- djm@cvs.openbsd.org 2010/01/29 00:20:41
[sshd.c]
set FD_CLOEXEC on sock_in/sock_out; bz#1706 from jchadima AT redhat.com
ok dtucker@
diff --git a/ChangeLog b/ChangeLog
index f9a84fd..67cf0fc 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -5,6 +5,10 @@
downgrade an error() to a debug() - this particular case can be hit in
normal operation for certain sequences of mux slave vs session closure
and is harmless
+ - djm@cvs.openbsd.org 2010/01/29 00:20:41
+ [sshd.c]
+ set FD_CLOEXEC on sock_in/sock_out; bz#1706 from jchadima AT redhat.com
+ ok dtucker@
20100129
- (dtucker) [openbsd-compat/openssl-compat.c] Bug #1707: Call OPENSSL_config()
diff --git a/mux.c b/mux.c
index 64781d4..0e07883 100644
--- a/mux.c
+++ b/mux.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: mux.c,v 1.12 2010/01/27 13:26:17 djm Exp $ */
+/* $OpenBSD: mux.c,v 1.13 2010/01/29 20:16:17 djm Exp $ */
/*
* Copyright (c) 2002-2008 Damien Miller <djm@openbsd.org>
*
@@ -212,7 +212,7 @@
sc->ctl_chan = -1;
if (sc->type != SSH_CHANNEL_OPEN) {
debug2("%s: channel %d: not open", __func__, sc->self);
- chan_mark_dead(c);
+ chan_mark_dead(sc);
} else {
chan_read_failed(sc);
chan_write_failed(sc);
diff --git a/sshd.c b/sshd.c
index d84db89..bf2e76c 100644
--- a/sshd.c
+++ b/sshd.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sshd.c,v 1.371 2010/01/13 03:48:13 djm Exp $ */
+/* $OpenBSD: sshd.c,v 1.372 2010/01/29 00:20:41 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -1748,6 +1748,10 @@
sock_in, sock_out, newsock, startup_pipe, config_s[0]);
}
+ /* Executed child processes don't need these. */
+ fcntl(sock_out, F_SETFD, FD_CLOEXEC);
+ fcntl(sock_in, F_SETFD, FD_CLOEXEC);
+
/*
* Disable the key regeneration alarm. We will not regenerate the
* key since we are no longer in a position to give it to anyone. We