[openssh-commits] [openssh] 01/07: upstream: cleanup file descriptors across PKCS#11 client/helper

git+noreply at mindrot.org git+noreply at mindrot.org
Fri Nov 7 15:14:15 AEDT 2025 

This is an automated email from the git hooks/post-receive script.

djm pushed a commit to branch master
in repository openssh.

commit f2ff1d9c1687be313dd491fcd136c682ef51bea8
Author: djm at openbsd.org <djm at openbsd.org>
AuthorDate: Fri Oct 31 01:50:43 2025 +0000

    upstream: cleanup file descriptors across PKCS#11 client/helper
    
    execution; ok markus
    
    OpenBSD-Commit-ID: 993628a5b361e30aa48bbb4c07667a280f3f23ab
---
 ssh-pkcs11-client.c | 3 ++-
 ssh-pkcs11-helper.c | 4 +++-
 2 files changed, 5 insertions(+), 2 deletions(-)

diff --git a/ssh-pkcs11-client.c b/ssh-pkcs11-client.c
index 85afb62ac..e58292628 100644
--- a/ssh-pkcs11-client.c
+++ b/ssh-pkcs11-client.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-pkcs11-client.c,v 1.24 2025/07/30 10:17:13 dtucker Exp $ */
+/* $OpenBSD: ssh-pkcs11-client.c,v 1.25 2025/10/31 01:50:43 djm Exp $ */
 /*
  * Copyright (c) 2010 Markus Friedl.  All rights reserved.
  * Copyright (c) 2014 Pedro Martelletto. All rights reserved.
@@ -355,6 +355,7 @@ pkcs11_start_helper(const char *path)
 		}
 		close(pair[0]);
 		close(pair[1]);
+		closefrom(STDERR_FILENO + 1);
 		prog = getenv("SSH_PKCS11_HELPER");
 		if (prog == NULL || strlen(prog) == 0)
 			prog = _PATH_SSH_PKCS11_HELPER;
diff --git a/ssh-pkcs11-helper.c b/ssh-pkcs11-helper.c
index aeb5b7a8a..838610d96 100644
--- a/ssh-pkcs11-helper.c
+++ b/ssh-pkcs11-helper.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-pkcs11-helper.c,v 1.29 2025/07/30 04:27:42 djm Exp $ */
+/* $OpenBSD: ssh-pkcs11-helper.c,v 1.30 2025/10/31 01:50:43 djm Exp $ */
 /*
  * Copyright (c) 2010 Markus Friedl.  All rights reserved.
  *
@@ -222,6 +222,8 @@ main(int argc, char **argv)
 	__progname = ssh_get_progname(argv[0]);
 	seed_rng();
 
+	sanitise_stdfd();
+	closefrom(STDERR_FILENO + 1);
 	log_init(__progname, log_level, log_facility, log_stderr);
 
 	while ((ch = getopt(argc, argv, "v")) != -1) {

-- 
To stop receiving notification emails like this one, please contact
djm at mindrot.org.

More information about the openssh-commits mailing list