aboutsummaryrefslogtreecommitdiff
path: root/crypto
diff options
context:
space:
mode:
authorEd Maste <emaste@FreeBSD.org>2022-04-13 20:50:11 +0000
committerEd Maste <emaste@FreeBSD.org>2022-04-13 20:53:20 +0000
commit58def461e256e3a05c3ff15a87ed702fe0c3662c (patch)
tree151f266f30fea824004cc74e700357d6f5b7eb13 /crypto
parent1323ec571215a77ddd21294f0871979d5ad6b992 (diff)
parent9b7e085bc027cd9fe4c54e71b49e276559d82983 (diff)
Diffstat (limited to 'crypto')
-rw-r--r--crypto/openssh/auth-rhosts.c5
-rw-r--r--crypto/openssh/openbsd-compat/fmt_scaled.c32
-rw-r--r--crypto/openssh/sandbox-seccomp-filter.c3
-rw-r--r--crypto/openssh/sshd.c29
4 files changed, 44 insertions, 25 deletions
diff --git a/crypto/openssh/auth-rhosts.c b/crypto/openssh/auth-rhosts.c
index cac5cd84d868..4fc9252a6b61 100644
--- a/crypto/openssh/auth-rhosts.c
+++ b/crypto/openssh/auth-rhosts.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: auth-rhosts.c,v 1.55 2022/02/23 11:15:57 djm Exp $ */
+/* $OpenBSD: auth-rhosts.c,v 1.56 2022/02/23 21:21:49 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -19,6 +19,7 @@
#include <sys/types.h>
#include <sys/stat.h>
+#include <fcntl.h>
#ifdef HAVE_NETGROUP_H
# include <netgroup.h>
#endif
@@ -26,7 +27,7 @@
#include <stdio.h>
#include <string.h>
#include <stdarg.h>
-#include <fcntl.h>
+#include <stdlib.h>
#include <unistd.h>
#include "packet.h"
diff --git a/crypto/openssh/openbsd-compat/fmt_scaled.c b/crypto/openssh/openbsd-compat/fmt_scaled.c
index 2f76ef931bb1..87d40d2d38c0 100644
--- a/crypto/openssh/openbsd-compat/fmt_scaled.c
+++ b/crypto/openssh/openbsd-compat/fmt_scaled.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: fmt_scaled.c,v 1.17 2018/05/14 04:39:04 djm Exp $ */
+/* $OpenBSD: fmt_scaled.c,v 1.21 2022/03/11 07:29:53 dtucker Exp $ */
/*
* Copyright (c) 2001, 2002, 2003 Ian F. Darwin. All rights reserved.
@@ -54,9 +54,9 @@ typedef enum {
} unit_type;
/* These three arrays MUST be in sync! XXX make a struct */
-static unit_type units[] = { NONE, KILO, MEGA, GIGA, TERA, PETA, EXA };
-static char scale_chars[] = "BKMGTPE";
-static long long scale_factors[] = {
+static const unit_type units[] = { NONE, KILO, MEGA, GIGA, TERA, PETA, EXA };
+static const char scale_chars[] = "BKMGTPE";
+static const long long scale_factors[] = {
1LL,
1024LL,
1024LL*1024,
@@ -153,10 +153,8 @@ scan_scaled(char *scaled, long long *result)
}
}
- if (sign) {
+ if (sign)
whole *= sign;
- fpart *= sign;
- }
/* If no scale factor given, we're done. fraction is discarded. */
if (!*p) {
@@ -191,7 +189,8 @@ scan_scaled(char *scaled, long long *result)
/* truncate fpart so it doesn't overflow.
* then scale fractional part.
*/
- while (fpart >= LLONG_MAX / scale_fact) {
+ while (fpart >= LLONG_MAX / scale_fact ||
+ fpart <= LLONG_MIN / scale_fact) {
fpart /= 10;
fract_digits--;
}
@@ -200,7 +199,10 @@ scan_scaled(char *scaled, long long *result)
for (i = 0; i < fract_digits -1; i++)
fpart /= 10;
}
- whole += fpart;
+ if (sign == -1)
+ whole -= fpart;
+ else
+ whole += fpart;
*result = whole;
return 0;
}
@@ -222,12 +224,16 @@ fmt_scaled(long long number, char *result)
unsigned int i;
unit_type unit = NONE;
+ /* Not every negative long long has a positive representation. */
+ if (number == LLONG_MIN) {
+ errno = ERANGE;
+ return -1;
+ }
+
abval = llabs(number);
- /* Not every negative long long has a positive representation.
- * Also check for numbers that are just too darned big to format
- */
- if (abval < 0 || abval / 1024 >= scale_factors[SCALE_LENGTH-1]) {
+ /* Also check for numbers that are just too darned big to format. */
+ if (abval / 1024 >= scale_factors[SCALE_LENGTH-1]) {
errno = ERANGE;
return -1;
}
diff --git a/crypto/openssh/sandbox-seccomp-filter.c b/crypto/openssh/sandbox-seccomp-filter.c
index 2e065ba3edb6..4ce80cb2a739 100644
--- a/crypto/openssh/sandbox-seccomp-filter.c
+++ b/crypto/openssh/sandbox-seccomp-filter.c
@@ -276,6 +276,9 @@ static const struct sock_filter preauth_insns[] = {
#ifdef __NR_ppoll
SC_ALLOW(__NR_ppoll),
#endif
+#ifdef __NR_ppoll_time64
+ SC_ALLOW(__NR_ppoll_time64),
+#endif
#ifdef __NR_poll
SC_ALLOW(__NR_poll),
#endif
diff --git a/crypto/openssh/sshd.c b/crypto/openssh/sshd.c
index 1430efc22918..d1492fa3fcd4 100644
--- a/crypto/openssh/sshd.c
+++ b/crypto/openssh/sshd.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sshd.c,v 1.583 2022/02/01 07:57:32 dtucker Exp $ */
+/* $OpenBSD: sshd.c,v 1.584 2022/03/01 01:59:19 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -1156,9 +1156,9 @@ static void
server_accept_loop(int *sock_in, int *sock_out, int *newsock, int *config_s)
{
struct pollfd *pfd = NULL;
- int i, j, ret;
+ int i, j, ret, npfd;
int ostartups = -1, startups = 0, listening = 0, lameduck = 0;
- int startup_p[2] = { -1 , -1 };
+ int startup_p[2] = { -1 , -1 }, *startup_pollfd;
char c = 0;
struct sockaddr_storage from;
socklen_t fromlen;
@@ -1174,6 +1174,7 @@ server_accept_loop(int *sock_in, int *sock_out, int *newsock, int *config_s)
/* pipes connected to unauthenticated child sshd processes */
startup_pipes = xcalloc(options.max_startups, sizeof(int));
startup_flags = xcalloc(options.max_startups, sizeof(int));
+ startup_pollfd = xcalloc(options.max_startups, sizeof(int));
for (i = 0; i < options.max_startups; i++)
startup_pipes[i] = -1;
@@ -1189,6 +1190,7 @@ server_accept_loop(int *sock_in, int *sock_out, int *newsock, int *config_s)
sigaddset(&nsigset, SIGTERM);
sigaddset(&nsigset, SIGQUIT);
+ /* sized for worst-case */
pfd = xcalloc(num_listen_socks + options.max_startups,
sizeof(struct pollfd));
@@ -1228,24 +1230,31 @@ server_accept_loop(int *sock_in, int *sock_out, int *newsock, int *config_s)
pfd[i].fd = listen_socks[i];
pfd[i].events = POLLIN;
}
+ npfd = num_listen_socks;
for (i = 0; i < options.max_startups; i++) {
- pfd[num_listen_socks+i].fd = startup_pipes[i];
- if (startup_pipes[i] != -1)
- pfd[num_listen_socks+i].events = POLLIN;
+ startup_pollfd[i] = -1;
+ if (startup_pipes[i] != -1) {
+ pfd[npfd].fd = startup_pipes[i];
+ pfd[npfd].events = POLLIN;
+ startup_pollfd[i] = npfd++;
+ }
}
/* Wait until a connection arrives or a child exits. */
- ret = ppoll(pfd, num_listen_socks + options.max_startups,
- NULL, &osigset);
- if (ret == -1 && errno != EINTR)
+ ret = ppoll(pfd, npfd, NULL, &osigset);
+ if (ret == -1 && errno != EINTR) {
error("ppoll: %.100s", strerror(errno));
+ if (errno == EINVAL)
+ cleanup_exit(1); /* can't recover */
+ }
sigprocmask(SIG_SETMASK, &osigset, NULL);
if (ret == -1)
continue;
for (i = 0; i < options.max_startups; i++) {
if (startup_pipes[i] == -1 ||
- !(pfd[num_listen_socks+i].revents & (POLLIN|POLLHUP)))
+ startup_pollfd[i] == -1 ||
+ !(pfd[startup_pollfd[i]].revents & (POLLIN|POLLHUP)))
continue;
switch (read(startup_pipes[i], &c, sizeof(c))) {
case -1:
generated by cgit v1.3 (git 2.53.0) at 2026-04-18 04:40:34 +0000