openssh bugs - Apr 2018 - [Bug 2862] New: "void closefrom(int lowfd)" doesn't handle potential snprintf output truncation correctly

https://bugzilla.mindrot.org/show_bug.cgi?id=2862

            Bug ID: 2862
           Summary: "void closefrom(int lowfd)" doesn't handle
potential
                    snprintf output truncation correctly
           Product: Portable OpenSSH
           Version: 7.7p1
          Hardware: amd64
                OS: Linux
            Status: NEW
          Severity: minor
          Priority: P5
         Component: ssh
          Assignee: unassigned-bugs at mindrot.org
          Reporter: greenrecyclebin at gmail.com

Created attachment 3145
  --> https://bugzilla.mindrot.org/attachment.cgi?id=3145&action=edit
Fix check that snprintf succeeded and the output was not truncated

While researching why ssh closes file descriptors > STDERR_FILENO (i.e.
"$ ssh -F <(echo) host" fails with "Can't open user config
file
/dev/fd/63: No such file or directory"), I noticed that "void
closefrom(int lowfd)" doesn't handle potential snprintf output
truncation correctly. I've attached a patch that fixes this issue.

A Google search for "closefrom.c,v 1.11" shows that this
implementation
is widely reused, e.g. in tmux, or opendoas
(https://pi.duncano.de/git/opendoas/commit/01a8fd6567f520a5e8b0d6262f05c645f02e69a1.html#h2-0-79).

According to
https://github.com/openssh/openssh-portable/commit/d018b2e9c88f6669c68f3343dbbf53e6084e8ff7,
this implementation was adapted from the one included in sudo. However,
I wasn't able to find a release version of sudo
(https://www.sudo.ws/dist/OLD/) that contains "__unused static const
char rcsid[] = "$Sudo: closefrom.c,v 1.11 2006/08/17 15:26:54 millert
Exp $";". (Apparently, it must have existed some time between v1.6.8
and v1.6.9.)

-- 
You are receiving this mail because:
You are watching the assignee of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=2862

Damien Miller <djm at mindrot.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |djm at mindrot.org
             Blocks|                            |2852
             Status|NEW                         |RESOLVED
         Resolution|---                         |FIXED

--- Comment #1 from Damien Miller <djm at mindrot.org> ---
Thanks, I just committed this.


Referenced Bugs:

https://bugzilla.mindrot.org/show_bug.cgi?id=2852
[Bug 2852] Tracking bug for OpenSSH 7.8 release
-- 
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=2862

Damien Miller <djm at mindrot.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|RESOLVED                    |CLOSED

--- Comment #2 from Damien Miller <djm at mindrot.org> ---
Close RESOLVED bugs with the release of openssh-8.0

-- 
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.