[openssh/f19] fix fatal() cleanup in the audit patch (#1029074)

plautrba plautrba at fedoraproject.org
Mon May 19 14:05:08 UTC 2014 

commit 5eab591ecfb43ea9de1103176b28015f8d18c3b1
Author: Petr Lautrbach <plautrba at redhat.com>
Date:   Mon May 19 11:36:26 2014 +0200

    fix fatal() cleanup in the audit patch (#1029074)

 openssh-6.2p1-audit.patch |   23 ++++++++++++++++-------
 1 files changed, 16 insertions(+), 7 deletions(-)
---
diff --git a/openssh-6.2p1-audit.patch b/openssh-6.2p1-audit.patch
index 9a5d23c..5e445b0 100644
--- a/openssh-6.2p1-audit.patch
+++ b/openssh-6.2p1-audit.patch
@@ -1670,7 +1670,7 @@ index 0c7f2e3..f47c7df 100644
  
  struct Session;
 diff --git a/packet.c b/packet.c
-index a51c1f2..faa3a85 100644
+index 06406dc..0e58db3 100644
 --- a/packet.c
 +++ b/packet.c
 @@ -60,6 +60,7 @@
@@ -1780,7 +1780,7 @@ index a51c1f2..faa3a85 100644
  	}
  	active_state->newkeys[mode] = kex_get_newkeys(mode);
  	if (active_state->newkeys[mode] == NULL)
-@@ -1971,6 +1989,47 @@ packet_get_newkeys(int mode)
+@@ -1975,6 +1993,47 @@ packet_get_newkeys(int mode)
  	return (void *)active_state->newkeys[mode];
  }
  
@@ -1828,7 +1828,7 @@ index a51c1f2..faa3a85 100644
  /*
   * Save the state for the real connection, and use a separate state when
   * resuming a suspended connection.
-@@ -1978,18 +2037,12 @@ packet_get_newkeys(int mode)
+@@ -1982,18 +2041,12 @@ packet_get_newkeys(int mode)
  void
  packet_backup_state(void)
  {
@@ -1848,7 +1848,7 @@ index a51c1f2..faa3a85 100644
  }
  
  /*
-@@ -2006,9 +2059,7 @@ packet_restore_state(void)
+@@ -2010,9 +2063,7 @@ packet_restore_state(void)
  	backup_state = active_state;
  	active_state = tmp;
  	active_state->connection_in = backup_state->connection_in;
@@ -1858,7 +1858,7 @@ index a51c1f2..faa3a85 100644
  	len = buffer_len(&backup_state->input);
  	if (len > 0) {
  		buf = buffer_ptr(&backup_state->input);
-@@ -2016,4 +2067,10 @@ packet_restore_state(void)
+@@ -2020,4 +2071,10 @@ packet_restore_state(void)
  		buffer_clear(&backup_state->input);
  		add_recv_bytes(len);
  	}
@@ -2063,7 +2063,7 @@ index cbb8e3a..fc6a7d3 100644
  void	 session_close(Session *);
  void	 do_setusercontext(struct passwd *);
 diff --git a/sshd.c b/sshd.c
-index 740ef4b..9aff64c 100644
+index 740ef4b..61ab3f5 100644
 --- a/sshd.c
 +++ b/sshd.c
 @@ -118,6 +118,7 @@
@@ -2187,6 +2187,15 @@ index 740ef4b..9aff64c 100644
  		}
  		/* Certs do not need demotion */
  	}
+@@ -646,7 +697,7 @@ privsep_preauth(Authctxt *authctxt)
+ 
+ 	if (use_privsep == PRIVSEP_ON)
+ 		box = ssh_sandbox_init();
+-	pid = fork();
++	pmonitor->m_pid = pid = fork();
+ 	if (pid == -1) {
+ 		fatal("fork of unprivileged child failed");
+ 	} else if (pid != 0) {
 @@ -700,6 +751,8 @@ privsep_preauth(Authctxt *authctxt)
  	}
  }
@@ -2283,7 +2292,7 @@ index 740ef4b..9aff64c 100644
  				    pmonitor->m_pid, strerror(errno));
  		}
  	}
-+	is_privsep_child = use_privsep && pmonitor != NULL && !mm_is_monitor();
++	is_privsep_child = use_privsep && pmonitor != NULL && pmonitor->m_pid == 0;
 +	if (sensitive_data.host_keys != NULL)
 +		destroy_sensitive_data(is_privsep_child);
 +	packet_destroy_all(1, is_privsep_child);

More information about the scm-commits mailing list