diff options
author | djm@openbsd.org <djm@openbsd.org> | 2021-05-07 03:09:38 +0000 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2021-05-10 10:57:58 +1000 |
commit | e3c032333be5fdbbaf2751f6f478e044922b4ec4 (patch) | |
tree | 043392ae449b397c366e7e8f83d0b703ddd74ced /sshd.c | |
parent | a4039724a3f2abac810735fc95cf9114a3856049 (diff) | |
download | openssh-git-e3c032333be5fdbbaf2751f6f478e044922b4ec4.tar.gz |
upstream: don't sigdie() in signal handler in privsep child process;
this can end up causing sandbox violations per bz3286; ok dtucker@
OpenBSD-Commit-ID: a7f40b2141dca4287920da68ede812bff7ccfdda
Diffstat (limited to 'sshd.c')
-rw-r--r-- | sshd.c | 13 |
1 files changed, 8 insertions, 5 deletions
@@ -1,4 +1,4 @@ -/* $OpenBSD: sshd.c,v 1.572 2021/04/03 06:18:41 djm Exp $ */ +/* $OpenBSD: sshd.c,v 1.573 2021/05/07 03:09:38 djm Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -366,11 +366,14 @@ grace_alarm_handler(int sig) kill(0, SIGTERM); } - /* XXX pre-format ipaddr/port so we don't need to access active_state */ /* Log error and exit. */ - sigdie("Timeout before authentication for %s port %d", - ssh_remote_ipaddr(the_active_state), - ssh_remote_port(the_active_state)); + if (use_privsep && pmonitor != NULL && pmonitor->m_pid <= 0) + cleanup_exit(255); /* don't log in privsep child */ + else { + sigdie("Timeout before authentication for %s port %d", + ssh_remote_ipaddr(the_active_state), + ssh_remote_port(the_active_state)); + } } /* Destroy the host and server keys. They will no longer be needed. */ |