diff options
author | Darren Tucker <dtucker@cvs.openbsd.org> | 2020-01-23 07:10:23 +0000 |
---|---|---|
committer | Darren Tucker <dtucker@cvs.openbsd.org> | 2020-01-23 07:10:23 +0000 |
commit | edf1e6d70d7ddc0e037b52523e6f679236a7f4ca (patch) | |
tree | 726b9215e18c7e203e0a4cdf5cb896433d43bafd | |
parent | 6c8ddfa10d8732d02d6d3c66d9c16a7a313a0b05 (diff) |
Replace all calls to signal(2) with a wrapper around sigaction(2).
This wrapper blocks all other signals during the handler preventing
races between handlers, and sets SA_RESTART which should reduce the
potential for short read/write operations.
-rw-r--r-- | usr.bin/ssh/auth.c | 4 | ||||
-rw-r--r-- | usr.bin/ssh/auth2-pubkey.c | 10 | ||||
-rw-r--r-- | usr.bin/ssh/clientloop.c | 26 | ||||
-rw-r--r-- | usr.bin/ssh/misc.c | 19 | ||||
-rw-r--r-- | usr.bin/ssh/misc.h | 4 | ||||
-rw-r--r-- | usr.bin/ssh/monitor.c | 8 | ||||
-rw-r--r-- | usr.bin/ssh/mux.c | 22 | ||||
-rw-r--r-- | usr.bin/ssh/progressmeter.c | 6 | ||||
-rw-r--r-- | usr.bin/ssh/readconf.c | 4 | ||||
-rw-r--r-- | usr.bin/ssh/readpass.c | 14 | ||||
-rw-r--r-- | usr.bin/ssh/scp.c | 22 | ||||
-rw-r--r-- | usr.bin/ssh/serverloop.c | 10 | ||||
-rw-r--r-- | usr.bin/ssh/session.c | 4 | ||||
-rw-r--r-- | usr.bin/ssh/sftp.c | 26 | ||||
-rw-r--r-- | usr.bin/ssh/ssh-agent.c | 10 | ||||
-rw-r--r-- | usr.bin/ssh/ssh-sk-client.c | 9 | ||||
-rw-r--r-- | usr.bin/ssh/ssh.c | 6 | ||||
-rw-r--r-- | usr.bin/ssh/sshbuf.c | 4 | ||||
-rw-r--r-- | usr.bin/ssh/sshconnect.c | 10 | ||||
-rw-r--r-- | usr.bin/ssh/sshconnect2.c | 8 | ||||
-rw-r--r-- | usr.bin/ssh/sshd.c | 32 |
21 files changed, 140 insertions, 118 deletions
diff --git a/usr.bin/ssh/auth.c b/usr.bin/ssh/auth.c index f0340a81b7e..18bbfc8e275 100644 --- a/usr.bin/ssh/auth.c +++ b/usr.bin/ssh/auth.c @@ -1,4 +1,4 @@ -/* $OpenBSD: auth.c,v 1.144 2019/12/16 13:58:53 tobhe Exp $ */ +/* $OpenBSD: auth.c,v 1.145 2020/01/23 07:10:22 dtucker Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * @@ -800,7 +800,7 @@ subprocess(const char *tag, struct passwd *pw, const char *command, child_set_env(&child_env, &envsize, "LANG", cp); for (i = 0; i < NSIG; i++) - signal(i, SIG_DFL); + ssh_signal(i, SIG_DFL); if ((devnull = open(_PATH_DEVNULL, O_RDWR)) == -1) { error("%s: open %s: %s", tag, _PATH_DEVNULL, diff --git a/usr.bin/ssh/auth2-pubkey.c b/usr.bin/ssh/auth2-pubkey.c index a882f0fae66..b79c53dc0de 100644 --- a/usr.bin/ssh/auth2-pubkey.c +++ b/usr.bin/ssh/auth2-pubkey.c @@ -1,4 +1,4 @@ -/* $OpenBSD: auth2-pubkey.c,v 1.97 2019/11/25 00:54:23 djm Exp $ */ +/* $OpenBSD: auth2-pubkey.c,v 1.98 2020/01/23 07:10:22 dtucker Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * @@ -457,7 +457,7 @@ match_principals_command(struct ssh *ssh, struct passwd *user_pw, * NB. all returns later this function should go via "out" to * ensure the original SIGCHLD handler is restored properly. */ - osigchld = signal(SIGCHLD, SIG_DFL); + osigchld = ssh_signal(SIGCHLD, SIG_DFL); /* Prepare and verify the user for the command */ username = percent_expand(options.authorized_principals_command_user, @@ -545,7 +545,7 @@ match_principals_command(struct ssh *ssh, struct passwd *user_pw, out: if (f != NULL) fclose(f); - signal(SIGCHLD, osigchld); + ssh_signal(SIGCHLD, osigchld); for (i = 0; i < ac; i++) free(av[i]); free(av); @@ -895,7 +895,7 @@ user_key_command_allowed2(struct ssh *ssh, struct passwd *user_pw, * NB. all returns later this function should go via "out" to * ensure the original SIGCHLD handler is restored properly. */ - osigchld = signal(SIGCHLD, SIG_DFL); + osigchld = ssh_signal(SIGCHLD, SIG_DFL); /* Prepare and verify the user for the command */ username = percent_expand(options.authorized_keys_command_user, @@ -984,7 +984,7 @@ user_key_command_allowed2(struct ssh *ssh, struct passwd *user_pw, out: if (f != NULL) fclose(f); - signal(SIGCHLD, osigchld); + ssh_signal(SIGCHLD, osigchld); for (i = 0; i < ac; i++) free(av[i]); free(av); diff --git a/usr.bin/ssh/clientloop.c b/usr.bin/ssh/clientloop.c index 6eefb0ee9d6..4599ff6de40 100644 --- a/usr.bin/ssh/clientloop.c +++ b/usr.bin/ssh/clientloop.c @@ -1,4 +1,4 @@ -/* $OpenBSD: clientloop.c,v 1.331 2020/01/23 02:46:49 dtucker Exp $ */ +/* $OpenBSD: clientloop.c,v 1.332 2020/01/23 07:10:22 dtucker Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -777,7 +777,7 @@ process_cmdline(struct ssh *ssh) memset(&fwd, 0, sizeof(fwd)); leave_raw_mode(options.request_tty == REQUEST_TTY_FORCE); - handler = signal(SIGINT, SIG_IGN); + handler = ssh_signal(SIGINT, SIG_IGN); cmd = s = read_passphrase("\r\nssh> ", RP_ECHO); if (s == NULL) goto out; @@ -875,7 +875,7 @@ process_cmdline(struct ssh *ssh) } out: - signal(SIGINT, handler); + ssh_signal(SIGINT, handler); enter_raw_mode(options.request_tty == REQUEST_TTY_FORCE); free(cmd); free(fwd.listen_host); @@ -1298,15 +1298,15 @@ client_loop(struct ssh *ssh, int have_pty, int escape_char_arg, * Set signal handlers, (e.g. to restore non-blocking mode) * but don't overwrite SIG_IGN, matches behaviour from rsh(1) */ - if (signal(SIGHUP, SIG_IGN) != SIG_IGN) - signal(SIGHUP, signal_handler); - if (signal(SIGINT, SIG_IGN) != SIG_IGN) - signal(SIGINT, signal_handler); - if (signal(SIGQUIT, SIG_IGN) != SIG_IGN) - signal(SIGQUIT, signal_handler); - if (signal(SIGTERM, SIG_IGN) != SIG_IGN) - signal(SIGTERM, signal_handler); - signal(SIGWINCH, window_change_handler); + if (ssh_signal(SIGHUP, SIG_IGN) != SIG_IGN) + ssh_signal(SIGHUP, signal_handler); + if (ssh_signal(SIGINT, SIG_IGN) != SIG_IGN) + ssh_signal(SIGINT, signal_handler); + if (ssh_signal(SIGQUIT, SIG_IGN) != SIG_IGN) + ssh_signal(SIGQUIT, signal_handler); + if (ssh_signal(SIGTERM, SIG_IGN) != SIG_IGN) + ssh_signal(SIGTERM, signal_handler); + ssh_signal(SIGWINCH, window_change_handler); if (have_pty) enter_raw_mode(options.request_tty == REQUEST_TTY_FORCE); @@ -1405,7 +1405,7 @@ client_loop(struct ssh *ssh, int have_pty, int escape_char_arg, /* Terminate the session. */ /* Stop watching for window change. */ - signal(SIGWINCH, SIG_DFL); + ssh_signal(SIGWINCH, SIG_DFL); if ((r = sshpkt_start(ssh, SSH2_MSG_DISCONNECT)) != 0 || (r = sshpkt_put_u32(ssh, SSH2_DISCONNECT_BY_APPLICATION)) != 0 || diff --git a/usr.bin/ssh/misc.c b/usr.bin/ssh/misc.c index 7404a21b033..77621582bae 100644 --- a/usr.bin/ssh/misc.c +++ b/usr.bin/ssh/misc.c @@ -1,4 +1,4 @@ -/* $OpenBSD: misc.c,v 1.143 2019/11/22 06:50:30 dtucker Exp $ */ +/* $OpenBSD: misc.c,v 1.144 2020/01/23 07:10:22 dtucker Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * Copyright (c) 2005,2006 Damien Miller. All rights reserved. @@ -2133,3 +2133,20 @@ opt_match(const char **opts, const char *term) return 0; } +sshsig_t +ssh_signal(int signum, sshsig_t handler) +{ + struct sigaction sa, osa; + + /* mask all other signals while in handler */ + bzero(&sa, sizeof(sa)); + sa.sa_handler = handler; + sigfillset(&sa.sa_mask); + if (signum != SIGALRM) + sa.sa_flags = SA_RESTART; + if (sigaction(signum, &sa, &osa) == -1) { + debug3("sigaction(%s): %s", strsignal(signum), strerror(errno)); + return SIG_ERR; + } + return osa.sa_handler; +} diff --git a/usr.bin/ssh/misc.h b/usr.bin/ssh/misc.h index c402e98f787..94419f476c3 100644 --- a/usr.bin/ssh/misc.h +++ b/usr.bin/ssh/misc.h @@ -1,4 +1,4 @@ -/* $OpenBSD: misc.h,v 1.82 2019/11/12 22:34:20 djm Exp $ */ +/* $OpenBSD: misc.h,v 1.83 2020/01/23 07:10:22 dtucker Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> @@ -188,4 +188,6 @@ void notify_complete(struct notifier_ctx *); #define MAXIMUM(a, b) (((a) > (b)) ? (a) : (b)) #define ROUNDUP(x, y) ((((x)+((y)-1))/(y))*(y)) +typedef void (*sshsig_t)(int); +sshsig_t ssh_signal(int, sshsig_t); #endif /* _MISC_H */ diff --git a/usr.bin/ssh/monitor.c b/usr.bin/ssh/monitor.c index 91715274e4d..bf9d35b1ed1 100644 --- a/usr.bin/ssh/monitor.c +++ b/usr.bin/ssh/monitor.c @@ -1,4 +1,4 @@ -/* $OpenBSD: monitor.c,v 1.206 2019/12/15 18:57:30 djm Exp $ */ +/* $OpenBSD: monitor.c,v 1.207 2020/01/23 07:10:22 dtucker Exp $ */ /* * Copyright 2002 Niels Provos <provos@citi.umich.edu> * Copyright 2002 Markus Friedl <markus@openbsd.org> @@ -330,9 +330,9 @@ monitor_child_postauth(struct ssh *ssh, struct monitor *pmonitor) pmonitor->m_recvfd = -1; monitor_set_child_handler(pmonitor->m_pid); - signal(SIGHUP, &monitor_child_handler); - signal(SIGTERM, &monitor_child_handler); - signal(SIGINT, &monitor_child_handler); + ssh_signal(SIGHUP, &monitor_child_handler); + ssh_signal(SIGTERM, &monitor_child_handler); + ssh_signal(SIGINT, &monitor_child_handler); mon_dispatch = mon_dispatch_postauth20; diff --git a/usr.bin/ssh/mux.c b/usr.bin/ssh/mux.c index 776bec17a9e..3f9a88b856d 100644 --- a/usr.bin/ssh/mux.c +++ b/usr.bin/ssh/mux.c @@ -1,4 +1,4 @@ -/* $OpenBSD: mux.c,v 1.80 2019/06/28 13:35:04 deraadt Exp $ */ +/* $OpenBSD: mux.c,v 1.81 2020/01/23 07:10:22 dtucker Exp $ */ /* * Copyright (c) 2002-2008 Damien Miller <djm@openbsd.org> * @@ -1892,7 +1892,7 @@ mux_client_request_session(int fd) return -1; } - signal(SIGPIPE, SIG_IGN); + ssh_signal(SIGPIPE, SIG_IGN); if (stdin_null_flag) { if ((devnull = open(_PATH_DEVNULL, O_RDONLY)) == -1) @@ -1992,10 +1992,10 @@ mux_client_request_session(int fd) if (pledge("stdio proc tty", NULL) == -1) fatal("%s pledge(): %s", __func__, strerror(errno)); - signal(SIGHUP, control_client_sighandler); - signal(SIGINT, control_client_sighandler); - signal(SIGTERM, control_client_sighandler); - signal(SIGWINCH, control_client_sigrelay); + ssh_signal(SIGHUP, control_client_sighandler); + ssh_signal(SIGINT, control_client_sighandler); + ssh_signal(SIGTERM, control_client_sighandler); + ssh_signal(SIGWINCH, control_client_sigrelay); rawmode = tty_flag; if (tty_flag) @@ -2125,7 +2125,7 @@ mux_client_request_stdio_fwd(int fd) return -1; } - signal(SIGPIPE, SIG_IGN); + ssh_signal(SIGPIPE, SIG_IGN); if (stdin_null_flag) { if ((devnull = open(_PATH_DEVNULL, O_RDONLY)) == -1) @@ -2198,10 +2198,10 @@ mux_client_request_stdio_fwd(int fd) } muxclient_request_id++; - signal(SIGHUP, control_client_sighandler); - signal(SIGINT, control_client_sighandler); - signal(SIGTERM, control_client_sighandler); - signal(SIGWINCH, control_client_sigrelay); + ssh_signal(SIGHUP, control_client_sighandler); + ssh_signal(SIGINT, control_client_sighandler); + ssh_signal(SIGTERM, control_client_sighandler); + ssh_signal(SIGWINCH, control_client_sigrelay); /* * Stick around until the controlee closes the client_fd. diff --git a/usr.bin/ssh/progressmeter.c b/usr.bin/ssh/progressmeter.c index 05827e0ee0b..338504aa7bd 100644 --- a/usr.bin/ssh/progressmeter.c +++ b/usr.bin/ssh/progressmeter.c @@ -1,4 +1,4 @@ -/* $OpenBSD: progressmeter.c,v 1.49 2019/10/29 07:47:27 dtucker Exp $ */ +/* $OpenBSD: progressmeter.c,v 1.50 2020/01/23 07:10:22 dtucker Exp $ */ /* * Copyright (c) 2003 Nils Nordman. All rights reserved. * @@ -250,8 +250,8 @@ start_progress_meter(const char *f, off_t filesize, off_t *ctr) setscreensize(); refresh_progress_meter(1); - signal(SIGALRM, sig_alarm); - signal(SIGWINCH, sig_winch); + ssh_signal(SIGALRM, sig_alarm); + ssh_signal(SIGWINCH, sig_winch); alarm(UPDATE_INTERVAL); } diff --git a/usr.bin/ssh/readconf.c b/usr.bin/ssh/readconf.c index ed550277fec..9c3a8560876 100644 --- a/usr.bin/ssh/readconf.c +++ b/usr.bin/ssh/readconf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: readconf.c,v 1.320 2020/01/23 02:46:49 dtucker Exp $ */ +/* $OpenBSD: readconf.c,v 1.321 2020/01/23 07:10:22 dtucker Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -514,7 +514,7 @@ execute_in_shell(const char *cmd) execv(argv[0], argv); error("Unable to execute '%.100s': %s", cmd, strerror(errno)); /* Die with signal to make this error apparent to parent. */ - signal(SIGTERM, SIG_DFL); + ssh_signal(SIGTERM, SIG_DFL); kill(getpid(), SIGTERM); _exit(1); } diff --git a/usr.bin/ssh/readpass.c b/usr.bin/ssh/readpass.c index 96468416ad8..104c3188ddb 100644 --- a/usr.bin/ssh/readpass.c +++ b/usr.bin/ssh/readpass.c @@ -1,4 +1,4 @@ -/* $OpenBSD: readpass.c,v 1.60 2019/12/06 03:06:08 djm Exp $ */ +/* $OpenBSD: readpass.c,v 1.61 2020/01/23 07:10:22 dtucker Exp $ */ /* * Copyright (c) 2001 Markus Friedl. All rights reserved. * @@ -62,10 +62,10 @@ ssh_askpass(char *askpass, const char *msg, const char *env_hint) error("%s: pipe: %s", __func__, strerror(errno)); return NULL; } - osigchld = signal(SIGCHLD, SIG_DFL); + osigchld = ssh_signal(SIGCHLD, SIG_DFL); if ((pid = fork()) == -1) { error("%s: fork: %s", __func__, strerror(errno)); - signal(SIGCHLD, osigchld); + ssh_signal(SIGCHLD, osigchld); return NULL; } if (pid == 0) { @@ -95,7 +95,7 @@ ssh_askpass(char *askpass, const char *msg, const char *env_hint) while ((ret = waitpid(pid, &status, 0)) == -1) if (errno != EINTR) break; - signal(SIGCHLD, osigchld); + ssh_signal(SIGCHLD, osigchld); if (ret == -1 || !WIFEXITED(status) || WEXITSTATUS(status) != 0) { explicit_bzero(buf, sizeof(buf)); return NULL; @@ -240,10 +240,10 @@ notify_start(int force_askpass, const char *fmt, ...) free(prompt); return NULL; } - osigchld = signal(SIGCHLD, SIG_DFL); + osigchld = ssh_signal(SIGCHLD, SIG_DFL); if ((pid = fork()) == -1) { error("%s: fork: %s", __func__, strerror(errno)); - signal(SIGCHLD, osigchld); + ssh_signal(SIGCHLD, osigchld); free(prompt); return NULL; } @@ -286,6 +286,6 @@ notify_complete(struct notifier_ctx *ctx) } if (ret == -1) fatal("%s: waitpid: %s", __func__, strerror(errno)); - signal(SIGCHLD, ctx->osigchld); + ssh_signal(SIGCHLD, ctx->osigchld); free(ctx); } diff --git a/usr.bin/ssh/scp.c b/usr.bin/ssh/scp.c index 52807603d65..4830ae1f58f 100644 --- a/usr.bin/ssh/scp.c +++ b/usr.bin/ssh/scp.c @@ -1,4 +1,4 @@ -/* $OpenBSD: scp.c,v 1.206 2019/09/09 02:31:19 dtucker Exp $ */ +/* $OpenBSD: scp.c,v 1.207 2020/01/23 07:10:22 dtucker Exp $ */ /* * scp - secure remote copy. This is basically patched BSD rcp which * uses ssh to do the data transfer (instead of using rcmd). @@ -195,9 +195,9 @@ do_local_cmd(arglist *a) } do_cmd_pid = pid; - signal(SIGTERM, killchild); - signal(SIGINT, killchild); - signal(SIGHUP, killchild); + ssh_signal(SIGTERM, killchild); + ssh_signal(SIGINT, killchild); + ssh_signal(SIGHUP, killchild); while (waitpid(pid, &status, 0) == -1) if (errno != EINTR) @@ -248,9 +248,9 @@ do_cmd(char *host, char *remuser, int port, char *cmd, int *fdin, int *fdout) close(reserved[0]); close(reserved[1]); - signal(SIGTSTP, suspchild); - signal(SIGTTIN, suspchild); - signal(SIGTTOU, suspchild); + ssh_signal(SIGTSTP, suspchild); + ssh_signal(SIGTTIN, suspchild); + ssh_signal(SIGTTOU, suspchild); /* Fork a child to execute the command on the remote host using ssh. */ do_cmd_pid = fork(); @@ -287,9 +287,9 @@ do_cmd(char *host, char *remuser, int port, char *cmd, int *fdin, int *fdout) *fdout = pin[1]; close(pout[1]); *fdin = pout[0]; - signal(SIGTERM, killchild); - signal(SIGINT, killchild); - signal(SIGHUP, killchild); + ssh_signal(SIGTERM, killchild); + ssh_signal(SIGINT, killchild); + ssh_signal(SIGHUP, killchild); return 0; } @@ -534,7 +534,7 @@ main(int argc, char **argv) iamrecursive ? " -r" : "", pflag ? " -p" : "", targetshouldbedirectory ? " -d" : ""); - (void) signal(SIGPIPE, lostconn); + (void) ssh_signal(SIGPIPE, lostconn); if (colon(argv[argc - 1])) /* Dest is remote host. */ toremote(argc, argv); diff --git a/usr.bin/ssh/serverloop.c b/usr.bin/ssh/serverloop.c index 956083b2337..1dc56dff193 100644 --- a/usr.bin/ssh/serverloop.c +++ b/usr.bin/ssh/serverloop.c @@ -1,4 +1,4 @@ -/* $OpenBSD: serverloop.c,v 1.218 2019/11/27 05:38:43 dtucker Exp $ */ +/* $OpenBSD: serverloop.c,v 1.219 2020/01/23 07:10:22 dtucker Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -397,15 +397,15 @@ server_loop2(struct ssh *ssh, Authctxt *authctxt) debug("Entering interactive session for SSH2."); - signal(SIGCHLD, sigchld_handler); + ssh_signal(SIGCHLD, sigchld_handler); child_terminated = 0; connection_in = ssh_packet_get_connection_in(ssh); connection_out = ssh_packet_get_connection_out(ssh); if (!use_privsep) { - signal(SIGTERM, sigterm_handler); - signal(SIGINT, sigterm_handler); - signal(SIGQUIT, sigterm_handler); + ssh_signal(SIGTERM, sigterm_handler); + ssh_signal(SIGINT, sigterm_handler); + ssh_signal(SIGQUIT, sigterm_handler); } notify_setup(); diff --git a/usr.bin/ssh/session.c b/usr.bin/ssh/session.c index 36c76af69bb..dc9bde7bd1c 100644 --- a/usr.bin/ssh/session.c +++ b/usr.bin/ssh/session.c @@ -1,4 +1,4 @@ -/* $OpenBSD: session.c,v 1.317 2019/11/13 04:47:52 deraadt Exp $ */ +/* $OpenBSD: session.c,v 1.318 2020/01/23 07:10:22 dtucker Exp $ */ /* * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland * All rights reserved @@ -1323,7 +1323,7 @@ do_child(struct ssh *ssh, Session *s, const char *command) do_rc_files(ssh, s, shell); /* restore SIGPIPE for child */ - signal(SIGPIPE, SIG_DFL); + ssh_signal(SIGPIPE, SIG_DFL); if (s->is_subsystem == SUBSYSTEM_INT_SFTP_ERROR) { error("Connection from %s: refusing non-sftp session", diff --git a/usr.bin/ssh/sftp.c b/usr.bin/ssh/sftp.c index 922382dfa24..025102e9cbb 100644 --- a/usr.bin/ssh/sftp.c +++ b/usr.bin/ssh/sftp.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sftp.c,v 1.196 2019/11/01 03:54:33 djm Exp $ */ +/* $OpenBSD: sftp.c,v 1.197 2020/01/23 07:10:22 dtucker Exp $ */ /* * Copyright (c) 2001-2004 Damien Miller <djm@openbsd.org> * @@ -2214,7 +2214,7 @@ interactive_loop(struct sftp_conn *conn, char *file1, char *file2) const char *line; int count = 0; - signal(SIGINT, SIG_IGN); + ssh_signal(SIGINT, SIG_IGN); if (el == NULL) { if (interactive) @@ -2241,14 +2241,14 @@ interactive_loop(struct sftp_conn *conn, char *file1, char *file2) /* Handle user interrupts gracefully during commands */ interrupted = 0; - signal(SIGINT, cmd_interrupt); + ssh_signal(SIGINT, cmd_interrupt); err = parse_dispatch_command(conn, cmd, &remote_path, startdir, batchmode, !interactive && el == NULL); if (err != 0) break; } - signal(SIGCHLD, SIG_DFL); + ssh_signal(SIGCHLD, SIG_DFL); free(remote_path); free(startdir); free(conn); @@ -2292,20 +2292,20 @@ connect_to_server(char *path, char **args, int *in, int *out) * kill it too. Contrawise, since sftp sends SIGTERMs to the * underlying ssh, it must *not* ignore that signal. */ - signal(SIGINT, SIG_IGN); - signal(SIGTERM, SIG_DFL); + ssh_signal(SIGINT, SIG_IGN); + ssh_signal(SIGTERM, SIG_DFL); execvp(path, args); fprintf(stderr, "exec: %s: %s\n", path, strerror(errno)); _exit(1); } - signal(SIGTERM, killchild); - signal(SIGINT, killchild); - signal(SIGHUP, killchild); - signal(SIGTSTP, suspchild); - signal(SIGTTIN, suspchild); - signal(SIGTTOU, suspchild); - signal(SIGCHLD, sigchld_handler); + ssh_signal(SIGTERM, killchild); + ssh_signal(SIGINT, killchild); + ssh_signal(SIGHUP, killchild); + ssh_signal(SIGTSTP, suspchild); + ssh_signal(SIGTTIN, suspchild); + ssh_signal(SIGTTOU, suspchild); + ssh_signal(SIGCHLD, sigchld_handler); close(c_in); close(c_out); } diff --git a/usr.bin/ssh/ssh-agent.c b/usr.bin/ssh/ssh-agent.c index f9a2908a82a..835da83a947 100644 --- a/usr.bin/ssh/ssh-agent.c +++ b/usr.bin/ssh/ssh-agent.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-agent.c,v 1.251 2019/12/13 19:09:10 djm Exp $ */ +/* $OpenBSD: ssh-agent.c,v 1.252 2020/01/23 07:10:22 dtucker Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -1383,10 +1383,10 @@ skip: if (ac > 0) parent_alive_interval = 10; idtab_init(); - signal(SIGPIPE, SIG_IGN); - signal(SIGINT, (d_flag | D_flag) ? cleanup_handler : SIG_IGN); - signal(SIGHUP, cleanup_handler); - signal(SIGTERM, cleanup_handler); + ssh_signal(SIGPIPE, SIG_IGN); + ssh_signal(SIGINT, (d_flag | D_flag) ? cleanup_handler : SIG_IGN); + ssh_signal(SIGHUP, cleanup_handler); + ssh_signal(SIGTERM, cleanup_handler); if (pledge("stdio rpath cpath unix id proc exec", NULL) == -1) fatal("%s: pledge: %s", __progname, strerror(errno)); diff --git a/usr.bin/ssh/ssh-sk-client.c b/usr.bin/ssh/ssh-sk-client.c index 6ca85aaeba1..aeb878324e7 100644 --- a/usr.bin/ssh/ssh-sk-client.c +++ b/usr.bin/ssh/ssh-sk-client.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-sk-client.c,v 1.6 2020/01/21 07:07:31 djm Exp $ */ +/* $OpenBSD: ssh-sk-client.c,v 1.7 2020/01/23 07:10:22 dtucker Exp $ */ /* * Copyright (c) 2019 Google LLC * @@ -37,6 +37,7 @@ #include "digest.h" #include "pathnames.h" #include "ssh-sk.h" +#include "misc.h" /* #define DEBUG_SK 1 */ @@ -71,13 +72,13 @@ start_helper(int *fdp, pid_t *pidp, void (**osigchldp)(int)) error("socketpair: %s", strerror(errno)); return SSH_ERR_SYSTEM_ERROR; } - osigchld = signal(SIGCHLD, SIG_DFL); + osigchld = ssh_signal(SIGCHLD, SIG_DFL); if ((pid = fork()) == -1) { oerrno = errno; error("fork: %s", strerror(errno)); close(pair[0]); close(pair[1]); - signal(SIGCHLD, osigchld); + ssh_signal(SIGCHLD, osigchld); errno = oerrno; return SSH_ERR_SYSTEM_ERROR; } @@ -218,7 +219,7 @@ client_converse(struct sshbuf *msg, struct sshbuf **respp, u_int type) } sshbuf_free(req); sshbuf_free(resp); - signal(SIGCHLD, osigchld); + ssh_signal(SIGCHLD, osigchld); errno = oerrno; return r; diff --git a/usr.bin/ssh/ssh.c b/usr.bin/ssh/ssh.c index 1d01e011256..6797afe0d47 100644 --- a/usr.bin/ssh/ssh.c +++ b/usr.bin/ssh/ssh.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh.c,v 1.511 2020/01/05 16:28:22 beck Exp $ */ +/* $OpenBSD: ssh.c,v 1.512 2020/01/23 07:10:22 dtucker Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -1508,8 +1508,8 @@ main(int ac, char **av) options.num_system_hostfiles); tilde_expand_paths(options.user_hostfiles, options.num_user_hostfiles); - signal(SIGPIPE, SIG_IGN); /* ignore SIGPIPE early */ - signal(SIGCHLD, main_sigchld_handler); + ssh_signal(SIGPIPE, SIG_IGN); /* ignore SIGPIPE early */ + ssh_signal(SIGCHLD, main_sigchld_handler); /* Log into the remote system. Never returns if the login fails. */ ssh_login(ssh, &sensitive_data, host, (struct sockaddr *)&hostaddr, diff --git a/usr.bin/ssh/sshbuf.c b/usr.bin/ssh/sshbuf.c index f071c1848af..1eaaf77854f 100644 --- a/usr.bin/ssh/sshbuf.c +++ b/usr.bin/ssh/sshbuf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshbuf.c,v 1.13 2018/11/16 06:10:29 djm Exp $ */ +/* $OpenBSD: sshbuf.c,v 1.14 2020/01/23 07:10:22 dtucker Exp $ */ /* * Copyright (c) 2011 Damien Miller * @@ -40,7 +40,7 @@ sshbuf_check_sanity(const struct sshbuf *buf) buf->off > buf->size)) { /* Do not try to recover from corrupted buffer internals */ SSHBUF_DBG(("SSH_ERR_INTERNAL_ERROR")); - signal(SIGSEGV, SIG_DFL); + ssh_signal(SIGSEGV, SIG_DFL); raise(SIGSEGV); return SSH_ERR_INTERNAL_ERROR; } diff --git a/usr.bin/ssh/sshconnect.c b/usr.bin/ssh/sshconnect.c index 18bf553bfa6..7f855927d14 100644 --- a/usr.bin/ssh/sshconnect.c +++ b/usr.bin/ssh/sshconnect.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshconnect.c,v 1.326 2020/01/22 07:38:30 dtucker Exp $ */ +/* $OpenBSD: sshconnect.c,v 1.327 2020/01/23 07:10:22 dtucker Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -247,7 +247,7 @@ ssh_proxy_connect(struct ssh *ssh, const char *host, const char *host_arg, /* Execute the proxy command. Note that we gave up any extra privileges above. */ - signal(SIGPIPE, SIG_DFL); + ssh_signal(SIGPIPE, SIG_DFL); execv(argv[0], argv); perror(argv[0]); exit(1); @@ -1345,10 +1345,10 @@ ssh_local_cmd(const char *args) if ((shell = getenv("SHELL")) == NULL || *shell == '\0') shell = _PATH_BSHELL; - osighand = signal(SIGCHLD, SIG_DFL); + osighand = ssh_signal(SIGCHLD, SIG_DFL); pid = fork(); if (pid == 0) { - signal(SIGPIPE, SIG_DFL); + ssh_signal(SIGPIPE, SIG_DFL); debug3("Executing %s -c \"%s\"", shell, args); execl(shell, shell, "-c", args, (char *)NULL); error("Couldn't execute %s -c \"%s\": %s", @@ -1359,7 +1359,7 @@ ssh_local_cmd(const char *args) while (waitpid(pid, &status, 0) == -1) if (errno != EINTR) fatal("Couldn't wait for child: %s", strerror(errno)); - signal(SIGCHLD, osighand); + ssh_signal(SIGCHLD, osighand); if (!WIFEXITED(status)) return (1); diff --git a/usr.bin/ssh/sshconnect2.c b/usr.bin/ssh/sshconnect2.c index 13b3c0753ee..98dcae7bd2e 100644 --- a/usr.bin/ssh/sshconnect2.c +++ b/usr.bin/ssh/sshconnect2.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshconnect2.c,v 1.316 2020/01/23 02:46:49 dtucker Exp $ */ +/* $OpenBSD: sshconnect2.c,v 1.317 2020/01/23 07:10:22 dtucker Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * Copyright (c) 2008 Damien Miller. All rights reserved. @@ -1917,7 +1917,7 @@ ssh_keysign(struct ssh *ssh, struct sshkey *key, u_char **sigp, size_t *lenp, error("%s: fork: %s", __func__, strerror(errno)); return -1; } - osigchld = signal(SIGCHLD, SIG_DFL); + osigchld = ssh_signal(SIGCHLD, SIG_DFL); if (pid == 0) { close(from[0]); if (dup2(from[1], STDOUT_FILENO) == -1) @@ -1989,11 +1989,11 @@ ssh_keysign(struct ssh *ssh, struct sshkey *key, u_char **sigp, size_t *lenp, if ((r = sshbuf_get_string(b, sigp, lenp)) != 0) { error("%s: buffer error: %s", __func__, ssh_err(r)); fail: - signal(SIGCHLD, osigchld); + ssh_signal(SIGCHLD, osigchld); sshbuf_free(b); return -1; } - signal(SIGCHLD, osigchld); + ssh_signal(SIGCHLD, osigchld); sshbuf_free(b); return 0; diff --git a/usr.bin/ssh/sshd.c b/usr.bin/ssh/sshd.c index ec644c94f75..f6139feff1c 100644 --- a/usr.bin/ssh/sshd.c +++ b/usr.bin/ssh/sshd.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshd.c,v 1.543 2020/01/21 22:39:57 djm Exp $ */ +/* $OpenBSD: sshd.c,v 1.544 2020/01/23 07:10:22 dtucker Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -290,7 +290,7 @@ sighup_restart(void) close_listen_socks(); close_startup_pipes(); alarm(0); /* alarm timer persists across exec */ - signal(SIGHUP, SIG_IGN); /* will be restored after exec */ + ssh_signal(SIGHUP, SIG_IGN); /* will be restored after exec */ execv(saved_argv[0], saved_argv); logit("RESTART FAILED: av[0]='%.100s', error: %.100s.", saved_argv[0], strerror(errno)); @@ -319,6 +319,8 @@ main_sigchld_handler(int sig) pid_t pid; int status; + debug("main_sigchld_handler: %s", strsignal(sig)); + while ((pid = waitpid(-1, &status, WNOHANG)) > 0 || (pid == -1 && errno == EINTR)) ; @@ -340,7 +342,7 @@ grace_alarm_handler(int sig) * keys command helpers. */ if (getpgid(0) == getpid()) { - signal(SIGTERM, SIG_IGN); + ssh_signal(SIGTERM, SIG_IGN); kill(0, SIGTERM); } @@ -1804,7 +1806,7 @@ main(int ac, char **av) error("chdir(\"/\"): %s", strerror(errno)); /* ignore SIGPIPE */ - signal(SIGPIPE, SIG_IGN); + ssh_signal(SIGPIPE, SIG_IGN); /* Get a connection, either from inetd or a listening TCP socket */ if (inetd_flag) { @@ -1812,10 +1814,10 @@ main(int ac, char **av) } else { server_listen(); - signal(SIGHUP, sighup_handler); - signal(SIGCHLD, main_sigchld_handler); - signal(SIGTERM, sigterm_handler); - signal(SIGQUIT, sigterm_handler); + ssh_signal(SIGHUP, sighup_handler); + ssh_signal(SIGCHLD, main_sigchld_handler); + ssh_signal(SIGTERM, sigterm_handler); + ssh_signal(SIGQUIT, sigterm_handler); /* * Write out the pid file after the sigterm handler @@ -1898,11 +1900,11 @@ main(int ac, char **av) * will not restart on SIGHUP since it no longer makes sense. */ alarm(0); - signal(SIGALRM, SIG_DFL); - signal(SIGHUP, SIG_DFL); - signal(SIGTERM, SIG_DFL); - signal(SIGQUIT, SIG_DFL); - signal(SIGCHLD, SIG_DFL); + ssh_signal(SIGALRM, SIG_DFL); + ssh_signal(SIGHUP, SIG_DFL); + ssh_signal(SIGTERM, SIG_DFL); + ssh_signal(SIGQUIT, SIG_DFL); + ssh_signal(SIGCHLD, SIG_DFL); /* * Register our connection. This turns encryption off because we do @@ -1956,7 +1958,7 @@ main(int ac, char **av) * mode; it is just annoying to have the server exit just when you * are about to discover the bug. */ - signal(SIGALRM, grace_alarm_handler); + ssh_signal(SIGALRM, grace_alarm_handler); if (!debug_flag) alarm(options.login_grace_time); @@ -2012,7 +2014,7 @@ main(int ac, char **av) * authentication. */ alarm(0); - signal(SIGALRM, SIG_DFL); + ssh_signal(SIGALRM, SIG_DFL); authctxt->authenticated = 1; if (startup_pipe != -1) { close(startup_pipe); |