summaryrefslogtreecommitdiff
path: root/usr.bin/ssh
diff options
context:
space:
mode:
Diffstat (limited to 'usr.bin/ssh')
-rw-r--r--usr.bin/ssh/auth.c4
-rw-r--r--usr.bin/ssh/auth2-pubkey.c10
-rw-r--r--usr.bin/ssh/clientloop.c26
-rw-r--r--usr.bin/ssh/misc.c19
-rw-r--r--usr.bin/ssh/misc.h4
-rw-r--r--usr.bin/ssh/monitor.c8
-rw-r--r--usr.bin/ssh/mux.c22
-rw-r--r--usr.bin/ssh/progressmeter.c6
-rw-r--r--usr.bin/ssh/readconf.c4
-rw-r--r--usr.bin/ssh/readpass.c14
-rw-r--r--usr.bin/ssh/scp.c22
-rw-r--r--usr.bin/ssh/serverloop.c10
-rw-r--r--usr.bin/ssh/session.c4
-rw-r--r--usr.bin/ssh/sftp.c26
-rw-r--r--usr.bin/ssh/ssh-agent.c10
-rw-r--r--usr.bin/ssh/ssh-sk-client.c9
-rw-r--r--usr.bin/ssh/ssh.c6
-rw-r--r--usr.bin/ssh/sshbuf.c4
-rw-r--r--usr.bin/ssh/sshconnect.c10
-rw-r--r--usr.bin/ssh/sshconnect2.c8
-rw-r--r--usr.bin/ssh/sshd.c32
21 files changed, 140 insertions, 118 deletions
diff --git a/usr.bin/ssh/auth.c b/usr.bin/ssh/auth.c
index f0340a81b7e..18bbfc8e275 100644
--- a/usr.bin/ssh/auth.c
+++ b/usr.bin/ssh/auth.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: auth.c,v 1.144 2019/12/16 13:58:53 tobhe Exp $ */
+/* $OpenBSD: auth.c,v 1.145 2020/01/23 07:10:22 dtucker Exp $ */
/*
* Copyright (c) 2000 Markus Friedl. All rights reserved.
*
@@ -800,7 +800,7 @@ subprocess(const char *tag, struct passwd *pw, const char *command,
child_set_env(&child_env, &envsize, "LANG", cp);
for (i = 0; i < NSIG; i++)
- signal(i, SIG_DFL);
+ ssh_signal(i, SIG_DFL);
if ((devnull = open(_PATH_DEVNULL, O_RDWR)) == -1) {
error("%s: open %s: %s", tag, _PATH_DEVNULL,
diff --git a/usr.bin/ssh/auth2-pubkey.c b/usr.bin/ssh/auth2-pubkey.c
index a882f0fae66..b79c53dc0de 100644
--- a/usr.bin/ssh/auth2-pubkey.c
+++ b/usr.bin/ssh/auth2-pubkey.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: auth2-pubkey.c,v 1.97 2019/11/25 00:54:23 djm Exp $ */
+/* $OpenBSD: auth2-pubkey.c,v 1.98 2020/01/23 07:10:22 dtucker Exp $ */
/*
* Copyright (c) 2000 Markus Friedl. All rights reserved.
*
@@ -457,7 +457,7 @@ match_principals_command(struct ssh *ssh, struct passwd *user_pw,
* NB. all returns later this function should go via "out" to
* ensure the original SIGCHLD handler is restored properly.
*/
- osigchld = signal(SIGCHLD, SIG_DFL);
+ osigchld = ssh_signal(SIGCHLD, SIG_DFL);
/* Prepare and verify the user for the command */
username = percent_expand(options.authorized_principals_command_user,
@@ -545,7 +545,7 @@ match_principals_command(struct ssh *ssh, struct passwd *user_pw,
out:
if (f != NULL)
fclose(f);
- signal(SIGCHLD, osigchld);
+ ssh_signal(SIGCHLD, osigchld);
for (i = 0; i < ac; i++)
free(av[i]);
free(av);
@@ -895,7 +895,7 @@ user_key_command_allowed2(struct ssh *ssh, struct passwd *user_pw,
* NB. all returns later this function should go via "out" to
* ensure the original SIGCHLD handler is restored properly.
*/
- osigchld = signal(SIGCHLD, SIG_DFL);
+ osigchld = ssh_signal(SIGCHLD, SIG_DFL);
/* Prepare and verify the user for the command */
username = percent_expand(options.authorized_keys_command_user,
@@ -984,7 +984,7 @@ user_key_command_allowed2(struct ssh *ssh, struct passwd *user_pw,
out:
if (f != NULL)
fclose(f);
- signal(SIGCHLD, osigchld);
+ ssh_signal(SIGCHLD, osigchld);
for (i = 0; i < ac; i++)
free(av[i]);
free(av);
diff --git a/usr.bin/ssh/clientloop.c b/usr.bin/ssh/clientloop.c
index 6eefb0ee9d6..4599ff6de40 100644
--- a/usr.bin/ssh/clientloop.c
+++ b/usr.bin/ssh/clientloop.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: clientloop.c,v 1.331 2020/01/23 02:46:49 dtucker Exp $ */
+/* $OpenBSD: clientloop.c,v 1.332 2020/01/23 07:10:22 dtucker Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -777,7 +777,7 @@ process_cmdline(struct ssh *ssh)
memset(&fwd, 0, sizeof(fwd));
leave_raw_mode(options.request_tty == REQUEST_TTY_FORCE);
- handler = signal(SIGINT, SIG_IGN);
+ handler = ssh_signal(SIGINT, SIG_IGN);
cmd = s = read_passphrase("\r\nssh> ", RP_ECHO);
if (s == NULL)
goto out;
@@ -875,7 +875,7 @@ process_cmdline(struct ssh *ssh)
}
out:
- signal(SIGINT, handler);
+ ssh_signal(SIGINT, handler);
enter_raw_mode(options.request_tty == REQUEST_TTY_FORCE);
free(cmd);
free(fwd.listen_host);
@@ -1298,15 +1298,15 @@ client_loop(struct ssh *ssh, int have_pty, int escape_char_arg,
* Set signal handlers, (e.g. to restore non-blocking mode)
* but don't overwrite SIG_IGN, matches behaviour from rsh(1)
*/
- if (signal(SIGHUP, SIG_IGN) != SIG_IGN)
- signal(SIGHUP, signal_handler);
- if (signal(SIGINT, SIG_IGN) != SIG_IGN)
- signal(SIGINT, signal_handler);
- if (signal(SIGQUIT, SIG_IGN) != SIG_IGN)
- signal(SIGQUIT, signal_handler);
- if (signal(SIGTERM, SIG_IGN) != SIG_IGN)
- signal(SIGTERM, signal_handler);
- signal(SIGWINCH, window_change_handler);
+ if (ssh_signal(SIGHUP, SIG_IGN) != SIG_IGN)
+ ssh_signal(SIGHUP, signal_handler);
+ if (ssh_signal(SIGINT, SIG_IGN) != SIG_IGN)
+ ssh_signal(SIGINT, signal_handler);
+ if (ssh_signal(SIGQUIT, SIG_IGN) != SIG_IGN)
+ ssh_signal(SIGQUIT, signal_handler);
+ if (ssh_signal(SIGTERM, SIG_IGN) != SIG_IGN)
+ ssh_signal(SIGTERM, signal_handler);
+ ssh_signal(SIGWINCH, window_change_handler);
if (have_pty)
enter_raw_mode(options.request_tty == REQUEST_TTY_FORCE);
@@ -1405,7 +1405,7 @@ client_loop(struct ssh *ssh, int have_pty, int escape_char_arg,
/* Terminate the session. */
/* Stop watching for window change. */
- signal(SIGWINCH, SIG_DFL);
+ ssh_signal(SIGWINCH, SIG_DFL);
if ((r = sshpkt_start(ssh, SSH2_MSG_DISCONNECT)) != 0 ||
(r = sshpkt_put_u32(ssh, SSH2_DISCONNECT_BY_APPLICATION)) != 0 ||
diff --git a/usr.bin/ssh/misc.c b/usr.bin/ssh/misc.c
index 7404a21b033..77621582bae 100644
--- a/usr.bin/ssh/misc.c
+++ b/usr.bin/ssh/misc.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: misc.c,v 1.143 2019/11/22 06:50:30 dtucker Exp $ */
+/* $OpenBSD: misc.c,v 1.144 2020/01/23 07:10:22 dtucker Exp $ */
/*
* Copyright (c) 2000 Markus Friedl. All rights reserved.
* Copyright (c) 2005,2006 Damien Miller. All rights reserved.
@@ -2133,3 +2133,20 @@ opt_match(const char **opts, const char *term)
return 0;
}
+sshsig_t
+ssh_signal(int signum, sshsig_t handler)
+{
+ struct sigaction sa, osa;
+
+ /* mask all other signals while in handler */
+ bzero(&sa, sizeof(sa));
+ sa.sa_handler = handler;
+ sigfillset(&sa.sa_mask);
+ if (signum != SIGALRM)
+ sa.sa_flags = SA_RESTART;
+ if (sigaction(signum, &sa, &osa) == -1) {
+ debug3("sigaction(%s): %s", strsignal(signum), strerror(errno));
+ return SIG_ERR;
+ }
+ return osa.sa_handler;
+}
diff --git a/usr.bin/ssh/misc.h b/usr.bin/ssh/misc.h
index c402e98f787..94419f476c3 100644
--- a/usr.bin/ssh/misc.h
+++ b/usr.bin/ssh/misc.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: misc.h,v 1.82 2019/11/12 22:34:20 djm Exp $ */
+/* $OpenBSD: misc.h,v 1.83 2020/01/23 07:10:22 dtucker Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -188,4 +188,6 @@ void notify_complete(struct notifier_ctx *);
#define MAXIMUM(a, b) (((a) > (b)) ? (a) : (b))
#define ROUNDUP(x, y) ((((x)+((y)-1))/(y))*(y))
+typedef void (*sshsig_t)(int);
+sshsig_t ssh_signal(int, sshsig_t);
#endif /* _MISC_H */
diff --git a/usr.bin/ssh/monitor.c b/usr.bin/ssh/monitor.c
index 91715274e4d..bf9d35b1ed1 100644
--- a/usr.bin/ssh/monitor.c
+++ b/usr.bin/ssh/monitor.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: monitor.c,v 1.206 2019/12/15 18:57:30 djm Exp $ */
+/* $OpenBSD: monitor.c,v 1.207 2020/01/23 07:10:22 dtucker Exp $ */
/*
* Copyright 2002 Niels Provos <provos@citi.umich.edu>
* Copyright 2002 Markus Friedl <markus@openbsd.org>
@@ -330,9 +330,9 @@ monitor_child_postauth(struct ssh *ssh, struct monitor *pmonitor)
pmonitor->m_recvfd = -1;
monitor_set_child_handler(pmonitor->m_pid);
- signal(SIGHUP, &monitor_child_handler);
- signal(SIGTERM, &monitor_child_handler);
- signal(SIGINT, &monitor_child_handler);
+ ssh_signal(SIGHUP, &monitor_child_handler);
+ ssh_signal(SIGTERM, &monitor_child_handler);
+ ssh_signal(SIGINT, &monitor_child_handler);
mon_dispatch = mon_dispatch_postauth20;
diff --git a/usr.bin/ssh/mux.c b/usr.bin/ssh/mux.c
index 776bec17a9e..3f9a88b856d 100644
--- a/usr.bin/ssh/mux.c
+++ b/usr.bin/ssh/mux.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: mux.c,v 1.80 2019/06/28 13:35:04 deraadt Exp $ */
+/* $OpenBSD: mux.c,v 1.81 2020/01/23 07:10:22 dtucker Exp $ */
/*
* Copyright (c) 2002-2008 Damien Miller <djm@openbsd.org>
*
@@ -1892,7 +1892,7 @@ mux_client_request_session(int fd)
return -1;
}
- signal(SIGPIPE, SIG_IGN);
+ ssh_signal(SIGPIPE, SIG_IGN);
if (stdin_null_flag) {
if ((devnull = open(_PATH_DEVNULL, O_RDONLY)) == -1)
@@ -1992,10 +1992,10 @@ mux_client_request_session(int fd)
if (pledge("stdio proc tty", NULL) == -1)
fatal("%s pledge(): %s", __func__, strerror(errno));
- signal(SIGHUP, control_client_sighandler);
- signal(SIGINT, control_client_sighandler);
- signal(SIGTERM, control_client_sighandler);
- signal(SIGWINCH, control_client_sigrelay);
+ ssh_signal(SIGHUP, control_client_sighandler);
+ ssh_signal(SIGINT, control_client_sighandler);
+ ssh_signal(SIGTERM, control_client_sighandler);
+ ssh_signal(SIGWINCH, control_client_sigrelay);
rawmode = tty_flag;
if (tty_flag)
@@ -2125,7 +2125,7 @@ mux_client_request_stdio_fwd(int fd)
return -1;
}
- signal(SIGPIPE, SIG_IGN);
+ ssh_signal(SIGPIPE, SIG_IGN);
if (stdin_null_flag) {
if ((devnull = open(_PATH_DEVNULL, O_RDONLY)) == -1)
@@ -2198,10 +2198,10 @@ mux_client_request_stdio_fwd(int fd)
}
muxclient_request_id++;
- signal(SIGHUP, control_client_sighandler);
- signal(SIGINT, control_client_sighandler);
- signal(SIGTERM, control_client_sighandler);
- signal(SIGWINCH, control_client_sigrelay);
+ ssh_signal(SIGHUP, control_client_sighandler);
+ ssh_signal(SIGINT, control_client_sighandler);
+ ssh_signal(SIGTERM, control_client_sighandler);
+ ssh_signal(SIGWINCH, control_client_sigrelay);
/*
* Stick around until the controlee closes the client_fd.
diff --git a/usr.bin/ssh/progressmeter.c b/usr.bin/ssh/progressmeter.c
index 05827e0ee0b..338504aa7bd 100644
--- a/usr.bin/ssh/progressmeter.c
+++ b/usr.bin/ssh/progressmeter.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: progressmeter.c,v 1.49 2019/10/29 07:47:27 dtucker Exp $ */
+/* $OpenBSD: progressmeter.c,v 1.50 2020/01/23 07:10:22 dtucker Exp $ */
/*
* Copyright (c) 2003 Nils Nordman. All rights reserved.
*
@@ -250,8 +250,8 @@ start_progress_meter(const char *f, off_t filesize, off_t *ctr)
setscreensize();
refresh_progress_meter(1);
- signal(SIGALRM, sig_alarm);
- signal(SIGWINCH, sig_winch);
+ ssh_signal(SIGALRM, sig_alarm);
+ ssh_signal(SIGWINCH, sig_winch);
alarm(UPDATE_INTERVAL);
}
diff --git a/usr.bin/ssh/readconf.c b/usr.bin/ssh/readconf.c
index ed550277fec..9c3a8560876 100644
--- a/usr.bin/ssh/readconf.c
+++ b/usr.bin/ssh/readconf.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: readconf.c,v 1.320 2020/01/23 02:46:49 dtucker Exp $ */
+/* $OpenBSD: readconf.c,v 1.321 2020/01/23 07:10:22 dtucker Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -514,7 +514,7 @@ execute_in_shell(const char *cmd)
execv(argv[0], argv);
error("Unable to execute '%.100s': %s", cmd, strerror(errno));
/* Die with signal to make this error apparent to parent. */
- signal(SIGTERM, SIG_DFL);
+ ssh_signal(SIGTERM, SIG_DFL);
kill(getpid(), SIGTERM);
_exit(1);
}
diff --git a/usr.bin/ssh/readpass.c b/usr.bin/ssh/readpass.c
index 96468416ad8..104c3188ddb 100644
--- a/usr.bin/ssh/readpass.c
+++ b/usr.bin/ssh/readpass.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: readpass.c,v 1.60 2019/12/06 03:06:08 djm Exp $ */
+/* $OpenBSD: readpass.c,v 1.61 2020/01/23 07:10:22 dtucker Exp $ */
/*
* Copyright (c) 2001 Markus Friedl. All rights reserved.
*
@@ -62,10 +62,10 @@ ssh_askpass(char *askpass, const char *msg, const char *env_hint)
error("%s: pipe: %s", __func__, strerror(errno));
return NULL;
}
- osigchld = signal(SIGCHLD, SIG_DFL);
+ osigchld = ssh_signal(SIGCHLD, SIG_DFL);
if ((pid = fork()) == -1) {
error("%s: fork: %s", __func__, strerror(errno));
- signal(SIGCHLD, osigchld);
+ ssh_signal(SIGCHLD, osigchld);
return NULL;
}
if (pid == 0) {
@@ -95,7 +95,7 @@ ssh_askpass(char *askpass, const char *msg, const char *env_hint)
while ((ret = waitpid(pid, &status, 0)) == -1)
if (errno != EINTR)
break;
- signal(SIGCHLD, osigchld);
+ ssh_signal(SIGCHLD, osigchld);
if (ret == -1 || !WIFEXITED(status) || WEXITSTATUS(status) != 0) {
explicit_bzero(buf, sizeof(buf));
return NULL;
@@ -240,10 +240,10 @@ notify_start(int force_askpass, const char *fmt, ...)
free(prompt);
return NULL;
}
- osigchld = signal(SIGCHLD, SIG_DFL);
+ osigchld = ssh_signal(SIGCHLD, SIG_DFL);
if ((pid = fork()) == -1) {
error("%s: fork: %s", __func__, strerror(errno));
- signal(SIGCHLD, osigchld);
+ ssh_signal(SIGCHLD, osigchld);
free(prompt);
return NULL;
}
@@ -286,6 +286,6 @@ notify_complete(struct notifier_ctx *ctx)
}
if (ret == -1)
fatal("%s: waitpid: %s", __func__, strerror(errno));
- signal(SIGCHLD, ctx->osigchld);
+ ssh_signal(SIGCHLD, ctx->osigchld);
free(ctx);
}
diff --git a/usr.bin/ssh/scp.c b/usr.bin/ssh/scp.c
index 52807603d65..4830ae1f58f 100644
--- a/usr.bin/ssh/scp.c
+++ b/usr.bin/ssh/scp.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: scp.c,v 1.206 2019/09/09 02:31:19 dtucker Exp $ */
+/* $OpenBSD: scp.c,v 1.207 2020/01/23 07:10:22 dtucker Exp $ */
/*
* scp - secure remote copy. This is basically patched BSD rcp which
* uses ssh to do the data transfer (instead of using rcmd).
@@ -195,9 +195,9 @@ do_local_cmd(arglist *a)
}
do_cmd_pid = pid;
- signal(SIGTERM, killchild);
- signal(SIGINT, killchild);
- signal(SIGHUP, killchild);
+ ssh_signal(SIGTERM, killchild);
+ ssh_signal(SIGINT, killchild);
+ ssh_signal(SIGHUP, killchild);
while (waitpid(pid, &status, 0) == -1)
if (errno != EINTR)
@@ -248,9 +248,9 @@ do_cmd(char *host, char *remuser, int port, char *cmd, int *fdin, int *fdout)
close(reserved[0]);
close(reserved[1]);
- signal(SIGTSTP, suspchild);
- signal(SIGTTIN, suspchild);
- signal(SIGTTOU, suspchild);
+ ssh_signal(SIGTSTP, suspchild);
+ ssh_signal(SIGTTIN, suspchild);
+ ssh_signal(SIGTTOU, suspchild);
/* Fork a child to execute the command on the remote host using ssh. */
do_cmd_pid = fork();
@@ -287,9 +287,9 @@ do_cmd(char *host, char *remuser, int port, char *cmd, int *fdin, int *fdout)
*fdout = pin[1];
close(pout[1]);
*fdin = pout[0];
- signal(SIGTERM, killchild);
- signal(SIGINT, killchild);
- signal(SIGHUP, killchild);
+ ssh_signal(SIGTERM, killchild);
+ ssh_signal(SIGINT, killchild);
+ ssh_signal(SIGHUP, killchild);
return 0;
}
@@ -534,7 +534,7 @@ main(int argc, char **argv)
iamrecursive ? " -r" : "", pflag ? " -p" : "",
targetshouldbedirectory ? " -d" : "");
- (void) signal(SIGPIPE, lostconn);
+ (void) ssh_signal(SIGPIPE, lostconn);
if (colon(argv[argc - 1])) /* Dest is remote host. */
toremote(argc, argv);
diff --git a/usr.bin/ssh/serverloop.c b/usr.bin/ssh/serverloop.c
index 956083b2337..1dc56dff193 100644
--- a/usr.bin/ssh/serverloop.c
+++ b/usr.bin/ssh/serverloop.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: serverloop.c,v 1.218 2019/11/27 05:38:43 dtucker Exp $ */
+/* $OpenBSD: serverloop.c,v 1.219 2020/01/23 07:10:22 dtucker Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -397,15 +397,15 @@ server_loop2(struct ssh *ssh, Authctxt *authctxt)
debug("Entering interactive session for SSH2.");
- signal(SIGCHLD, sigchld_handler);
+ ssh_signal(SIGCHLD, sigchld_handler);
child_terminated = 0;
connection_in = ssh_packet_get_connection_in(ssh);
connection_out = ssh_packet_get_connection_out(ssh);
if (!use_privsep) {
- signal(SIGTERM, sigterm_handler);
- signal(SIGINT, sigterm_handler);
- signal(SIGQUIT, sigterm_handler);
+ ssh_signal(SIGTERM, sigterm_handler);
+ ssh_signal(SIGINT, sigterm_handler);
+ ssh_signal(SIGQUIT, sigterm_handler);
}
notify_setup();
diff --git a/usr.bin/ssh/session.c b/usr.bin/ssh/session.c
index 36c76af69bb..dc9bde7bd1c 100644
--- a/usr.bin/ssh/session.c
+++ b/usr.bin/ssh/session.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: session.c,v 1.317 2019/11/13 04:47:52 deraadt Exp $ */
+/* $OpenBSD: session.c,v 1.318 2020/01/23 07:10:22 dtucker Exp $ */
/*
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
* All rights reserved
@@ -1323,7 +1323,7 @@ do_child(struct ssh *ssh, Session *s, const char *command)
do_rc_files(ssh, s, shell);
/* restore SIGPIPE for child */
- signal(SIGPIPE, SIG_DFL);
+ ssh_signal(SIGPIPE, SIG_DFL);
if (s->is_subsystem == SUBSYSTEM_INT_SFTP_ERROR) {
error("Connection from %s: refusing non-sftp session",
diff --git a/usr.bin/ssh/sftp.c b/usr.bin/ssh/sftp.c
index 922382dfa24..025102e9cbb 100644
--- a/usr.bin/ssh/sftp.c
+++ b/usr.bin/ssh/sftp.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sftp.c,v 1.196 2019/11/01 03:54:33 djm Exp $ */
+/* $OpenBSD: sftp.c,v 1.197 2020/01/23 07:10:22 dtucker Exp $ */
/*
* Copyright (c) 2001-2004 Damien Miller <djm@openbsd.org>
*
@@ -2214,7 +2214,7 @@ interactive_loop(struct sftp_conn *conn, char *file1, char *file2)
const char *line;
int count = 0;
- signal(SIGINT, SIG_IGN);
+ ssh_signal(SIGINT, SIG_IGN);
if (el == NULL) {
if (interactive)
@@ -2241,14 +2241,14 @@ interactive_loop(struct sftp_conn *conn, char *file1, char *file2)
/* Handle user interrupts gracefully during commands */
interrupted = 0;
- signal(SIGINT, cmd_interrupt);
+ ssh_signal(SIGINT, cmd_interrupt);
err = parse_dispatch_command(conn, cmd, &remote_path,
startdir, batchmode, !interactive && el == NULL);
if (err != 0)
break;
}
- signal(SIGCHLD, SIG_DFL);
+ ssh_signal(SIGCHLD, SIG_DFL);
free(remote_path);
free(startdir);
free(conn);
@@ -2292,20 +2292,20 @@ connect_to_server(char *path, char **args, int *in, int *out)
* kill it too. Contrawise, since sftp sends SIGTERMs to the
* underlying ssh, it must *not* ignore that signal.
*/
- signal(SIGINT, SIG_IGN);
- signal(SIGTERM, SIG_DFL);
+ ssh_signal(SIGINT, SIG_IGN);
+ ssh_signal(SIGTERM, SIG_DFL);
execvp(path, args);
fprintf(stderr, "exec: %s: %s\n", path, strerror(errno));
_exit(1);
}
- signal(SIGTERM, killchild);
- signal(SIGINT, killchild);
- signal(SIGHUP, killchild);
- signal(SIGTSTP, suspchild);
- signal(SIGTTIN, suspchild);
- signal(SIGTTOU, suspchild);
- signal(SIGCHLD, sigchld_handler);
+ ssh_signal(SIGTERM, killchild);
+ ssh_signal(SIGINT, killchild);
+ ssh_signal(SIGHUP, killchild);
+ ssh_signal(SIGTSTP, suspchild);
+ ssh_signal(SIGTTIN, suspchild);
+ ssh_signal(SIGTTOU, suspchild);
+ ssh_signal(SIGCHLD, sigchld_handler);
close(c_in);
close(c_out);
}
diff --git a/usr.bin/ssh/ssh-agent.c b/usr.bin/ssh/ssh-agent.c
index f9a2908a82a..835da83a947 100644
--- a/usr.bin/ssh/ssh-agent.c
+++ b/usr.bin/ssh/ssh-agent.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-agent.c,v 1.251 2019/12/13 19:09:10 djm Exp $ */
+/* $OpenBSD: ssh-agent.c,v 1.252 2020/01/23 07:10:22 dtucker Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -1383,10 +1383,10 @@ skip:
if (ac > 0)
parent_alive_interval = 10;
idtab_init();
- signal(SIGPIPE, SIG_IGN);
- signal(SIGINT, (d_flag | D_flag) ? cleanup_handler : SIG_IGN);
- signal(SIGHUP, cleanup_handler);
- signal(SIGTERM, cleanup_handler);
+ ssh_signal(SIGPIPE, SIG_IGN);
+ ssh_signal(SIGINT, (d_flag | D_flag) ? cleanup_handler : SIG_IGN);
+ ssh_signal(SIGHUP, cleanup_handler);
+ ssh_signal(SIGTERM, cleanup_handler);
if (pledge("stdio rpath cpath unix id proc exec", NULL) == -1)
fatal("%s: pledge: %s", __progname, strerror(errno));
diff --git a/usr.bin/ssh/ssh-sk-client.c b/usr.bin/ssh/ssh-sk-client.c
index 6ca85aaeba1..aeb878324e7 100644
--- a/usr.bin/ssh/ssh-sk-client.c
+++ b/usr.bin/ssh/ssh-sk-client.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-sk-client.c,v 1.6 2020/01/21 07:07:31 djm Exp $ */
+/* $OpenBSD: ssh-sk-client.c,v 1.7 2020/01/23 07:10:22 dtucker Exp $ */
/*
* Copyright (c) 2019 Google LLC
*
@@ -37,6 +37,7 @@
#include "digest.h"
#include "pathnames.h"
#include "ssh-sk.h"
+#include "misc.h"
/* #define DEBUG_SK 1 */
@@ -71,13 +72,13 @@ start_helper(int *fdp, pid_t *pidp, void (**osigchldp)(int))
error("socketpair: %s", strerror(errno));
return SSH_ERR_SYSTEM_ERROR;
}
- osigchld = signal(SIGCHLD, SIG_DFL);
+ osigchld = ssh_signal(SIGCHLD, SIG_DFL);
if ((pid = fork()) == -1) {
oerrno = errno;
error("fork: %s", strerror(errno));
close(pair[0]);
close(pair[1]);
- signal(SIGCHLD, osigchld);
+ ssh_signal(SIGCHLD, osigchld);
errno = oerrno;
return SSH_ERR_SYSTEM_ERROR;
}
@@ -218,7 +219,7 @@ client_converse(struct sshbuf *msg, struct sshbuf **respp, u_int type)
}
sshbuf_free(req);
sshbuf_free(resp);
- signal(SIGCHLD, osigchld);
+ ssh_signal(SIGCHLD, osigchld);
errno = oerrno;
return r;
diff --git a/usr.bin/ssh/ssh.c b/usr.bin/ssh/ssh.c
index 1d01e011256..6797afe0d47 100644
--- a/usr.bin/ssh/ssh.c
+++ b/usr.bin/ssh/ssh.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh.c,v 1.511 2020/01/05 16:28:22 beck Exp $ */
+/* $OpenBSD: ssh.c,v 1.512 2020/01/23 07:10:22 dtucker Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -1508,8 +1508,8 @@ main(int ac, char **av)
options.num_system_hostfiles);
tilde_expand_paths(options.user_hostfiles, options.num_user_hostfiles);
- signal(SIGPIPE, SIG_IGN); /* ignore SIGPIPE early */
- signal(SIGCHLD, main_sigchld_handler);
+ ssh_signal(SIGPIPE, SIG_IGN); /* ignore SIGPIPE early */
+ ssh_signal(SIGCHLD, main_sigchld_handler);
/* Log into the remote system. Never returns if the login fails. */
ssh_login(ssh, &sensitive_data, host, (struct sockaddr *)&hostaddr,
diff --git a/usr.bin/ssh/sshbuf.c b/usr.bin/ssh/sshbuf.c
index f071c1848af..1eaaf77854f 100644
--- a/usr.bin/ssh/sshbuf.c
+++ b/usr.bin/ssh/sshbuf.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sshbuf.c,v 1.13 2018/11/16 06:10:29 djm Exp $ */
+/* $OpenBSD: sshbuf.c,v 1.14 2020/01/23 07:10:22 dtucker Exp $ */
/*
* Copyright (c) 2011 Damien Miller
*
@@ -40,7 +40,7 @@ sshbuf_check_sanity(const struct sshbuf *buf)
buf->off > buf->size)) {
/* Do not try to recover from corrupted buffer internals */
SSHBUF_DBG(("SSH_ERR_INTERNAL_ERROR"));
- signal(SIGSEGV, SIG_DFL);
+ ssh_signal(SIGSEGV, SIG_DFL);
raise(SIGSEGV);
return SSH_ERR_INTERNAL_ERROR;
}
diff --git a/usr.bin/ssh/sshconnect.c b/usr.bin/ssh/sshconnect.c
index 18bf553bfa6..7f855927d14 100644
--- a/usr.bin/ssh/sshconnect.c
+++ b/usr.bin/ssh/sshconnect.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sshconnect.c,v 1.326 2020/01/22 07:38:30 dtucker Exp $ */
+/* $OpenBSD: sshconnect.c,v 1.327 2020/01/23 07:10:22 dtucker Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -247,7 +247,7 @@ ssh_proxy_connect(struct ssh *ssh, const char *host, const char *host_arg,
/* Execute the proxy command. Note that we gave up any
extra privileges above. */
- signal(SIGPIPE, SIG_DFL);
+ ssh_signal(SIGPIPE, SIG_DFL);
execv(argv[0], argv);
perror(argv[0]);
exit(1);
@@ -1345,10 +1345,10 @@ ssh_local_cmd(const char *args)
if ((shell = getenv("SHELL")) == NULL || *shell == '\0')
shell = _PATH_BSHELL;
- osighand = signal(SIGCHLD, SIG_DFL);
+ osighand = ssh_signal(SIGCHLD, SIG_DFL);
pid = fork();
if (pid == 0) {
- signal(SIGPIPE, SIG_DFL);
+ ssh_signal(SIGPIPE, SIG_DFL);
debug3("Executing %s -c \"%s\"", shell, args);
execl(shell, shell, "-c", args, (char *)NULL);
error("Couldn't execute %s -c \"%s\": %s",
@@ -1359,7 +1359,7 @@ ssh_local_cmd(const char *args)
while (waitpid(pid, &status, 0) == -1)
if (errno != EINTR)
fatal("Couldn't wait for child: %s", strerror(errno));
- signal(SIGCHLD, osighand);
+ ssh_signal(SIGCHLD, osighand);
if (!WIFEXITED(status))
return (1);
diff --git a/usr.bin/ssh/sshconnect2.c b/usr.bin/ssh/sshconnect2.c
index 13b3c0753ee..98dcae7bd2e 100644
--- a/usr.bin/ssh/sshconnect2.c
+++ b/usr.bin/ssh/sshconnect2.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sshconnect2.c,v 1.316 2020/01/23 02:46:49 dtucker Exp $ */
+/* $OpenBSD: sshconnect2.c,v 1.317 2020/01/23 07:10:22 dtucker Exp $ */
/*
* Copyright (c) 2000 Markus Friedl. All rights reserved.
* Copyright (c) 2008 Damien Miller. All rights reserved.
@@ -1917,7 +1917,7 @@ ssh_keysign(struct ssh *ssh, struct sshkey *key, u_char **sigp, size_t *lenp,
error("%s: fork: %s", __func__, strerror(errno));
return -1;
}
- osigchld = signal(SIGCHLD, SIG_DFL);
+ osigchld = ssh_signal(SIGCHLD, SIG_DFL);
if (pid == 0) {
close(from[0]);
if (dup2(from[1], STDOUT_FILENO) == -1)
@@ -1989,11 +1989,11 @@ ssh_keysign(struct ssh *ssh, struct sshkey *key, u_char **sigp, size_t *lenp,
if ((r = sshbuf_get_string(b, sigp, lenp)) != 0) {
error("%s: buffer error: %s", __func__, ssh_err(r));
fail:
- signal(SIGCHLD, osigchld);
+ ssh_signal(SIGCHLD, osigchld);
sshbuf_free(b);
return -1;
}
- signal(SIGCHLD, osigchld);
+ ssh_signal(SIGCHLD, osigchld);
sshbuf_free(b);
return 0;
diff --git a/usr.bin/ssh/sshd.c b/usr.bin/ssh/sshd.c
index ec644c94f75..f6139feff1c 100644
--- a/usr.bin/ssh/sshd.c
+++ b/usr.bin/ssh/sshd.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sshd.c,v 1.543 2020/01/21 22:39:57 djm Exp $ */
+/* $OpenBSD: sshd.c,v 1.544 2020/01/23 07:10:22 dtucker Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -290,7 +290,7 @@ sighup_restart(void)
close_listen_socks();
close_startup_pipes();
alarm(0); /* alarm timer persists across exec */
- signal(SIGHUP, SIG_IGN); /* will be restored after exec */
+ ssh_signal(SIGHUP, SIG_IGN); /* will be restored after exec */
execv(saved_argv[0], saved_argv);
logit("RESTART FAILED: av[0]='%.100s', error: %.100s.", saved_argv[0],
strerror(errno));
@@ -319,6 +319,8 @@ main_sigchld_handler(int sig)
pid_t pid;
int status;
+ debug("main_sigchld_handler: %s", strsignal(sig));
+
while ((pid = waitpid(-1, &status, WNOHANG)) > 0 ||
(pid == -1 && errno == EINTR))
;
@@ -340,7 +342,7 @@ grace_alarm_handler(int sig)
* keys command helpers.
*/
if (getpgid(0) == getpid()) {
- signal(SIGTERM, SIG_IGN);
+ ssh_signal(SIGTERM, SIG_IGN);
kill(0, SIGTERM);
}
@@ -1804,7 +1806,7 @@ main(int ac, char **av)
error("chdir(\"/\"): %s", strerror(errno));
/* ignore SIGPIPE */
- signal(SIGPIPE, SIG_IGN);
+ ssh_signal(SIGPIPE, SIG_IGN);
/* Get a connection, either from inetd or a listening TCP socket */
if (inetd_flag) {
@@ -1812,10 +1814,10 @@ main(int ac, char **av)
} else {
server_listen();
- signal(SIGHUP, sighup_handler);
- signal(SIGCHLD, main_sigchld_handler);
- signal(SIGTERM, sigterm_handler);
- signal(SIGQUIT, sigterm_handler);
+ ssh_signal(SIGHUP, sighup_handler);
+ ssh_signal(SIGCHLD, main_sigchld_handler);
+ ssh_signal(SIGTERM, sigterm_handler);
+ ssh_signal(SIGQUIT, sigterm_handler);
/*
* Write out the pid file after the sigterm handler
@@ -1898,11 +1900,11 @@ main(int ac, char **av)
* will not restart on SIGHUP since it no longer makes sense.
*/
alarm(0);
- signal(SIGALRM, SIG_DFL);
- signal(SIGHUP, SIG_DFL);
- signal(SIGTERM, SIG_DFL);
- signal(SIGQUIT, SIG_DFL);
- signal(SIGCHLD, SIG_DFL);
+ ssh_signal(SIGALRM, SIG_DFL);
+ ssh_signal(SIGHUP, SIG_DFL);
+ ssh_signal(SIGTERM, SIG_DFL);
+ ssh_signal(SIGQUIT, SIG_DFL);
+ ssh_signal(SIGCHLD, SIG_DFL);
/*
* Register our connection. This turns encryption off because we do
@@ -1956,7 +1958,7 @@ main(int ac, char **av)
* mode; it is just annoying to have the server exit just when you
* are about to discover the bug.
*/
- signal(SIGALRM, grace_alarm_handler);
+ ssh_signal(SIGALRM, grace_alarm_handler);
if (!debug_flag)
alarm(options.login_grace_time);
@@ -2012,7 +2014,7 @@ main(int ac, char **av)
* authentication.
*/
alarm(0);
- signal(SIGALRM, SIG_DFL);
+ ssh_signal(SIGALRM, SIG_DFL);
authctxt->authenticated = 1;
if (startup_pipe != -1) {
close(startup_pipe);