Bug on ssh-agent (following my first report)

[Damien Miller]

Please don't send HTML mail.

On Wed, 4 Jan 2006, Frédéric Olivié wrote:

> Hi,
> 
> I tested and reviewed the last CVS release.
> 
> The patch which fixed this problem is wrong (sorry) for many reasons :
> 
> 1) Doing a this sanitize_fd() like it is at the beginning of the main() is
> plain wrong. What happens in this specific case is that fd 0 is closed at exec
> time, but fd 1 and 2 are opened. And we definitely need one of them so that
> ssh-agent can send it's environment vars on stdout.

Please try this diff:

Index: misc.c
===================================================================
RCS file: /cvs/src/usr.bin/ssh/misc.c,v
retrieving revision 1.40
diff -u -p -r1.40 misc.c
--- misc.c	2 Jan 2006 07:53:44 -0000	1.40
+++ misc.c	4 Jan 2006 21:45:34 -0000
@@ -601,18 +601,21 @@ tun_open(int tun, int mode)
 void
 sanitise_stdfd(void)
 {
-	int nullfd;
+	int nullfd, dupfd;
 
-	if ((nullfd = open(_PATH_DEVNULL, O_RDWR)) == -1) {
+	if ((nullfd = dupfd = open(_PATH_DEVNULL, O_RDWR)) == -1) {
 		fprintf(stderr, "Couldn't open /dev/null: %s", strerror(errno));
 		exit(1);
 	}
-	while (nullfd < 2) {
-		if (dup2(nullfd, nullfd + 1) == -1) {
+	while (dupfd < 2) {
+		/* Only clobber closed fds */
+		if (fcntl(dupfd, F_GETFL, 0) >= 0)
+			continue;
+		if (dup2(nullfd, dupfd) == -1) {
 			fprintf(stderr, "dup2: %s", strerror(errno));
 			exit(1);
 		}
-		nullfd++;
+		dupfd++;
 	}
 	if (nullfd > 2)
 		close(nullfd);