ok djm
On Mon, 5 Feb 2018, Theo Buehler wrote:
> In channel_close_fd(), the file descriptors for the socket, stdin,
> stdout and stderr aren't necessarily distinct, so closing them results
> in EBADF. In addition, the diff adds a couple of positivity checks to
> avoid calling close(-1).
>
> Index: usr.bin/ssh/channels.c
> ===================================================================
> RCS file: /var/cvs/src/usr.bin/ssh/channels.c,v
> retrieving revision 1.378
> diff -u -p -r1.378 channels.c
> --- usr.bin/ssh/channels.c 23 Jan 2018 05:27:21 -0000 1.378
> +++ usr.bin/ssh/channels.c 24 Jan 2018 00:41:18 -0000
> @@ -426,10 +426,15 @@ channel_close_fd(struct ssh *ssh, int *f
> static void
> channel_close_fds(struct ssh *ssh, Channel *c)
> {
> + int sock = c->sock, rfd = c->rfd, wfd = c->wfd, efd = c->efd;
> +
> channel_close_fd(ssh, &c->sock);
> - channel_close_fd(ssh, &c->rfd);
> - channel_close_fd(ssh, &c->wfd);
> - channel_close_fd(ssh, &c->efd);
> + if (rfd != sock)
> + channel_close_fd(ssh, &c->rfd);
> + if (wfd != sock && wfd != rfd)
> + channel_close_fd(ssh, &c->wfd);
> + if (efd != sock && efd != rfd && efd != wfd)
> + channel_close_fd(ssh, &c->efd);
> }
>
> static void
> Index: usr.bin/ssh/monitor.c
> ===================================================================
> RCS file: /var/cvs/src/usr.bin/ssh/monitor.c,v
> retrieving revision 1.178
> diff -u -p -r1.178 monitor.c
> --- usr.bin/ssh/monitor.c 23 Jan 2018 05:27:21 -0000 1.178
> +++ usr.bin/ssh/monitor.c 24 Jan 2018 00:41:18 -0000
> @@ -230,8 +230,10 @@ monitor_child_preauth(Authctxt *_authctx
>
> debug3("preauth child monitor started");
>
> - close(pmonitor->m_recvfd);
> - close(pmonitor->m_log_sendfd);
> + if (pmonitor->m_recvfd >= 0)
> + close(pmonitor->m_recvfd);
> + if (pmonitor->m_log_sendfd >= 0)
> + close(pmonitor->m_log_sendfd);
> pmonitor->m_log_sendfd = pmonitor->m_recvfd = -1;
>
> authctxt = _authctxt;
> @@ -298,8 +300,10 @@ monitor_child_preauth(Authctxt *_authctx
> while (pmonitor->m_log_recvfd != -1 && monitor_read_log(pmonitor) == 0)
> ;
>
> - close(pmonitor->m_sendfd);
> - close(pmonitor->m_log_recvfd);
> + if (pmonitor->m_recvfd >= 0)
> + close(pmonitor->m_recvfd);
> + if (pmonitor->m_log_sendfd >= 0)
> + close(pmonitor->m_log_sendfd);
> pmonitor->m_sendfd = pmonitor->m_log_recvfd = -1;
> }
>
> Index: usr.bin/ssh/ssh-pkcs11-client.c
> ===================================================================
> RCS file: /var/cvs/src/usr.bin/ssh/ssh-pkcs11-client.c,v
> retrieving revision 1.7
> diff -u -p -r1.7 ssh-pkcs11-client.c
> --- usr.bin/ssh/ssh-pkcs11-client.c 30 May 2017 08:52:19 -0000 1.7
> +++ usr.bin/ssh/ssh-pkcs11-client.c 23 Jan 2018 00:09:22 -0000
> @@ -93,7 +93,8 @@ pkcs11_init(int interactive)
> void
> pkcs11_terminate(void)
> {
> - close(fd);
> + if (fd >= 0)
> + close(fd);
> }
>
> static int
>
>
