[openssh-commits] [openssh] 03/03: upstream: Check return values of fcntl(... O_CLOEXEC)

Wed Mar 11 21:08:32 AEDT 2026

This is an automated email from the git hooks/post-receive script.

dtucker pushed a commit to branch master
in repository openssh.

commit 552a5c786b60a9cfe0d2c157dd18f78950529513
Author: dtucker at openbsd.org <dtucker at openbsd.org>
AuthorDate: Wed Mar 11 09:10:59 2026 +0000

    upstream: Check return values of fcntl(... O_CLOEXEC)
    
    calls by reusing the macro in monitor.c.  Flagged by Coverity CID
    901297 in ssh-sk-client.c, a few other instances added for good measure.
    begrudging ok deraadt@
    
    OpenBSD-Commit-ID: b9de92e17ac0b04348770e5a25cb15a02b416926
---
 misc.h          | 8 +++++++-
 monitor.c       | 7 +------
 ssh-sk-client.c | 4 ++--
 sshd-auth.c     | 6 +++---
 sshd-session.c  | 6 +++---
 5 files changed, 16 insertions(+), 15 deletions(-)

diff --git a/misc.h b/misc.h
index c606de376..791876c1e 100644
--- a/misc.h
+++ b/misc.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: misc.h,v 1.115 2026/03/03 09:57:25 dtucker Exp $ */
+/* $OpenBSD: misc.h,v 1.116 2026/03/11 09:10:59 dtucker Exp $ */
 
 /*
  * Author: Tatu Ylonen <ylo at cs.hut.fi>
@@ -270,4 +270,10 @@ int signal_is_crash(int);
 /* On OpenBSD time_t is int64_t which is long long. */
 /* #define SSH_TIME_T_MAX LLONG_MAX */
 
+#define FD_CLOSEONEXEC(x) do { \
+	if (fcntl(x, F_SETFD, FD_CLOEXEC) == -1) \
+		fatal_f("fcntl(%d, F_SETFD, FD_CLOEXEC): %s", x, \
+		    strerror(errno)); \
+} while (0)
+
 #endif /* _MISC_H */
diff --git a/monitor.c b/monitor.c
index 7a71a6586..b56646a2d 100644
--- a/monitor.c
+++ b/monitor.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: monitor.c,v 1.253 2026/03/02 02:40:15 djm Exp $ */
+/* $OpenBSD: monitor.c,v 1.254 2026/03/11 09:10:59 dtucker Exp $ */
 /*
  * Copyright 2002 Niels Provos <provos at citi.umich.edu>
  * Copyright 2002 Markus Friedl <markus at openbsd.org>
@@ -1919,11 +1919,6 @@ mm_get_keystate(struct ssh *ssh, struct monitor *pmonitor)
 
 /* XXX */
 
-#define FD_CLOSEONEXEC(x) do { \
-	if (fcntl(x, F_SETFD, FD_CLOEXEC) == -1) \
-		fatal("fcntl(%d, F_SETFD)", x); \
-} while (0)
-
 static void
 monitor_openfds(struct monitor *mon, int do_logfds)
 {
diff --git a/ssh-sk-client.c b/ssh-sk-client.c
index 3c603c0e0..52da28d1f 100644
--- a/ssh-sk-client.c
+++ b/ssh-sk-client.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-sk-client.c,v 1.17 2026/03/11 09:04:17 dtucker Exp $ */
+/* $OpenBSD: ssh-sk-client.c,v 1.18 2026/03/11 09:10:59 dtucker Exp $ */
 /*
  * Copyright (c) 2019 Google LLC
  *
@@ -88,7 +88,7 @@ start_helper(int *fdp, pid_t *pidp, void (**osigchldp)(int))
 	}
 	if (pid == 0) {
 		close(execpipe[0]);
-		fcntl(execpipe[1], F_SETFD, FD_CLOEXEC);
+		FD_CLOSEONEXEC(execpipe[1]);
 		if ((dup2(pair[1], STDIN_FILENO) == -1) ||
 		    (dup2(pair[1], STDOUT_FILENO) == -1)) {
 			snprintf(execbuf, sizeof execbuf,
diff --git a/sshd-auth.c b/sshd-auth.c
index a871b29a8..76350a2a3 100644
--- a/sshd-auth.c
+++ b/sshd-auth.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sshd-auth.c,v 1.13 2026/03/02 02:40:15 djm Exp $ */
+/* $OpenBSD: sshd-auth.c,v 1.14 2026/03/11 09:10:59 dtucker Exp $ */
 /*
  * SSH2 implementation:
  * Privilege Separation:
@@ -715,8 +715,8 @@ main(int ac, char **av)
 	setproctitle("%s", "[session-auth]");
 
 	/* Executed child processes don't need these. */
-	fcntl(sock_out, F_SETFD, FD_CLOEXEC);
-	fcntl(sock_in, F_SETFD, FD_CLOEXEC);
+	FD_CLOSEONEXEC(sock_out);
+	FD_CLOSEONEXEC(sock_in);
 
 	ssh_signal(SIGPIPE, SIG_IGN);
 	ssh_signal(SIGALRM, SIG_DFL);
diff --git a/sshd-session.c b/sshd-session.c
index 04e72a5db..e9a488d08 100644
--- a/sshd-session.c
+++ b/sshd-session.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sshd-session.c,v 1.22 2026/03/03 09:57:26 dtucker Exp $ */
+/* $OpenBSD: sshd-session.c,v 1.23 2026/03/11 09:10:59 dtucker Exp $ */
 /*
  * SSH2 implementation:
  * Privilege Separation:
@@ -1137,8 +1137,8 @@ main(int ac, char **av)
 	setproctitle("%s", "[accepted]");
 
 	/* Executed child processes don't need these. */
-	fcntl(sock_out, F_SETFD, FD_CLOEXEC);
-	fcntl(sock_in, F_SETFD, FD_CLOEXEC);
+	FD_CLOSEONEXEC(sock_out);
+	FD_CLOSEONEXEC(sock_in);
 
 	/* We will not restart on SIGHUP since it no longer makes sense. */
 	ssh_signal(SIGALRM, SIG_DFL);

-- 
To stop receiving notification emails like this one, please contact
djm at mindrot.org.
