diff options
| author | Damien Miller <djm@mindrot.org> | 2010-01-30 17:30:04 +1100 |
|---|---|---|
| committer | Damien Miller <djm@mindrot.org> | 2010-01-30 17:30:04 +1100 |
| commit | 133d9d313e1058ed5d028abb450de253c00a4c5d (patch) | |
| tree | 709a2e0a70aca69278bec092ea6135d5d5ccdb4f | |
| parent | 36f57ebf3b5ecf697c5ae868dbc0992792890e06 (diff) | |
- djm@cvs.openbsd.org 2010/01/29 00:20:41
[sshd.c]
set FD_CLOEXEC on sock_in/sock_out; bz#1706 from jchadima AT redhat.com
ok dtucker@
| -rw-r--r-- | ChangeLog | 4 | ||||
| -rw-r--r-- | mux.c | 4 | ||||
| -rw-r--r-- | sshd.c | 6 |
3 files changed, 11 insertions, 3 deletions
@@ -5,6 +5,10 @@ downgrade an error() to a debug() - this particular case can be hit in normal operation for certain sequences of mux slave vs session closure and is harmless + - djm@cvs.openbsd.org 2010/01/29 00:20:41 + [sshd.c] + set FD_CLOEXEC on sock_in/sock_out; bz#1706 from jchadima AT redhat.com + ok dtucker@ 20100129 - (dtucker) [openbsd-compat/openssl-compat.c] Bug #1707: Call OPENSSL_config() @@ -1,4 +1,4 @@ -/* $OpenBSD: mux.c,v 1.12 2010/01/27 13:26:17 djm Exp $ */ +/* $OpenBSD: mux.c,v 1.13 2010/01/29 20:16:17 djm Exp $ */ /* * Copyright (c) 2002-2008 Damien Miller <djm@openbsd.org> * @@ -212,7 +212,7 @@ mux_master_control_cleanup_cb(int cid, void *unused) sc->ctl_chan = -1; if (sc->type != SSH_CHANNEL_OPEN) { debug2("%s: channel %d: not open", __func__, sc->self); - chan_mark_dead(c); + chan_mark_dead(sc); } else { chan_read_failed(sc); chan_write_failed(sc); @@ -1,4 +1,4 @@ -/* $OpenBSD: sshd.c,v 1.371 2010/01/13 03:48:13 djm Exp $ */ +/* $OpenBSD: sshd.c,v 1.372 2010/01/29 00:20:41 djm Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -1748,6 +1748,10 @@ main(int ac, char **av) sock_in, sock_out, newsock, startup_pipe, config_s[0]); } + /* Executed child processes don't need these. */ + fcntl(sock_out, F_SETFD, FD_CLOEXEC); + fcntl(sock_in, F_SETFD, FD_CLOEXEC); + /* * Disable the key regeneration alarm. We will not regenerate the * key since we are no longer in a position to give it to anyone. We |