- djm@cvs.openbsd.org 2010/01/29 00:20:41

[sshd.c]
     set FD_CLOEXEC on sock_in/sock_out; bz#1706 from jchadima AT redhat.com
     ok dtucker@

ChangeLog

@@ -5,6 +5,10 @@
      downgrade an error() to a debug() - this particular case can be hit in
      normal operation for certain sequences of mux slave vs session closure
      and is harmless
+   - djm@cvs.openbsd.org 2010/01/29 00:20:41
+     [sshd.c]
+     set FD_CLOEXEC on sock_in/sock_out; bz#1706 from jchadima AT redhat.com
+     ok dtucker@
 
 20100129
  - (dtucker) [openbsd-compat/openssl-compat.c] Bug #1707: Call OPENSSL_config()

mux.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: mux.c,v 1.12 2010/01/27 13:26:17 djm Exp $ */
+/* $OpenBSD: mux.c,v 1.13 2010/01/29 20:16:17 djm Exp $ */
 /*
  * Copyright (c) 2002-2008 Damien Miller <djm@openbsd.org>
  *
@@ -212,7 +212,7 @@ mux_master_control_cleanup_cb(int cid, void *unused)
 		sc->ctl_chan = -1;
 		if (sc->type != SSH_CHANNEL_OPEN) {
 			debug2("%s: channel %d: not open", __func__, sc->self);
-			chan_mark_dead(c);
+			chan_mark_dead(sc);
 		} else {
 			chan_read_failed(sc);
 			chan_write_failed(sc);

sshd.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: sshd.c,v 1.371 2010/01/13 03:48:13 djm Exp $ */
+/* $OpenBSD: sshd.c,v 1.372 2010/01/29 00:20:41 djm Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -1748,6 +1748,10 @@ main(int ac, char **av)
 		    sock_in, sock_out, newsock, startup_pipe, config_s[0]);
 	}
 
+	/* Executed child processes don't need these. */
+	fcntl(sock_out, F_SETFD, FD_CLOEXEC);
+	fcntl(sock_in, F_SETFD, FD_CLOEXEC);
+
 	/*
 	 * Disable the key regeneration alarm.  We will not regenerate the
 	 * key since we are no longer in a position to give it to anyone. We