SSH crash on OpenBSD (pledge related?)

Damien Miller djm at mindrot.org
Sat Jul 23 10:01:02 AEST 2016


On Fri, 22 Jul 2016, Valentin Kozamernik wrote:

> Hello,
> 
> I just ran upon this problem and couldn't find it in bugzilla.
> 
> SSH crashes (abort trap) if all of the following conditions are met:
> 
>   (a) option -f is used (crash happens when going to background),
>   (b) reverse port forwarding is set up (option -R),
>   (c) option ExitOnForwardFailure is enabled,
>   (d) there are no actual port-forwarding failures.
> 
> The problem can be reproduced by running this command:
> 
>   ssh -f -N -R 1234:[::1]:4321 -o ExitOnForwardFailure=yes ::1

Thanks, I think the following fixes it.

diff --git a/clientloop.c b/clientloop.c
index 6740964..fe3baa8 100644
--- a/clientloop.c
+++ b/clientloop.c
@@ -115,6 +115,9 @@ extern int stdin_null_flag;
 /* Flag indicating that no shell has been requested */
 extern int no_shell_flag;
 
+/* Flag indicating that ssh should daemonise after authentication is complete */
+extern int fork_after_authentication_flag;
+
 /* Control socket */
 extern int muxserver_sock; /* XXX use mux_client_cleanup() instead */
 
@@ -1498,7 +1501,7 @@ client_loop(int have_pty, int escape_char_arg, int ssh2_chan_id)
 	debug("Entering interactive session.");
 
 	if (options.control_master &&
-	    ! option_clear_or_none(options.control_path)) {
+	    !option_clear_or_none(options.control_path)) {
 		debug("pledge: id");
 		if (pledge("stdio rpath wpath cpath unix inet dns recvfd proc exec id tty",
 		    NULL) == -1)
@@ -1516,7 +1519,8 @@ client_loop(int have_pty, int escape_char_arg, int ssh2_chan_id)
 		    NULL) == -1)
 			fatal("%s pledge(): %s", __func__, strerror(errno));
 
-	} else if (! option_clear_or_none(options.proxy_command)) {
+	} else if (!option_clear_or_none(options.proxy_command) ||
+	    fork_after_authentication_flag) {
 		debug("pledge: proc");
 		if (pledge("stdio cpath unix inet dns proc tty", NULL) == -1)
 			fatal("%s pledge(): %s", __func__, strerror(errno));


More information about the openssh-unix-dev mailing list