[openssh-commits] [openssh] 01/03: upstream: Replace all calls to signal(2) with a wrapper around

git+noreply at mindrot.org git+noreply at mindrot.org
Thu Jan 23 18:56:31 AEDT 2020


This is an automated email from the git hooks/post-receive script.

dtucker pushed a commit to branch master
in repository openssh.

commit 3bf2a6ac791d64046a537335a0f1d5e43579c5ad
Author: dtucker at openbsd.org <dtucker at openbsd.org>
Date:   Thu Jan 23 07:10:22 2020 +0000

    upstream: Replace all calls to signal(2) with a wrapper around
    
    sigaction(2). This wrapper blocks all other signals during the handler
    preventing races between handlers, and sets SA_RESTART which should reduce
    the potential for short read/write operations.
    
    OpenBSD-Commit-ID: 5e047663fd77a40d7b07bdabe68529df51fd2519
---
 auth-pam.c                   |  8 ++++----
 auth.c                       |  4 ++--
 auth2-pubkey.c               | 10 +++++-----
 clientloop.c                 | 26 +++++++++++++-------------
 entropy.c                    |  4 ++--
 misc.c                       | 19 ++++++++++++++++++-
 misc.h                       |  4 +++-
 monitor.c                    | 10 +++++-----
 mux.c                        | 22 +++++++++++-----------
 openbsd-compat/bsd-openpty.c |  4 ++--
 progressmeter.c              |  6 +++---
 readconf.c                   |  4 ++--
 readpass.c                   | 14 +++++++-------
 sandbox-systrace.c           |  6 +++---
 scp.c                        | 22 +++++++++++-----------
 serverloop.c                 | 10 +++++-----
 session.c                    |  4 ++--
 sftp.c                       | 26 +++++++++++++-------------
 ssh-agent.c                  | 10 +++++-----
 ssh-sk-client.c              |  9 +++++----
 ssh.c                        |  6 +++---
 sshbuf.c                     |  4 ++--
 sshconnect.c                 | 10 +++++-----
 sshconnect2.c                |  8 ++++----
 sshd.c                       | 34 ++++++++++++++++++----------------
 25 files changed, 153 insertions(+), 131 deletions(-)

diff --git a/auth-pam.c b/auth-pam.c
index 856fdd40..0cd2b001 100644
--- a/auth-pam.c
+++ b/auth-pam.c
@@ -156,7 +156,7 @@ static mysig_t sshpam_oldsig;
 static void
 sshpam_sigchld_handler(int sig)
 {
-	signal(SIGCHLD, SIG_DFL);
+	ssh_signal(SIGCHLD, SIG_DFL);
 	if (cleanup_ctxt == NULL)
 		return;	/* handler called after PAM cleanup, shouldn't happen */
 	if (waitpid(cleanup_ctxt->pam_thread, &sshpam_thread_status, WNOHANG)
@@ -208,7 +208,7 @@ pthread_create(sp_pthread_t *thread, const void *attr,
 		*thread = pid;
 		close(ctx->pam_csock);
 		ctx->pam_csock = -1;
-		sshpam_oldsig = signal(SIGCHLD, sshpam_sigchld_handler);
+		sshpam_oldsig = ssh_signal(SIGCHLD, sshpam_sigchld_handler);
 		return (0);
 	}
 }
@@ -216,7 +216,7 @@ pthread_create(sp_pthread_t *thread, const void *attr,
 static int
 pthread_cancel(sp_pthread_t thread)
 {
-	signal(SIGCHLD, sshpam_oldsig);
+	ssh_signal(SIGCHLD, sshpam_oldsig);
 	return (kill(thread, SIGTERM));
 }
 
@@ -228,7 +228,7 @@ pthread_join(sp_pthread_t thread, void **value)
 
 	if (sshpam_thread_status != -1)
 		return (sshpam_thread_status);
-	signal(SIGCHLD, sshpam_oldsig);
+	ssh_signal(SIGCHLD, sshpam_oldsig);
 	while (waitpid(thread, &status, 0) == -1) {
 		if (errno == EINTR)
 			continue;
diff --git a/auth.c b/auth.c
index 48838508..b42d7e76 100644
--- a/auth.c
+++ b/auth.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: auth.c,v 1.144 2019/12/16 13:58:53 tobhe Exp $ */
+/* $OpenBSD: auth.c,v 1.145 2020/01/23 07:10:22 dtucker Exp $ */
 /*
  * Copyright (c) 2000 Markus Friedl.  All rights reserved.
  *
@@ -921,7 +921,7 @@ subprocess(const char *tag, struct passwd *pw, const char *command,
 			child_set_env(&child_env, &envsize, "LANG", cp);
 
 		for (i = 0; i < NSIG; i++)
-			signal(i, SIG_DFL);
+			ssh_signal(i, SIG_DFL);
 
 		if ((devnull = open(_PATH_DEVNULL, O_RDWR)) == -1) {
 			error("%s: open %s: %s", tag, _PATH_DEVNULL,
diff --git a/auth2-pubkey.c b/auth2-pubkey.c
index b656b1f8..5b4a2cc0 100644
--- a/auth2-pubkey.c
+++ b/auth2-pubkey.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: auth2-pubkey.c,v 1.97 2019/11/25 00:54:23 djm Exp $ */
+/* $OpenBSD: auth2-pubkey.c,v 1.98 2020/01/23 07:10:22 dtucker Exp $ */
 /*
  * Copyright (c) 2000 Markus Friedl.  All rights reserved.
  *
@@ -460,7 +460,7 @@ match_principals_command(struct ssh *ssh, struct passwd *user_pw,
 	 * NB. all returns later this function should go via "out" to
 	 * ensure the original SIGCHLD handler is restored properly.
 	 */
-	osigchld = signal(SIGCHLD, SIG_DFL);
+	osigchld = ssh_signal(SIGCHLD, SIG_DFL);
 
 	/* Prepare and verify the user for the command */
 	username = percent_expand(options.authorized_principals_command_user,
@@ -548,7 +548,7 @@ match_principals_command(struct ssh *ssh, struct passwd *user_pw,
  out:
 	if (f != NULL)
 		fclose(f);
-	signal(SIGCHLD, osigchld);
+	ssh_signal(SIGCHLD, osigchld);
 	for (i = 0; i < ac; i++)
 		free(av[i]);
 	free(av);
@@ -898,7 +898,7 @@ user_key_command_allowed2(struct ssh *ssh, struct passwd *user_pw,
 	 * NB. all returns later this function should go via "out" to
 	 * ensure the original SIGCHLD handler is restored properly.
 	 */
-	osigchld = signal(SIGCHLD, SIG_DFL);
+	osigchld = ssh_signal(SIGCHLD, SIG_DFL);
 
 	/* Prepare and verify the user for the command */
 	username = percent_expand(options.authorized_keys_command_user,
@@ -987,7 +987,7 @@ user_key_command_allowed2(struct ssh *ssh, struct passwd *user_pw,
  out:
 	if (f != NULL)
 		fclose(f);
-	signal(SIGCHLD, osigchld);
+	ssh_signal(SIGCHLD, osigchld);
 	for (i = 0; i < ac; i++)
 		free(av[i]);
 	free(av);
diff --git a/clientloop.c b/clientloop.c
index 4acf2806..d4c23d55 100644
--- a/clientloop.c
+++ b/clientloop.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: clientloop.c,v 1.331 2020/01/23 02:46:49 dtucker Exp $ */
+/* $OpenBSD: clientloop.c,v 1.332 2020/01/23 07:10:22 dtucker Exp $ */
 /*
  * Author: Tatu Ylonen <ylo at cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo at cs.hut.fi>, Espoo, Finland
@@ -785,7 +785,7 @@ process_cmdline(struct ssh *ssh)
 	memset(&fwd, 0, sizeof(fwd));
 
 	leave_raw_mode(options.request_tty == REQUEST_TTY_FORCE);
-	handler = signal(SIGINT, SIG_IGN);
+	handler = ssh_signal(SIGINT, SIG_IGN);
 	cmd = s = read_passphrase("\r\nssh> ", RP_ECHO);
 	if (s == NULL)
 		goto out;
@@ -883,7 +883,7 @@ process_cmdline(struct ssh *ssh)
 	}
 
 out:
-	signal(SIGINT, handler);
+	ssh_signal(SIGINT, handler);
 	enter_raw_mode(options.request_tty == REQUEST_TTY_FORCE);
 	free(cmd);
 	free(fwd.listen_host);
@@ -1306,15 +1306,15 @@ client_loop(struct ssh *ssh, int have_pty, int escape_char_arg,
 	 * Set signal handlers, (e.g. to restore non-blocking mode)
 	 * but don't overwrite SIG_IGN, matches behaviour from rsh(1)
 	 */
-	if (signal(SIGHUP, SIG_IGN) != SIG_IGN)
-		signal(SIGHUP, signal_handler);
-	if (signal(SIGINT, SIG_IGN) != SIG_IGN)
-		signal(SIGINT, signal_handler);
-	if (signal(SIGQUIT, SIG_IGN) != SIG_IGN)
-		signal(SIGQUIT, signal_handler);
-	if (signal(SIGTERM, SIG_IGN) != SIG_IGN)
-		signal(SIGTERM, signal_handler);
-	signal(SIGWINCH, window_change_handler);
+	if (ssh_signal(SIGHUP, SIG_IGN) != SIG_IGN)
+		ssh_signal(SIGHUP, signal_handler);
+	if (ssh_signal(SIGINT, SIG_IGN) != SIG_IGN)
+		ssh_signal(SIGINT, signal_handler);
+	if (ssh_signal(SIGQUIT, SIG_IGN) != SIG_IGN)
+		ssh_signal(SIGQUIT, signal_handler);
+	if (ssh_signal(SIGTERM, SIG_IGN) != SIG_IGN)
+		ssh_signal(SIGTERM, signal_handler);
+	ssh_signal(SIGWINCH, window_change_handler);
 
 	if (have_pty)
 		enter_raw_mode(options.request_tty == REQUEST_TTY_FORCE);
@@ -1413,7 +1413,7 @@ client_loop(struct ssh *ssh, int have_pty, int escape_char_arg,
 	/* Terminate the session. */
 
 	/* Stop watching for window change. */
-	signal(SIGWINCH, SIG_DFL);
+	ssh_signal(SIGWINCH, SIG_DFL);
 
 	if ((r = sshpkt_start(ssh, SSH2_MSG_DISCONNECT)) != 0 ||
 	    (r = sshpkt_put_u32(ssh, SSH2_DISCONNECT_BY_APPLICATION)) != 0 ||
diff --git a/entropy.c b/entropy.c
index 5de68016..2eebadf4 100644
--- a/entropy.c
+++ b/entropy.c
@@ -110,7 +110,7 @@ get_random_bytes_prngd(unsigned char *buf, int len,
 		    strlen(socket_path) + 1;
 	}
 
-	old_sigpipe = signal(SIGPIPE, SIG_IGN);
+	old_sigpipe = ssh_signal(SIGPIPE, SIG_IGN);
 
 	errors = 0;
 	rval = -1;
@@ -160,7 +160,7 @@ reopen:
 
 	rval = 0;
 done:
-	signal(SIGPIPE, old_sigpipe);
+	ssh_signal(SIGPIPE, old_sigpipe);
 	if (fd != -1)
 		close(fd);
 	return rval;
diff --git a/misc.c b/misc.c
index 5204c1e9..f25b8cf5 100644
--- a/misc.c
+++ b/misc.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: misc.c,v 1.143 2019/11/22 06:50:30 dtucker Exp $ */
+/* $OpenBSD: misc.c,v 1.144 2020/01/23 07:10:22 dtucker Exp $ */
 /*
  * Copyright (c) 2000 Markus Friedl.  All rights reserved.
  * Copyright (c) 2005,2006 Damien Miller.  All rights reserved.
@@ -2221,3 +2221,20 @@ opt_match(const char **opts, const char *term)
 	return 0;
 }
 
+sshsig_t
+ssh_signal(int signum, sshsig_t handler)
+{
+	struct sigaction sa, osa;
+
+	/* mask all other signals while in handler */
+	bzero(&sa, sizeof(sa));
+	sa.sa_handler = handler;
+	sigfillset(&sa.sa_mask);
+	if (signum != SIGALRM)
+		sa.sa_flags = SA_RESTART;
+	if (sigaction(signum, &sa, &osa) == -1) {
+		debug3("sigaction(%s): %s", strsignal(signum), strerror(errno));
+		return SIG_ERR;
+	}
+	return osa.sa_handler;
+}
diff --git a/misc.h b/misc.h
index 7421fbdf..2221a54c 100644
--- a/misc.h
+++ b/misc.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: misc.h,v 1.82 2019/11/12 22:34:20 djm Exp $ */
+/* $OpenBSD: misc.h,v 1.83 2020/01/23 07:10:22 dtucker Exp $ */
 
 /*
  * Author: Tatu Ylonen <ylo at cs.hut.fi>
@@ -190,4 +190,6 @@ void	notify_complete(struct notifier_ctx *);
 #define MAXIMUM(a, b)	(((a) > (b)) ? (a) : (b))
 #define ROUNDUP(x, y)   ((((x)+((y)-1))/(y))*(y))
 
+typedef void (*sshsig_t)(int);
+sshsig_t ssh_signal(int, sshsig_t);
 #endif /* _MISC_H */
diff --git a/monitor.c b/monitor.c
index 6ee44204..dc6d78d3 100644
--- a/monitor.c
+++ b/monitor.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: monitor.c,v 1.206 2019/12/15 18:57:30 djm Exp $ */
+/* $OpenBSD: monitor.c,v 1.207 2020/01/23 07:10:22 dtucker Exp $ */
 /*
  * Copyright 2002 Niels Provos <provos at citi.umich.edu>
  * Copyright 2002 Markus Friedl <markus at openbsd.org>
@@ -393,11 +393,11 @@ monitor_child_postauth(struct ssh *ssh, struct monitor *pmonitor)
 	pmonitor->m_recvfd = -1;
 
 	monitor_set_child_handler(pmonitor->m_pid);
-	signal(SIGHUP, &monitor_child_handler);
-	signal(SIGTERM, &monitor_child_handler);
-	signal(SIGINT, &monitor_child_handler);
+	ssh_signal(SIGHUP, &monitor_child_handler);
+	ssh_signal(SIGTERM, &monitor_child_handler);
+	ssh_signal(SIGINT, &monitor_child_handler);
 #ifdef SIGXFSZ
-	signal(SIGXFSZ, SIG_IGN);
+	ssh_signal(SIGXFSZ, SIG_IGN);
 #endif
 
 	mon_dispatch = mon_dispatch_postauth20;
diff --git a/mux.c b/mux.c
index f3ea11cd..5efc849c 100644
--- a/mux.c
+++ b/mux.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: mux.c,v 1.80 2019/06/28 13:35:04 deraadt Exp $ */
+/* $OpenBSD: mux.c,v 1.81 2020/01/23 07:10:22 dtucker Exp $ */
 /*
  * Copyright (c) 2002-2008 Damien Miller <djm at openbsd.org>
  *
@@ -1911,7 +1911,7 @@ mux_client_request_session(int fd)
 		return -1;
 	}
 
-	signal(SIGPIPE, SIG_IGN);
+	ssh_signal(SIGPIPE, SIG_IGN);
 
 	if (stdin_null_flag) {
 		if ((devnull = open(_PATH_DEVNULL, O_RDONLY)) == -1)
@@ -2012,10 +2012,10 @@ mux_client_request_session(int fd)
 		fatal("%s pledge(): %s", __func__, strerror(errno));
 	platform_pledge_mux();
 
-	signal(SIGHUP, control_client_sighandler);
-	signal(SIGINT, control_client_sighandler);
-	signal(SIGTERM, control_client_sighandler);
-	signal(SIGWINCH, control_client_sigrelay);
+	ssh_signal(SIGHUP, control_client_sighandler);
+	ssh_signal(SIGINT, control_client_sighandler);
+	ssh_signal(SIGTERM, control_client_sighandler);
+	ssh_signal(SIGWINCH, control_client_sigrelay);
 
 	rawmode = tty_flag;
 	if (tty_flag)
@@ -2145,7 +2145,7 @@ mux_client_request_stdio_fwd(int fd)
 		return -1;
 	}
 
-	signal(SIGPIPE, SIG_IGN);
+	ssh_signal(SIGPIPE, SIG_IGN);
 
 	if (stdin_null_flag) {
 		if ((devnull = open(_PATH_DEVNULL, O_RDONLY)) == -1)
@@ -2219,10 +2219,10 @@ mux_client_request_stdio_fwd(int fd)
 	}
 	muxclient_request_id++;
 
-	signal(SIGHUP, control_client_sighandler);
-	signal(SIGINT, control_client_sighandler);
-	signal(SIGTERM, control_client_sighandler);
-	signal(SIGWINCH, control_client_sigrelay);
+	ssh_signal(SIGHUP, control_client_sighandler);
+	ssh_signal(SIGINT, control_client_sighandler);
+	ssh_signal(SIGTERM, control_client_sighandler);
+	ssh_signal(SIGWINCH, control_client_sigrelay);
 
 	/*
 	 * Stick around until the controlee closes the client_fd.
diff --git a/openbsd-compat/bsd-openpty.c b/openbsd-compat/bsd-openpty.c
index 123a9be5..b6b5ab49 100644
--- a/openbsd-compat/bsd-openpty.c
+++ b/openbsd-compat/bsd-openpty.c
@@ -103,10 +103,10 @@ openpty(int *amaster, int *aslave, char *name, struct termios *termp,
 		return (-1);
 
 	/* XXX: need to close ptm on error? */
-	old_signal = signal(SIGCHLD, SIG_DFL);
+	old_signal = ssh_signal(SIGCHLD, SIG_DFL);
 	if (grantpt(ptm) < 0)
 		return (-1);
-	signal(SIGCHLD, old_signal);
+	ssh_signal(SIGCHLD, old_signal);
 
 	if (unlockpt(ptm) < 0)
 		return (-1);
diff --git a/progressmeter.c b/progressmeter.c
index 72f40f8f..8baf798f 100644
--- a/progressmeter.c
+++ b/progressmeter.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: progressmeter.c,v 1.49 2019/10/29 07:47:27 dtucker Exp $ */
+/* $OpenBSD: progressmeter.c,v 1.50 2020/01/23 07:10:22 dtucker Exp $ */
 /*
  * Copyright (c) 2003 Nils Nordman.  All rights reserved.
  *
@@ -252,8 +252,8 @@ start_progress_meter(const char *f, off_t filesize, off_t *ctr)
 	setscreensize();
 	refresh_progress_meter(1);
 
-	signal(SIGALRM, sig_alarm);
-	signal(SIGWINCH, sig_winch);
+	ssh_signal(SIGALRM, sig_alarm);
+	ssh_signal(SIGWINCH, sig_winch);
 	alarm(UPDATE_INTERVAL);
 }
 
diff --git a/readconf.c b/readconf.c
index ff551c85..59443bfd 100644
--- a/readconf.c
+++ b/readconf.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: readconf.c,v 1.320 2020/01/23 02:46:49 dtucker Exp $ */
+/* $OpenBSD: readconf.c,v 1.321 2020/01/23 07:10:22 dtucker Exp $ */
 /*
  * Author: Tatu Ylonen <ylo at cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo at cs.hut.fi>, Espoo, Finland
@@ -528,7 +528,7 @@ execute_in_shell(const char *cmd)
 		execv(argv[0], argv);
 		error("Unable to execute '%.100s': %s", cmd, strerror(errno));
 		/* Die with signal to make this error apparent to parent. */
-		signal(SIGTERM, SIG_DFL);
+		ssh_signal(SIGTERM, SIG_DFL);
 		kill(getpid(), SIGTERM);
 		_exit(1);
 	}
diff --git a/readpass.c b/readpass.c
index 4172bbc5..974d67f0 100644
--- a/readpass.c
+++ b/readpass.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: readpass.c,v 1.60 2019/12/06 03:06:08 djm Exp $ */
+/* $OpenBSD: readpass.c,v 1.61 2020/01/23 07:10:22 dtucker Exp $ */
 /*
  * Copyright (c) 2001 Markus Friedl.  All rights reserved.
  *
@@ -65,10 +65,10 @@ ssh_askpass(char *askpass, const char *msg, const char *env_hint)
 		error("%s: pipe: %s", __func__, strerror(errno));
 		return NULL;
 	}
-	osigchld = signal(SIGCHLD, SIG_DFL);
+	osigchld = ssh_signal(SIGCHLD, SIG_DFL);
 	if ((pid = fork()) == -1) {
 		error("%s: fork: %s", __func__, strerror(errno));
-		signal(SIGCHLD, osigchld);
+		ssh_signal(SIGCHLD, osigchld);
 		return NULL;
 	}
 	if (pid == 0) {
@@ -98,7 +98,7 @@ ssh_askpass(char *askpass, const char *msg, const char *env_hint)
 	while ((ret = waitpid(pid, &status, 0)) == -1)
 		if (errno != EINTR)
 			break;
-	signal(SIGCHLD, osigchld);
+	ssh_signal(SIGCHLD, osigchld);
 	if (ret == -1 || !WIFEXITED(status) || WEXITSTATUS(status) != 0) {
 		explicit_bzero(buf, sizeof(buf));
 		return NULL;
@@ -243,10 +243,10 @@ notify_start(int force_askpass, const char *fmt, ...)
 		free(prompt);
 		return NULL;
 	}
-	osigchld = signal(SIGCHLD, SIG_DFL);
+	osigchld = ssh_signal(SIGCHLD, SIG_DFL);
 	if ((pid = fork()) == -1) {
 		error("%s: fork: %s", __func__, strerror(errno));
-		signal(SIGCHLD, osigchld);
+		ssh_signal(SIGCHLD, osigchld);
 		free(prompt);
 		return NULL;
 	}
@@ -289,6 +289,6 @@ notify_complete(struct notifier_ctx *ctx)
 	}
 	if (ret == -1)
 		fatal("%s: waitpid: %s", __func__, strerror(errno));
-	signal(SIGCHLD, ctx->osigchld);
+	ssh_signal(SIGCHLD, ctx->osigchld);
 	free(ctx);
 }
diff --git a/sandbox-systrace.c b/sandbox-systrace.c
index 93e63b8e..e61d581a 100644
--- a/sandbox-systrace.c
+++ b/sandbox-systrace.c
@@ -105,7 +105,7 @@ ssh_sandbox_init(struct monitor *monitor)
 	box = xcalloc(1, sizeof(*box));
 	box->systrace_fd = -1;
 	box->child_pid = 0;
-	box->osigchld = signal(SIGCHLD, SIG_IGN);
+	box->osigchld = ssh_signal(SIGCHLD, SIG_IGN);
 
 	return box;
 }
@@ -114,7 +114,7 @@ void
 ssh_sandbox_child(struct ssh_sandbox *box)
 {
 	debug3("%s: ready", __func__);
-	signal(SIGCHLD, box->osigchld);
+	ssh_signal(SIGCHLD, box->osigchld);
 	if (kill(getpid(), SIGSTOP) != 0)
 		fatal("%s: kill(%d, SIGSTOP)", __func__, getpid());
 	debug3("%s: started", __func__);
@@ -133,7 +133,7 @@ ssh_sandbox_parent(struct ssh_sandbox *box, pid_t child_pid,
 	do {
 		pid = waitpid(child_pid, &status, WUNTRACED);
 	} while (pid == -1 && errno == EINTR);
-	signal(SIGCHLD, box->osigchld);
+	ssh_signal(SIGCHLD, box->osigchld);
 	if (!WIFSTOPPED(status)) {
 		if (WIFSIGNALED(status))
 			fatal("%s: child terminated with signal %d",
diff --git a/scp.c b/scp.c
index 762286c7..6901e0c9 100644
--- a/scp.c
+++ b/scp.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: scp.c,v 1.206 2019/09/09 02:31:19 dtucker Exp $ */
+/* $OpenBSD: scp.c,v 1.207 2020/01/23 07:10:22 dtucker Exp $ */
 /*
  * scp - secure remote copy.  This is basically patched BSD rcp which
  * uses ssh to do the data transfer (instead of using rcmd).
@@ -215,9 +215,9 @@ do_local_cmd(arglist *a)
 	}
 
 	do_cmd_pid = pid;
-	signal(SIGTERM, killchild);
-	signal(SIGINT, killchild);
-	signal(SIGHUP, killchild);
+	ssh_signal(SIGTERM, killchild);
+	ssh_signal(SIGINT, killchild);
+	ssh_signal(SIGHUP, killchild);
 
 	while (waitpid(pid, &status, 0) == -1)
 		if (errno != EINTR)
@@ -268,9 +268,9 @@ do_cmd(char *host, char *remuser, int port, char *cmd, int *fdin, int *fdout)
 	close(reserved[0]);
 	close(reserved[1]);
 
-	signal(SIGTSTP, suspchild);
-	signal(SIGTTIN, suspchild);
-	signal(SIGTTOU, suspchild);
+	ssh_signal(SIGTSTP, suspchild);
+	ssh_signal(SIGTTIN, suspchild);
+	ssh_signal(SIGTTOU, suspchild);
 
 	/* Fork a child to execute the command on the remote host using ssh. */
 	do_cmd_pid = fork();
@@ -307,9 +307,9 @@ do_cmd(char *host, char *remuser, int port, char *cmd, int *fdin, int *fdout)
 	*fdout = pin[1];
 	close(pout[1]);
 	*fdin = pout[0];
-	signal(SIGTERM, killchild);
-	signal(SIGINT, killchild);
-	signal(SIGHUP, killchild);
+	ssh_signal(SIGTERM, killchild);
+	ssh_signal(SIGINT, killchild);
+	ssh_signal(SIGHUP, killchild);
 	return 0;
 }
 
@@ -561,7 +561,7 @@ main(int argc, char **argv)
 	    iamrecursive ? " -r" : "", pflag ? " -p" : "",
 	    targetshouldbedirectory ? " -d" : "");
 
-	(void) signal(SIGPIPE, lostconn);
+	(void) ssh_signal(SIGPIPE, lostconn);
 
 	if (colon(argv[argc - 1]))	/* Dest is remote host. */
 		toremote(argc, argv);
diff --git a/serverloop.c b/serverloop.c
index 99d25920..1babc7a5 100644
--- a/serverloop.c
+++ b/serverloop.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: serverloop.c,v 1.218 2019/11/27 05:38:43 dtucker Exp $ */
+/* $OpenBSD: serverloop.c,v 1.219 2020/01/23 07:10:22 dtucker Exp $ */
 /*
  * Author: Tatu Ylonen <ylo at cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo at cs.hut.fi>, Espoo, Finland
@@ -402,15 +402,15 @@ server_loop2(struct ssh *ssh, Authctxt *authctxt)
 
 	debug("Entering interactive session for SSH2.");
 
-	signal(SIGCHLD, sigchld_handler);
+	ssh_signal(SIGCHLD, sigchld_handler);
 	child_terminated = 0;
 	connection_in = ssh_packet_get_connection_in(ssh);
 	connection_out = ssh_packet_get_connection_out(ssh);
 
 	if (!use_privsep) {
-		signal(SIGTERM, sigterm_handler);
-		signal(SIGINT, sigterm_handler);
-		signal(SIGQUIT, sigterm_handler);
+		ssh_signal(SIGTERM, sigterm_handler);
+		ssh_signal(SIGINT, sigterm_handler);
+		ssh_signal(SIGQUIT, sigterm_handler);
 	}
 
 	notify_setup();
diff --git a/session.c b/session.c
index e16f876c..8c0e54f7 100644
--- a/session.c
+++ b/session.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: session.c,v 1.317 2019/11/13 04:47:52 deraadt Exp $ */
+/* $OpenBSD: session.c,v 1.318 2020/01/23 07:10:22 dtucker Exp $ */
 /*
  * Copyright (c) 1995 Tatu Ylonen <ylo at cs.hut.fi>, Espoo, Finland
  *                    All rights reserved
@@ -1642,7 +1642,7 @@ do_child(struct ssh *ssh, Session *s, const char *command)
 	do_rc_files(ssh, s, shell);
 
 	/* restore SIGPIPE for child */
-	signal(SIGPIPE, SIG_DFL);
+	ssh_signal(SIGPIPE, SIG_DFL);
 
 	if (s->is_subsystem == SUBSYSTEM_INT_SFTP_ERROR) {
 		error("Connection from %s: refusing non-sftp session",
diff --git a/sftp.c b/sftp.c
index 54538ff9..ff14d3c2 100644
--- a/sftp.c
+++ b/sftp.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sftp.c,v 1.196 2019/11/01 03:54:33 djm Exp $ */
+/* $OpenBSD: sftp.c,v 1.197 2020/01/23 07:10:22 dtucker Exp $ */
 /*
  * Copyright (c) 2001-2004 Damien Miller <djm at openbsd.org>
  *
@@ -2243,7 +2243,7 @@ interactive_loop(struct sftp_conn *conn, char *file1, char *file2)
 	interactive = !batchmode && isatty(STDIN_FILENO);
 	err = 0;
 	for (;;) {
-		signal(SIGINT, SIG_IGN);
+		ssh_signal(SIGINT, SIG_IGN);
 
 		if (el == NULL) {
 			if (interactive)
@@ -2275,14 +2275,14 @@ interactive_loop(struct sftp_conn *conn, char *file1, char *file2)
 
 		/* Handle user interrupts gracefully during commands */
 		interrupted = 0;
-		signal(SIGINT, cmd_interrupt);
+		ssh_signal(SIGINT, cmd_interrupt);
 
 		err = parse_dispatch_command(conn, cmd, &remote_path,
 		    startdir, batchmode, !interactive && el == NULL);
 		if (err != 0)
 			break;
 	}
-	signal(SIGCHLD, SIG_DFL);
+	ssh_signal(SIGCHLD, SIG_DFL);
 	free(remote_path);
 	free(startdir);
 	free(conn);
@@ -2339,20 +2339,20 @@ connect_to_server(char *path, char **args, int *in, int *out)
 		 * kill it too.  Contrawise, since sftp sends SIGTERMs to the
 		 * underlying ssh, it must *not* ignore that signal.
 		 */
-		signal(SIGINT, SIG_IGN);
-		signal(SIGTERM, SIG_DFL);
+		ssh_signal(SIGINT, SIG_IGN);
+		ssh_signal(SIGTERM, SIG_DFL);
 		execvp(path, args);
 		fprintf(stderr, "exec: %s: %s\n", path, strerror(errno));
 		_exit(1);
 	}
 
-	signal(SIGTERM, killchild);
-	signal(SIGINT, killchild);
-	signal(SIGHUP, killchild);
-	signal(SIGTSTP, suspchild);
-	signal(SIGTTIN, suspchild);
-	signal(SIGTTOU, suspchild);
-	signal(SIGCHLD, sigchld_handler);
+	ssh_signal(SIGTERM, killchild);
+	ssh_signal(SIGINT, killchild);
+	ssh_signal(SIGHUP, killchild);
+	ssh_signal(SIGTSTP, suspchild);
+	ssh_signal(SIGTTIN, suspchild);
+	ssh_signal(SIGTTOU, suspchild);
+	ssh_signal(SIGCHLD, sigchld_handler);
 	close(c_in);
 	close(c_out);
 }
diff --git a/ssh-agent.c b/ssh-agent.c
index 09d12dc3..dd5d21d5 100644
--- a/ssh-agent.c
+++ b/ssh-agent.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-agent.c,v 1.251 2019/12/13 19:09:10 djm Exp $ */
+/* $OpenBSD: ssh-agent.c,v 1.252 2020/01/23 07:10:22 dtucker Exp $ */
 /*
  * Author: Tatu Ylonen <ylo at cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo at cs.hut.fi>, Espoo, Finland
@@ -1404,10 +1404,10 @@ skip:
 	if (ac > 0)
 		parent_alive_interval = 10;
 	idtab_init();
-	signal(SIGPIPE, SIG_IGN);
-	signal(SIGINT, (d_flag | D_flag) ? cleanup_handler : SIG_IGN);
-	signal(SIGHUP, cleanup_handler);
-	signal(SIGTERM, cleanup_handler);
+	ssh_signal(SIGPIPE, SIG_IGN);
+	ssh_signal(SIGINT, (d_flag | D_flag) ? cleanup_handler : SIG_IGN);
+	ssh_signal(SIGHUP, cleanup_handler);
+	ssh_signal(SIGTERM, cleanup_handler);
 
 	if (pledge("stdio rpath cpath unix id proc exec", NULL) == -1)
 		fatal("%s: pledge: %s", __progname, strerror(errno));
diff --git a/ssh-sk-client.c b/ssh-sk-client.c
index 359327b6..8d7e6c30 100644
--- a/ssh-sk-client.c
+++ b/ssh-sk-client.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-sk-client.c,v 1.6 2020/01/21 07:07:31 djm Exp $ */
+/* $OpenBSD: ssh-sk-client.c,v 1.7 2020/01/23 07:10:22 dtucker Exp $ */
 /*
  * Copyright (c) 2019 Google LLC
  *
@@ -39,6 +39,7 @@
 #include "digest.h"
 #include "pathnames.h"
 #include "ssh-sk.h"
+#include "misc.h"
 
 /* #define DEBUG_SK 1 */
 
@@ -73,13 +74,13 @@ start_helper(int *fdp, pid_t *pidp, void (**osigchldp)(int))
 		error("socketpair: %s", strerror(errno));
 		return SSH_ERR_SYSTEM_ERROR;
 	}
-	osigchld = signal(SIGCHLD, SIG_DFL);
+	osigchld = ssh_signal(SIGCHLD, SIG_DFL);
 	if ((pid = fork()) == -1) {
 		oerrno = errno;
 		error("fork: %s", strerror(errno));
 		close(pair[0]);
 		close(pair[1]);
-		signal(SIGCHLD, osigchld);
+		ssh_signal(SIGCHLD, osigchld);
 		errno = oerrno;
 		return SSH_ERR_SYSTEM_ERROR;
 	}
@@ -220,7 +221,7 @@ client_converse(struct sshbuf *msg, struct sshbuf **respp, u_int type)
 	}
 	sshbuf_free(req);
 	sshbuf_free(resp);
-	signal(SIGCHLD, osigchld);
+	ssh_signal(SIGCHLD, osigchld);
 	errno = oerrno;
 	return r;
 
diff --git a/ssh.c b/ssh.c
index 947558d1..c0511f2a 100644
--- a/ssh.c
+++ b/ssh.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh.c,v 1.511 2020/01/05 16:28:22 beck Exp $ */
+/* $OpenBSD: ssh.c,v 1.512 2020/01/23 07:10:22 dtucker Exp $ */
 /*
  * Author: Tatu Ylonen <ylo at cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo at cs.hut.fi>, Espoo, Finland
@@ -1535,8 +1535,8 @@ main(int ac, char **av)
 	    options.num_system_hostfiles);
 	tilde_expand_paths(options.user_hostfiles, options.num_user_hostfiles);
 
-	signal(SIGPIPE, SIG_IGN); /* ignore SIGPIPE early */
-	signal(SIGCHLD, main_sigchld_handler);
+	ssh_signal(SIGPIPE, SIG_IGN); /* ignore SIGPIPE early */
+	ssh_signal(SIGCHLD, main_sigchld_handler);
 
 	/* Log into the remote system.  Never returns if the login fails. */
 	ssh_login(ssh, &sensitive_data, host, (struct sockaddr *)&hostaddr,
diff --git a/sshbuf.c b/sshbuf.c
index adfddf77..f4f7a220 100644
--- a/sshbuf.c
+++ b/sshbuf.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: sshbuf.c,v 1.13 2018/11/16 06:10:29 djm Exp $	*/
+/*	$OpenBSD: sshbuf.c,v 1.14 2020/01/23 07:10:22 dtucker Exp $	*/
 /*
  * Copyright (c) 2011 Damien Miller
  *
@@ -42,7 +42,7 @@ sshbuf_check_sanity(const struct sshbuf *buf)
 	    buf->off > buf->size)) {
 		/* Do not try to recover from corrupted buffer internals */
 		SSHBUF_DBG(("SSH_ERR_INTERNAL_ERROR"));
-		signal(SIGSEGV, SIG_DFL);
+		ssh_signal(SIGSEGV, SIG_DFL);
 		raise(SIGSEGV);
 		return SSH_ERR_INTERNAL_ERROR;
 	}
diff --git a/sshconnect.c b/sshconnect.c
index a2d75981..69024071 100644
--- a/sshconnect.c
+++ b/sshconnect.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sshconnect.c,v 1.326 2020/01/22 07:38:30 dtucker Exp $ */
+/* $OpenBSD: sshconnect.c,v 1.327 2020/01/23 07:10:22 dtucker Exp $ */
 /*
  * Author: Tatu Ylonen <ylo at cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo at cs.hut.fi>, Espoo, Finland
@@ -259,7 +259,7 @@ ssh_proxy_connect(struct ssh *ssh, const char *host, const char *host_arg,
 
 		/* Execute the proxy command.  Note that we gave up any
 		   extra privileges above. */
-		signal(SIGPIPE, SIG_DFL);
+		ssh_signal(SIGPIPE, SIG_DFL);
 		execv(argv[0], argv);
 		perror(argv[0]);
 		exit(1);
@@ -1383,10 +1383,10 @@ ssh_local_cmd(const char *args)
 	if ((shell = getenv("SHELL")) == NULL || *shell == '\0')
 		shell = _PATH_BSHELL;
 
-	osighand = signal(SIGCHLD, SIG_DFL);
+	osighand = ssh_signal(SIGCHLD, SIG_DFL);
 	pid = fork();
 	if (pid == 0) {
-		signal(SIGPIPE, SIG_DFL);
+		ssh_signal(SIGPIPE, SIG_DFL);
 		debug3("Executing %s -c \"%s\"", shell, args);
 		execl(shell, shell, "-c", args, (char *)NULL);
 		error("Couldn't execute %s -c \"%s\": %s",
@@ -1397,7 +1397,7 @@ ssh_local_cmd(const char *args)
 	while (waitpid(pid, &status, 0) == -1)
 		if (errno != EINTR)
 			fatal("Couldn't wait for child: %s", strerror(errno));
-	signal(SIGCHLD, osighand);
+	ssh_signal(SIGCHLD, osighand);
 
 	if (!WIFEXITED(status))
 		return (1);
diff --git a/sshconnect2.c b/sshconnect2.c
index 7f52cc55..8d13310f 100644
--- a/sshconnect2.c
+++ b/sshconnect2.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sshconnect2.c,v 1.316 2020/01/23 02:46:49 dtucker Exp $ */
+/* $OpenBSD: sshconnect2.c,v 1.317 2020/01/23 07:10:22 dtucker Exp $ */
 /*
  * Copyright (c) 2000 Markus Friedl.  All rights reserved.
  * Copyright (c) 2008 Damien Miller.  All rights reserved.
@@ -1924,7 +1924,7 @@ ssh_keysign(struct ssh *ssh, struct sshkey *key, u_char **sigp, size_t *lenp,
 		error("%s: fork: %s", __func__, strerror(errno));
 		return -1;
 	}
-	osigchld = signal(SIGCHLD, SIG_DFL);
+	osigchld = ssh_signal(SIGCHLD, SIG_DFL);
 	if (pid == 0) {
 		close(from[0]);
 		if (dup2(from[1], STDOUT_FILENO) == -1)
@@ -1996,11 +1996,11 @@ ssh_keysign(struct ssh *ssh, struct sshkey *key, u_char **sigp, size_t *lenp,
 	if ((r = sshbuf_get_string(b, sigp, lenp)) != 0) {
 		error("%s: buffer error: %s", __func__, ssh_err(r));
  fail:
-		signal(SIGCHLD, osigchld);
+		ssh_signal(SIGCHLD, osigchld);
 		sshbuf_free(b);
 		return -1;
 	}
-	signal(SIGCHLD, osigchld);
+	ssh_signal(SIGCHLD, osigchld);
 	sshbuf_free(b);
 
 	return 0;
diff --git a/sshd.c b/sshd.c
index 46f693a8..c447edfe 100644
--- a/sshd.c
+++ b/sshd.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sshd.c,v 1.543 2020/01/21 22:39:57 djm Exp $ */
+/* $OpenBSD: sshd.c,v 1.544 2020/01/23 07:10:22 dtucker Exp $ */
 /*
  * Author: Tatu Ylonen <ylo at cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo at cs.hut.fi>, Espoo, Finland
@@ -313,7 +313,7 @@ sighup_restart(void)
 	close_listen_socks();
 	close_startup_pipes();
 	alarm(0);  /* alarm timer persists across exec */
-	signal(SIGHUP, SIG_IGN); /* will be restored after exec */
+	ssh_signal(SIGHUP, SIG_IGN); /* will be restored after exec */
 	execv(saved_argv[0], saved_argv);
 	logit("RESTART FAILED: av[0]='%.100s', error: %.100s.", saved_argv[0],
 	    strerror(errno));
@@ -342,6 +342,8 @@ main_sigchld_handler(int sig)
 	pid_t pid;
 	int status;
 
+	debug("main_sigchld_handler: %s", strsignal(sig));
+
 	while ((pid = waitpid(-1, &status, WNOHANG)) > 0 ||
 	    (pid == -1 && errno == EINTR))
 		;
@@ -363,7 +365,7 @@ grace_alarm_handler(int sig)
 	 * keys command helpers.
 	 */
 	if (getpgid(0) == getpid()) {
-		signal(SIGTERM, SIG_IGN);
+		ssh_signal(SIGTERM, SIG_IGN);
 		kill(0, SIGTERM);
 	}
 
@@ -1941,7 +1943,7 @@ main(int ac, char **av)
 		error("chdir(\"/\"): %s", strerror(errno));
 
 	/* ignore SIGPIPE */
-	signal(SIGPIPE, SIG_IGN);
+	ssh_signal(SIGPIPE, SIG_IGN);
 
 	/* Get a connection, either from inetd or a listening TCP socket */
 	if (inetd_flag) {
@@ -1950,10 +1952,10 @@ main(int ac, char **av)
 		platform_pre_listen();
 		server_listen();
 
-		signal(SIGHUP, sighup_handler);
-		signal(SIGCHLD, main_sigchld_handler);
-		signal(SIGTERM, sigterm_handler);
-		signal(SIGQUIT, sigterm_handler);
+		ssh_signal(SIGHUP, sighup_handler);
+		ssh_signal(SIGCHLD, main_sigchld_handler);
+		ssh_signal(SIGTERM, sigterm_handler);
+		ssh_signal(SIGQUIT, sigterm_handler);
 
 		/*
 		 * Write out the pid file after the sigterm handler
@@ -2043,12 +2045,12 @@ main(int ac, char **av)
 	 * will not restart on SIGHUP since it no longer makes sense.
 	 */
 	alarm(0);
-	signal(SIGALRM, SIG_DFL);
-	signal(SIGHUP, SIG_DFL);
-	signal(SIGTERM, SIG_DFL);
-	signal(SIGQUIT, SIG_DFL);
-	signal(SIGCHLD, SIG_DFL);
-	signal(SIGINT, SIG_DFL);
+	ssh_signal(SIGALRM, SIG_DFL);
+	ssh_signal(SIGHUP, SIG_DFL);
+	ssh_signal(SIGTERM, SIG_DFL);
+	ssh_signal(SIGQUIT, SIG_DFL);
+	ssh_signal(SIGCHLD, SIG_DFL);
+	ssh_signal(SIGINT, SIG_DFL);
 
 	/*
 	 * Register our connection.  This turns encryption off because we do
@@ -2109,7 +2111,7 @@ main(int ac, char **av)
 	 * mode; it is just annoying to have the server exit just when you
 	 * are about to discover the bug.
 	 */
-	signal(SIGALRM, grace_alarm_handler);
+	ssh_signal(SIGALRM, grace_alarm_handler);
 	if (!debug_flag)
 		alarm(options.login_grace_time);
 
@@ -2167,7 +2169,7 @@ main(int ac, char **av)
 	 * authentication.
 	 */
 	alarm(0);
-	signal(SIGALRM, SIG_DFL);
+	ssh_signal(SIGALRM, SIG_DFL);
 	authctxt->authenticated = 1;
 	if (startup_pipe != -1) {
 		close(startup_pipe);

-- 
To stop receiving notification emails like this one, please contact
djm at mindrot.org.


More information about the openssh-commits mailing list