[Bug 3973] New: ss-add spins with high CPU indefinitely and never prompts or exits

bugzilla-daemon at mindrot.org bugzilla-daemon at mindrot.org
Tue Jun 30 14:57:46 AEST 2026


https://bugzilla.mindrot.org/show_bug.cgi?id=3973

            Bug ID: 3973
           Summary: ss-add spins with high CPU indefinitely and never
                    prompts or exits
           Product: Portable OpenSSH
           Version: 10.0p2
          Hardware: Other
                OS: Linux
            Status: NEW
          Severity: enhancement
          Priority: P5
         Component: ssh-add
          Assignee: unassigned-bugs at mindrot.org
          Reporter: martin.monperrus at gnieh.org

Created attachment 3970
  --> https://bugzilla.mindrot.org/attachment.cgi?id=3970&action=edit
patch sketch

When ssh-add is started without a controlling TTY
and with SIGTTOU/SIGTTIN set to SIG_IGN in the parent (e.g. a systemd
service unit, or a daemon that ignores job-control signals),
readpassphrase()
spins with high CPU indefinitely and never prompts or exits.

Root cause: after installing its own handlers, readpassphrase() reads
from
/dev/tty and receives SIGTTIN or SIGTTOU. The handler sets signo[i]=1
and
the read returns EINTR. readpassphrase then restores the original
SIG_IGN
disposition and re-raises the signal via kill(getpid(), i). Because the
disposition is now SIG_IGN the kill() is a no-op, but need_restart was
already set to 1, so execution does "goto restart". The next iteration
re-opens /dev/tty, writes the prompt to stderr, hits SIGTTIN/SIGTTOU
again,
and the loop repeats forever.

Fix: before setting need_restart for SIGTSTP/SIGTTIN/SIGTTOU, check
whether the saved (original) handler was SIG_IGN. If it was, skip the
restart -- readpassphrase falls through and returns NULL, letting the
caller handle the error.

See AI-aided patch attached.

-- 
You are receiving this mail because:
You are watching the assignee of the bug.


More information about the openssh-bugs mailing list