[Bug 2139] re-exec fallback problem

bugzilla-daemon at mindrot.org bugzilla-daemon at mindrot.org
Sat Aug 3 12:42:48 EST 2013


https://bugzilla.mindrot.org/show_bug.cgi?id=2139

--- Comment #1 from Arthur Mesh <arthurmesh at gmail.com> ---
I have some more details:

Apparently, startup_pipe gets the same fd value as
connection_in/connection_out.

2094  authenticated:
2095         /*
2096          * Cancel the alarm we set to limit the time taken for
2097          * authentication.
2098          */
2099         alarm(0);
2100         signal(SIGALRM, SIG_DFL);
2101         authctxt->authenticated = 1;
2102         if (startup_pipe != -1) {
2103                 close(startup_pipe);
2104                 startup_pipe = -1;
2105         }

So by closing(startup_pipe) on line 2103, we also inadvertently close
connection_in/connection_out fd. Which causes the bug.

--- sshd.c.orig    2013-08-02 19:40:58.000000000 -0700
+++ sshd.c    2013-08-02 19:41:01.000000000 -0700
@@ -2100,7 +2100,7 @@
     signal(SIGALRM, SIG_DFL);
     authctxt->authenticated = 1;
     if (startup_pipe != -1) {
-        close(startup_pipe);
+        //close(startup_pipe);
         startup_pipe = -1;
     }

This prevents the problem from happening, but likely leaks the fd.. I
need to
futher look in to how startup_pipe is supposed to work and how to
properly fix
it.

Thanks

-- 
You are receiving this mail because:
You are watching the assignee of the bug.


More information about the openssh-bugs mailing list