OpenSSH PAM "thread" buglet
Joerg Sonnenberger
joerg at britannica.bec.de
Fri Jul 15 04:53:27 EST 2005
Hi all,
the attached patch ensure that only one side of the authentication
socketpair stays open on both sides. This should make the code
more robust by detecting the dead of the process on the other side.
This applies to the non-pthread case only.
Joerg
-------------- next part --------------
Index: auth-pam.c
===================================================================
RCS file: /home/joerg/wd/repository/dragonflybsd/src/crypto/openssh-4/auth-pam.c,v
retrieving revision 1.1
diff -u -r1.1 auth-pam.c
--- auth-pam.c 14 Jul 2005 13:10:21 -0000 1.1
+++ auth-pam.c 14 Jul 2005 13:25:58 -0000
@@ -150,6 +150,7 @@
void *(*thread_start)(void *), void *arg)
{
pid_t pid;
+ struct pam_ctxt *ctx = arg;
sshpam_thread_status = -1;
switch ((pid = fork())) {
@@ -157,10 +158,14 @@
error("fork(): %s", strerror(errno));
return (-1);
case 0:
+ close(ctx->pam_psock);
+ ctx->pam_psock = -1;
thread_start(arg);
_exit(1);
default:
*thread = pid;
+ close(ctx->pam_csock);
+ ctx->pam_csock = -1;
sshpam_oldsig = signal(SIGCHLD, sshpam_sigchld_handler);
return (0);
}
More information about the openssh-unix-dev
mailing list