diff options
author | Damien Miller <djm@cvs.openbsd.org> | 2010-06-25 07:20:05 +0000 |
---|---|---|
committer | Damien Miller <djm@cvs.openbsd.org> | 2010-06-25 07:20:05 +0000 |
commit | 3bc361ce722cd2e583d357787c855db75cb54b18 (patch) | |
tree | 834ba40ec08636841e56e6228c535919d98231da | |
parent | 32fe2a9a9f594557e9fa87668fd44d4c6c3aa89e (diff) |
bz#1750: fix requirement for /dev/null inside ChrootDirectory for
internal-sftp accidentally introduced in r1.253 by removing the code
that opens and dup /dev/null to stderr and modifying the channels code
to read stderr but discard it instead; ok markus@
-rw-r--r-- | usr.bin/ssh/channels.c | 17 | ||||
-rw-r--r-- | usr.bin/ssh/session.c | 81 |
2 files changed, 40 insertions, 58 deletions
diff --git a/usr.bin/ssh/channels.c b/usr.bin/ssh/channels.c index 08138ca5f56..3c2e8479fca 100644 --- a/usr.bin/ssh/channels.c +++ b/usr.bin/ssh/channels.c @@ -1,4 +1,4 @@ -/* $OpenBSD: channels.c,v 1.305 2010/06/25 07:14:45 djm Exp $ */ +/* $OpenBSD: channels.c,v 1.306 2010/06/25 07:20:04 djm Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -834,8 +834,9 @@ channel_pre_open(Channel *c, fd_set *readset, fd_set *writeset) if (c->extended_usage == CHAN_EXTENDED_WRITE && buffer_len(&c->extended) > 0) FD_SET(c->efd, writeset); - else if (!(c->flags & CHAN_EOF_SENT) && - c->extended_usage == CHAN_EXTENDED_READ && + else if (c->efd != -1 && !(c->flags & CHAN_EOF_SENT) && + (c->extended_usage == CHAN_EXTENDED_READ || + c->extended_usage == CHAN_EXTENDED_IGNORE) && buffer_len(&c->extended) < c->remote_window) FD_SET(c->efd, readset); } @@ -1734,7 +1735,9 @@ channel_handle_efd(Channel *c, fd_set *readset, fd_set *writeset) buffer_consume(&c->extended, len); c->local_consumed += len; } - } else if (c->extended_usage == CHAN_EXTENDED_READ && + } else if (c->efd != -1 && + (c->extended_usage == CHAN_EXTENDED_READ || + c->extended_usage == CHAN_EXTENDED_IGNORE) && FD_ISSET(c->efd, readset)) { len = read(c->efd, buf, sizeof(buf)); debug2("channel %d: read %d from efd %d", @@ -1746,7 +1749,11 @@ channel_handle_efd(Channel *c, fd_set *readset, fd_set *writeset) c->self, c->efd); channel_close_fd(&c->efd); } else { - buffer_append(&c->extended, buf, len); + if (c->extended_usage == CHAN_EXTENDED_IGNORE) { + debug3("channel %d: discard efd", + c->self); + } else + buffer_append(&c->extended, buf, len); } } } diff --git a/usr.bin/ssh/session.c b/usr.bin/ssh/session.c index 424d44e52ba..63526e20f95 100644 --- a/usr.bin/ssh/session.c +++ b/usr.bin/ssh/session.c @@ -1,4 +1,4 @@ -/* $OpenBSD: session.c,v 1.255 2010/06/22 04:59:12 djm Exp $ */ +/* $OpenBSD: session.c,v 1.256 2010/06/25 07:20:04 djm Exp $ */ /* * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland * All rights reserved @@ -97,7 +97,7 @@ /* func */ Session *session_new(void); -void session_set_fds(Session *, int, int, int, int); +void session_set_fds(Session *, int, int, int, int, int); void session_pty_cleanup(Session *); void session_proctitle(Session *); int session_setup_x11fwd(Session *); @@ -448,27 +448,14 @@ do_exec_no_pty(Session *s, const char *command) close(pin[1]); return -1; } - if (s->is_subsystem) { - if ((perr[1] = open(_PATH_DEVNULL, O_WRONLY)) == -1) { - error("%s: open(%s): %s", __func__, _PATH_DEVNULL, - strerror(errno)); - close(pin[0]); - close(pin[1]); - close(pout[0]); - close(pout[1]); - return -1; - } - perr[0] = -1; - } else { - if (pipe(perr) < 0) { - error("%s: pipe err: %.100s", __func__, - strerror(errno)); - close(pin[0]); - close(pin[1]); - close(pout[0]); - close(pout[1]); - return -1; - } + if (pipe(perr) < 0) { + error("%s: pipe err: %.100s", __func__, + strerror(errno)); + close(pin[0]); + close(pin[1]); + close(pout[0]); + close(pout[1]); + return -1; } #else int inout[2], err[2]; @@ -481,23 +468,12 @@ do_exec_no_pty(Session *s, const char *command) error("%s: socketpair #1: %.100s", __func__, strerror(errno)); return -1; } - if (s->is_subsystem) { - if ((err[0] = open(_PATH_DEVNULL, O_WRONLY)) == -1) { - error("%s: open(%s): %s", __func__, _PATH_DEVNULL, - strerror(errno)); - close(inout[0]); - close(inout[1]); - return -1; - } - err[1] = -1; - } else { - if (socketpair(AF_UNIX, SOCK_STREAM, 0, err) < 0) { - error("%s: socketpair #2: %.100s", __func__, - strerror(errno)); - close(inout[0]); - close(inout[1]); - return -1; - } + if (socketpair(AF_UNIX, SOCK_STREAM, 0, err) < 0) { + error("%s: socketpair #2: %.100s", __func__, + strerror(errno)); + close(inout[0]); + close(inout[1]); + return -1; } #endif @@ -512,15 +488,13 @@ do_exec_no_pty(Session *s, const char *command) close(pin[1]); close(pout[0]); close(pout[1]); - if (perr[0] != -1) - close(perr[0]); + close(perr[0]); close(perr[1]); #else close(inout[0]); close(inout[1]); close(err[0]); - if (err[1] != -1) - close(err[1]); + close(err[1]); #endif return -1; case 0: @@ -554,8 +528,7 @@ do_exec_no_pty(Session *s, const char *command) close(pout[1]); /* Redirect stderr. */ - if (perr[0] != -1) - close(perr[0]); + close(perr[0]); if (dup2(perr[1], 2) < 0) perror("dup2 stderr"); close(perr[1]); @@ -566,8 +539,7 @@ do_exec_no_pty(Session *s, const char *command) * seem to depend on it. */ close(inout[1]); - if (err[1] != -1) - close(err[1]); + close(err[1]); if (dup2(inout[0], 0) < 0) /* stdin */ perror("dup2 stdin"); if (dup2(inout[0], 1) < 0) /* stdout (same as stdin) */ @@ -596,7 +568,8 @@ do_exec_no_pty(Session *s, const char *command) close(perr[1]); if (compat20) { - session_set_fds(s, pin[1], pout[0], perr[0], 0); + session_set_fds(s, pin[1], pout[0], perr[0], + s->is_subsystem, 0); } else { /* Enter the interactive session. */ server_loop(pid, pin[1], pout[0], perr[0]); @@ -612,7 +585,8 @@ do_exec_no_pty(Session *s, const char *command) * handle the case that fdin and fdout are the same. */ if (compat20) { - session_set_fds(s, inout[1], inout[1], err[1], 0); + session_set_fds(s, inout[1], inout[1], err[1], + s->is_subsystem, 0); } else { server_loop(pid, inout[1], inout[1], err[1]); /* server_loop has closed inout[1] and err[1]. */ @@ -717,7 +691,7 @@ do_exec_pty(Session *s, const char *command) s->ptymaster = ptymaster; packet_set_interactive(1); if (compat20) { - session_set_fds(s, ptyfd, fdout, -1, 1); + session_set_fds(s, ptyfd, fdout, -1, 1, 1); } else { server_loop(pid, ptyfd, fdout, -1); /* server_loop _has_ closed ptyfd and fdout. */ @@ -1936,7 +1910,8 @@ session_input_channel_req(Channel *c, const char *rtype) } void -session_set_fds(Session *s, int fdin, int fdout, int fderr, int is_tty) +session_set_fds(Session *s, int fdin, int fdout, int fderr, int ignore_fderr, + int is_tty) { if (!compat20) fatal("session_set_fds: called for proto != 2.0"); @@ -1948,7 +1923,7 @@ session_set_fds(Session *s, int fdin, int fdout, int fderr, int is_tty) fatal("no channel for session %d", s->self); channel_set_fds(s->chanid, fdout, fdin, fderr, - fderr == -1 ? CHAN_EXTENDED_IGNORE : CHAN_EXTENDED_READ, + ignore_fderr ? CHAN_EXTENDED_IGNORE : CHAN_EXTENDED_READ, 1, is_tty, CHAN_SES_WINDOW_DEFAULT); } |