[openssh-commits] [openssh] branch master updated: upstream: stricter validation of messaging socket fd number; disallow

[git+noreply at mindrot.org]

This is an automated email from the git hooks/post-receive script.

djm pushed a commit to branch master
in repository openssh.

The following commit(s) were added to refs/heads/master by this push:
     new 2e69a724 upstream: stricter validation of messaging socket fd number; disallow
2e69a724 is described below

commit 2e69a724051488e3fb3cd11531c4b5bc1764945b
Author: djm at openbsd.org <djm at openbsd.org>
AuthorDate: Tue Apr 30 05:53:03 2024 +0000

    upstream: stricter validation of messaging socket fd number; disallow
    
    usage of stderr. Based on GHPR492 by RealHurrison
    
    OpenBSD-Commit-ID: 73dbbe82ea16f73ce1d044d3232bc869ae2f2ce8
---
 ssh-keysign.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/ssh-keysign.c b/ssh-keysign.c
index c54a4bbb..968344e7 100644
--- a/ssh-keysign.c
+++ b/ssh-keysign.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-keysign.c,v 1.73 2024/01/11 01:51:16 djm Exp $ */
+/* $OpenBSD: ssh-keysign.c,v 1.74 2024/04/30 05:53:03 djm Exp $ */
 /*
  * Copyright (c) 2002 Markus Friedl.  All rights reserved.
  *
@@ -268,7 +268,7 @@ main(int argc, char **argv)
 		    __progname, rver, version);
 	if ((r = sshbuf_get_u32(b, (u_int *)&fd)) != 0)
 		fatal_r(r, "%s: buffer error", __progname);
-	if (fd < 0 || fd == STDIN_FILENO || fd == STDOUT_FILENO)
+	if (fd <= STDERR_FILENO)
 		fatal("%s: bad fd = %d", __progname, fd);
 	if ((host = get_local_name(fd)) == NULL)
 		fatal("%s: cannot get local name for fd", __progname);

-- 
To stop receiving notification emails like this one, please contact
djm at mindrot.org.