hardenedbsd/HardenedBSD
1
0
Fork 0
mirror of https://git.hardenedbsd.org/hardenedbsd/HardenedBSD.git synced 2024-11-11 04:42:16 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity

ssh: fix OpenSSH 9.4 regression with multiplexed sessions

Browse Source 
Upstream commit message:
upstream: fix regression in OpenSSH 9.4 (mux.c r1.99) that caused
multiplexed sessions to ignore SIGINT under some circumstances.
Reported by / feedback naddy@, ok dtucker@

OpenBSD-Commit-ID: 4d5c6c894664f50149153fd4764f21f43e7d7e5a

Fixes: 535af610a4 ("ssh: Update to OpenSSH 9.4p1")
Obtained from:	OpenSSH 803e22eabd3b
Sponsored by:	The FreeBSD Foundation
This commit is contained in:
Ed Maste 2023-08-20 15:16:54 -04:00
parent b1d3e2b771
commit 1b91d634a5
4 changed files with 39 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
crypto/openssh/kex.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: kex.c,v 1.178 2023/03/12 10:40:39 dtucker Exp $ */ /* $OpenBSD: kex.c,v 1.179 2023/08/18 01:37:41 djm Exp $ */
/* /*
* Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved.
* *
@ -1334,7 +1334,7 @@ kex_exchange_identification(struct ssh *ssh, int timeout_ms,
for (;;) { for (;;) {
if (timeout_ms > 0) { if (timeout_ms > 0) {
r = waitrfd(ssh_packet_get_connection_in(ssh), r = waitrfd(ssh_packet_get_connection_in(ssh),
&timeout_ms); &timeout_ms, NULL);
if (r == -1 && errno == ETIMEDOUT) { if (r == -1 && errno == ETIMEDOUT) {
send_error(ssh, "Timed out waiting " send_error(ssh, "Timed out waiting "
"for SSH identification string."); "for SSH identification string.");

42
crypto/openssh/misc.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: misc.c,v 1.185 2023/08/04 06:32:40 dtucker Exp $ */ /* $OpenBSD: misc.c,v 1.186 2023/08/18 01:37:41 djm Exp $ */
/* /*
* Copyright (c) 2000 Markus Friedl. All rights reserved. * Copyright (c) 2000 Markus Friedl. All rights reserved.
* Copyright (c) 2005-2020 Damien Miller. All rights reserved. * Copyright (c) 2005-2020 Damien Miller. All rights reserved.
@ -313,20 +313,38 @@ set_sock_tos(int fd, int tos)
* Returns 0 if fd ready or -1 on timeout or error (see errno). * Returns 0 if fd ready or -1 on timeout or error (see errno).
*/ */
static int static int
waitfd(int fd, int *timeoutp, short events) waitfd(int fd, int *timeoutp, short events, volatile sig_atomic_t *stop)
{ {
struct pollfd pfd; struct pollfd pfd;
struct timeval t_start; struct timespec timeout;
int oerrno, r, have_timeout = (*timeoutp >= 0); int oerrno, r;
sigset_t nsigset, osigset;
if (timeoutp && *timeoutp == -1)
timeoutp = NULL;
pfd.fd = fd; pfd.fd = fd;
pfd.events = events; pfd.events = events;
for (; !have_timeout || *timeoutp >= 0;) { ptimeout_init(&timeout);
monotime_tv(&t_start); if (timeoutp != NULL)
r = poll(&pfd, 1, *timeoutp); ptimeout_deadline_ms(&timeout, *timeoutp);
if (stop != NULL)
sigfillset(&nsigset);
for (; timeoutp == NULL || *timeoutp >= 0;) {
if (stop != NULL) {
sigprocmask(SIG_BLOCK, &nsigset, &osigset);
if (*stop) {
sigprocmask(SIG_SETMASK, &osigset, NULL);
errno = EINTR;
return -1;
}
}
r = ppoll(&pfd, 1, ptimeout_get_tsp(&timeout),
stop != NULL ? &osigset : NULL);
oerrno = errno; oerrno = errno;
if (have_timeout) if (stop != NULL)
ms_subtract_diff(&t_start, timeoutp); sigprocmask(SIG_SETMASK, &osigset, NULL);
if (timeoutp)
*timeoutp = ptimeout_get_ms(&timeout);
errno = oerrno; errno = oerrno;
if (r > 0) if (r > 0)
return 0; return 0;
@ -346,8 +364,8 @@ waitfd(int fd, int *timeoutp, short events)
* Returns 0 if fd ready or -1 on timeout or error (see errno). * Returns 0 if fd ready or -1 on timeout or error (see errno).
*/ */
int int
waitrfd(int fd, int *timeoutp) { waitrfd(int fd, int *timeoutp, volatile sig_atomic_t *stop) {
return waitfd(fd, timeoutp, POLLIN); return waitfd(fd, timeoutp, POLLIN, stop);
} }
/* /*
@ -381,7 +399,7 @@ timeout_connect(int sockfd, const struct sockaddr *serv_addr,
break; break;
} }
if (waitfd(sockfd, timeoutp, POLLIN | POLLOUT) == -1) if (waitfd(sockfd, timeoutp, POLLIN | POLLOUT, NULL) == -1)
return -1; return -1;
/* Completed or failed */ /* Completed or failed */

5
crypto/openssh/misc.h
View File

@ -1,4 +1,4 @@
/* $OpenBSD: misc.h,v 1.103 2023/07/19 14:02:27 djm Exp $ */ /* $OpenBSD: misc.h,v 1.104 2023/08/18 01:37:41 djm Exp $ */
/* /*
* Author: Tatu Ylonen <ylo@cs.hut.fi> * Author: Tatu Ylonen <ylo@cs.hut.fi>
@ -19,6 +19,7 @@
#include <sys/types.h> #include <sys/types.h>
#include <sys/socket.h> #include <sys/socket.h>
#include <stdio.h> #include <stdio.h>
#include <signal.h>
/* Data structure for representing a forwarding request. */ /* Data structure for representing a forwarding request. */
struct Forward { struct Forward {
@ -57,7 +58,7 @@ char *get_rdomain(int);
int set_rdomain(int, const char *); int set_rdomain(int, const char *);
int get_sock_af(int); int get_sock_af(int);
void set_sock_tos(int, int); void set_sock_tos(int, int);
int waitrfd(int, int *); int waitrfd(int, int *, volatile sig_atomic_t *);
int timeout_connect(int, const struct sockaddr *, socklen_t, int *); int timeout_connect(int, const struct sockaddr *, socklen_t, int *);
int a2port(const char *); int a2port(const char *);
int a2tun(const char *, int *); int a2tun(const char *, int *);

6
crypto/openssh/mux.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: mux.c,v 1.99 2023/08/04 06:32:40 dtucker Exp $ */ /* $OpenBSD: mux.c,v 1.100 2023/08/18 01:37:41 djm Exp $ */
/* /*
* Copyright (c) 2002-2008 Damien Miller <djm@openbsd.org> * Copyright (c) 2002-2008 Damien Miller <djm@openbsd.org>
* *
@ -1480,7 +1480,9 @@ mux_client_read(int fd, struct sshbuf *b, size_t need, int timeout_ms)
case EWOULDBLOCK: case EWOULDBLOCK:
#endif #endif
case EAGAIN: case EAGAIN:
if (waitrfd(fd, &timeout_ms) == -1) if (waitrfd(fd, &timeout_ms,
&muxclient_terminate) == -1 &&
errno != EINTR)
return -1; /* timeout */ return -1; /* timeout */
/* FALLTHROUGH */ /* FALLTHROUGH */
case EINTR: case EINTR: