[Bug 2139] re-exec fallback problem
bugzilla-daemon at mindrot.org
bugzilla-daemon at mindrot.org
Sat Aug 3 12:42:48 EST 2013
https://bugzilla.mindrot.org/show_bug.cgi?id=2139
--- Comment #1 from Arthur Mesh <arthurmesh at gmail.com> ---
I have some more details:
Apparently, startup_pipe gets the same fd value as
connection_in/connection_out.
2094 authenticated:
2095 /*
2096 * Cancel the alarm we set to limit the time taken for
2097 * authentication.
2098 */
2099 alarm(0);
2100 signal(SIGALRM, SIG_DFL);
2101 authctxt->authenticated = 1;
2102 if (startup_pipe != -1) {
2103 close(startup_pipe);
2104 startup_pipe = -1;
2105 }
So by closing(startup_pipe) on line 2103, we also inadvertently close
connection_in/connection_out fd. Which causes the bug.
--- sshd.c.orig 2013-08-02 19:40:58.000000000 -0700
+++ sshd.c 2013-08-02 19:41:01.000000000 -0700
@@ -2100,7 +2100,7 @@
signal(SIGALRM, SIG_DFL);
authctxt->authenticated = 1;
if (startup_pipe != -1) {
- close(startup_pipe);
+ //close(startup_pipe);
startup_pipe = -1;
}
This prevents the problem from happening, but likely leaks the fd.. I
need to
futher look in to how startup_pipe is supposed to work and how to
properly fix
it.
Thanks
--
You are receiving this mail because:
You are watching the assignee of the bug.
More information about the openssh-bugs
mailing list