openssh unix dev - Jul 2005 - OpenSSH PAM "thread" buglet

Hi all,
the attached patch ensure that only one side of the authentication
socketpair stays open on both sides. This should make the code
more robust by detecting the dead of the process on the other side.
This applies to the non-pthread case only.

Joerg 
-------------- next part --------------
Index: auth-pam.c
==================================================================RCS file:
/home/joerg/wd/repository/dragonflybsd/src/crypto/openssh-4/auth-pam.c,v
retrieving revision 1.1
diff -u -r1.1 auth-pam.c
--- auth-pam.c	14 Jul 2005 13:10:21 -0000	1.1
+++ auth-pam.c	14 Jul 2005 13:25:58 -0000
@@ -150,6 +150,7 @@
     void *(*thread_start)(void *), void *arg)
 {
 	pid_t pid;
+	struct pam_ctxt *ctx = arg;
 
 	sshpam_thread_status = -1;
 	switch ((pid = fork())) {
@@ -157,10 +158,14 @@
 		error("fork(): %s", strerror(errno));
 		return (-1);
 	case 0:
+		close(ctx->pam_psock);
+		ctx->pam_psock = -1;
 		thread_start(arg);
 		_exit(1);
 	default:
 		*thread = pid;
+		close(ctx->pam_csock);
+		ctx->pam_csock = -1;
 		sshpam_oldsig = signal(SIGCHLD, sshpam_sigchld_handler);
 		return (0);
 	}

Joerg Sonnenberger wrote:
> Hi all,
> the attached patch ensure that only one side of the authentication
> socketpair stays open on both sides. This should make the code
> more robust by detecting the dead of the process on the other side.
> This applies to the non-pthread case only.
Can you give an example where it would make a difference?  The death of 
the child process should already be caught by the SIGCHLD.  Or are you 
talking about the parent dying unexpectedly and the child not getting a 
SIGPIPE?

-- 
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4  37C9 C982 80C7 8FF4 FA69
     Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.