Fwd: Fix calls to fatal with %m

Kurt Lidl lidl at FreeBSD.org
Wed Aug 3 23:57:25 AEST 2016

Greetings all -

It was suggested that I send this diff here.

Looking at the sourcest this morning at:

It appears this issue is still present in the current
openssh sources.



-------- Forwarded Message --------
Received: from torb.pix.net (torb.pix.net []) 
(authenticated bits=0) by hydra.pix.net (8.15.2/8.15.2) with ESMTPA id 
u6SEq3nf099212; Thu, 28 Jul 2016 10:52:03 -0400 (EDT) (envelope-from 
lidl at FreeBSD.org)
Reply-To: lidl at FreeBSD.org
From: Kurt Lidl <lidl at FreeBSD.org>
Subject: Fix calls to fatal with %m
Date: Thu, 28 Jul 2016 10:52:03 -0400
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.11; rv:45.0) 
Gecko/20100101 Thunderbird/45.2.0
MIME-Version: 1.0
Content-Type: multipart/mixed; 

When working on the blacklist support patch rework,
I came across the following bug.  Namely, the use
of %m in the messages sent to fatal().  The fatal()
function does not support %m.

Do you approve of this diff, and if so, may I commit it?


-------------- next part --------------
From b3b86d390c662c2e8e52bcd5a844a497d9697cd4 Mon Sep 17 00:00:00 2001
From: Kurt Lidl <lidl at FreeBSD.ORG>
Date: Thu, 28 Jul 2016 10:45:49 -0400
Subject: [PATCH] Fix usages of %m in fatal() function

Unlike syslog(), fatal() does not support a %m modifier.
Do the conversion of the errno to a string via strerror().
 crypto/openssh/sandbox-capsicum.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/crypto/openssh/sandbox-capsicum.c b/crypto/openssh/sandbox-capsicum.c
index 5f41d52..1782832 100644
--- a/crypto/openssh/sandbox-capsicum.c
+++ b/crypto/openssh/sandbox-capsicum.c
@@ -88,11 +88,11 @@ ssh_sandbox_child(struct ssh_sandbox *box)
 	if (cap_rights_limit(STDIN_FILENO, &rights) < 0 && errno != ENOSYS)
-		fatal("can't limit stdin: %m");
+		fatal("can't limit stdin: %s", strerror(errno));
 	if (cap_rights_limit(STDOUT_FILENO, &rights) < 0 && errno != ENOSYS)
-		fatal("can't limit stdout: %m");
+		fatal("can't limit stdout: %s", strerror(errno));
 	if (cap_rights_limit(STDERR_FILENO, &rights) < 0 && errno != ENOSYS)
-		fatal("can't limit stderr: %m");
+		fatal("can't limit stderr: %s", strerror(errno));
 	cap_rights_init(&rights, CAP_READ, CAP_WRITE);
 	if (cap_rights_limit(box->monitor->m_recvfd, &rights) < 0 &&

More information about the openssh-unix-dev mailing list