout (same as stdin) */
@@ -596,7 +568,8 @@ do_exec_no_pty(Session *s, const char *command)
close(perr[1]);
if (compat20) {
- session_set_fds(s, pin[1], pout[0], perr[0], 0);
+ session_set_fds(s, pin[1], pout[0], perr[0],
+ s->is_subsystem, 0);
} else {
/* Enter the interactive session. */
server_loop(pid, pin[1], pout[0], perr[0]);
@@ -612,7 +585,8 @@ do_exec_no_pty(Session *s, const char *command)
* handle the case that fdin and fdout are the same.
*/
if (compat20) {
- session_set_fds(s, inout[1], inout[1], err[1], 0);
+ session_set_fds(s, inout[1], inout[1], err[1],
+ s->is_subsystem, 0);
} else {
server_loop(pid, inout[1], inout[1], err[1]);
/* server_loop has closed inout[1] and err[1]. */
@@ -717,7 +691,7 @@ do_exec_pty(Session *s, const char *command)
s->ptymaster = ptymaster;
packet_set_interactive(1);
if (compat20) {
- session_set_fds(s, ptyfd, fdout, -1, 1);
+ session_set_fds(s, ptyfd, fdout, -1, 1, 1);
} else {
server_loop(pid, ptyfd, fdout, -1);
/* server_loop _has_ closed ptyfd and fdout. */
@@ -1936,7 +1910,8 @@ session_input_channel_req(Channel *c, const char *rtype)
}
void
-session_set_fds(Session *s, int fdin, int fdout, int fderr, int is_tty)
+session_set_fds(Session *s, int fdin, int fdout, int fderr, int ignore_fderr,
+ int is_tty)
{
if (!compat20)
fatal("session_set_fds: called for proto != 2.0");
@@ -1948,7 +1923,7 @@ session_set_fds(Session *s, int fdin, int fdout, int fderr, int is_tty)
fatal("no channel for session %d", s->self);
channel_set_fds(s->chanid,
fdout, fdin, fderr,
- fderr == -1 ? CHAN_EXTENDED_IGNORE : CHAN_EXTENDED_READ,
+ ignore_fderr ? CHAN_EXTENDED_IGNORE : CHAN_EXTENDED_READ,
1, is_tty, CHAN_SES_WINDOW_DEFAULT);
}