[openssh-commits] [openssh] 02/04: upstream: Switch scp from using pipes to a socketpair for

Wed Jan 11 11:48:44 AEDT 2023

This is an automated email from the git hooks/post-receive script.

djm pushed a commit to branch master
in repository openssh.

commit eec737b59cf13841de46134967a206607000acd4
Author: millert at openbsd.org <millert at openbsd.org>
Date:   Tue Jan 10 23:22:15 2023 +0000

    upstream: Switch scp from using pipes to a socketpair for
    
    communication with it's ssh sub-processes.  We no longer need to reserve two
    descriptors to ensure that we don't end up using fd 0-2 unexpectedly, that is
    handled by sanitise_stdfd() in main(). Based on an original diff from djm at .
    OK deraadt@ djm@
    
    OpenBSD-Commit-ID: b80c372faac462471e955ddeab9480d668a2e48d
---
 scp.c | 62 +++++++++++++++++++++++++-------------------------------------
 1 file changed, 25 insertions(+), 37 deletions(-)

diff --git a/scp.c b/scp.c
index 93ac8ed7..42cd034b 100644
--- a/scp.c
+++ b/scp.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: scp.c,v 1.251 2022/12/16 06:52:48 jmc Exp $ */
+/* $OpenBSD: scp.c,v 1.252 2023/01/10 23:22:15 millert Exp $ */
 /*
  * scp - secure remote copy.  This is basically patched BSD rcp which
  * uses ssh to do the data transfer (instead of using rcmd).
@@ -279,7 +279,7 @@ int
 do_cmd(char *program, char *host, char *remuser, int port, int subsystem,
     char *cmd, int *fdin, int *fdout, pid_t *pid)
 {
-	int pin[2], pout[2], reserved[2];
+	int sv[2];
 
 	if (verbose_mode)
 		fmprintf(stderr,
@@ -290,22 +290,9 @@ do_cmd(char *program, char *host, char *remuser, int port, int subsystem,
 	if (port == -1)
 		port = sshport;
 
-	/*
-	 * Reserve two descriptors so that the real pipes won't get
-	 * descriptors 0 and 1 because that will screw up dup2 below.
-	 */
-	if (pipe(reserved) == -1)
-		fatal("pipe: %s", strerror(errno));
-
 	/* Create a socket pair for communicating with ssh. */
-	if (pipe(pin) == -1)
-		fatal("pipe: %s", strerror(errno));
-	if (pipe(pout) == -1)
-		fatal("pipe: %s", strerror(errno));
-
-	/* Free the reserved descriptors. */
-	close(reserved[0]);
-	close(reserved[1]);
+	if (socketpair(AF_UNIX, SOCK_STREAM, 0, sv) == -1)
+		fatal("socketpair: %s", strerror(errno));
 
 	ssh_signal(SIGTSTP, suspchild);
 	ssh_signal(SIGTTIN, suspchild);
@@ -313,15 +300,18 @@ do_cmd(char *program, char *host, char *remuser, int port, int subsystem,
 
 	/* Fork a child to execute the command on the remote host using ssh. */
 	*pid = fork();
-	if (*pid == 0) {
+	switch (*pid) {
+	case -1:
+		fatal("fork: %s", strerror(errno));
+	case 0:
 		/* Child. */
-		close(pin[1]);
-		close(pout[0]);
-		dup2(pin[0], 0);
-		dup2(pout[1], 1);
-		close(pin[0]);
-		close(pout[1]);
-
+		if (dup2(sv[0], STDIN_FILENO) == -1 ||
+		    dup2(sv[0], STDOUT_FILENO) == -1) {
+			perror("dup2");
+			_exit(1);
+		}
+		close(sv[0]);
+		close(sv[1]);
 		replacearg(&args, 0, "%s", program);
 		if (port != -1) {
 			addargs(&args, "-p");
@@ -339,19 +329,17 @@ do_cmd(char *program, char *host, char *remuser, int port, int subsystem,
 
 		execvp(program, args.list);
 		perror(program);
-		exit(1);
-	} else if (*pid == -1) {
-		fatal("fork: %s", strerror(errno));
+		_exit(1);
+	default:
+		/* Parent.  Close the other side, and return the local side. */
+		close(sv[0]);
+		*fdin = sv[1];
+		*fdout = sv[1];
+		ssh_signal(SIGTERM, killchild);
+		ssh_signal(SIGINT, killchild);
+		ssh_signal(SIGHUP, killchild);
+		return 0;
 	}
-	/* Parent.  Close the other side, and return the local side. */
-	close(pin[0]);
-	*fdout = pin[1];
-	close(pout[1]);
-	*fdin = pout[0];
-	ssh_signal(SIGTERM, killchild);
-	ssh_signal(SIGINT, killchild);
-	ssh_signal(SIGHUP, killchild);
-	return 0;
 }
 
 /*

-- 
To stop receiving notification emails like this one, please contact
djm at mindrot.org.
