[kex.c]
dh_need needs to be set to max(seclen, blocksize, ivlen, mac_len)
ok dtucker@, noted by mancha
+ - (djm) [configure.ac sandbox-capsicum.c sandbox-rlimit.c] Disable
+ RLIMIT_NOFILE pseudo-sandbox on FreeBSD. In some configurations,
+ libc will attempt to open additional file descriptors for crypto
+ offload and crash if they cannot be opened.
20130125
- (djm) [configure.ac] Fix detection of capsicum sandbox on FreeBSD
-# $Id: configure.ac,v 1.562 2014/01/25 02:16:59 djm Exp $
+# $Id: configure.ac,v 1.563 2014/01/25 22:39:53 djm Exp $
#
# Copyright (c) 1999-2004 Damien Miller
#
# OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
AC_INIT([OpenSSH], [Portable], [openssh-unix-dev@mindrot.org])
-AC_REVISION($Revision: 1.562 $)
+AC_REVISION($Revision: 1.563 $)
AC_CONFIG_SRCDIR([ssh.c])
AC_LANG([C])
AC_DEFINE([BROKEN_STRNVIS], [1],
[FreeBSD strnvis argument order is swapped compared to OpenBSD])
TEST_MALLOC_OPTIONS="AJRX"
+ # Preauth crypto occasionally uses file descriptors for crypto offload
+ # and will crash if they cannot be opened.
+ AC_DEFINE([SANDBOX_SKIP_RLIMIT_NOFILE])
;;
*-*-bsdi*)
AC_DEFINE([SETEUID_BREAKS_SETUID])
if (setrlimit(RLIMIT_FSIZE, &rl_zero) == -1)
fatal("%s: setrlimit(RLIMIT_FSIZE, { 0, 0 }): %s",
__func__, strerror(errno));
+#ifndef SANDBOX_SKIP_RLIMIT_NOFILE
if (setrlimit(RLIMIT_NOFILE, &rl_zero) == -1)
fatal("%s: setrlimit(RLIMIT_NOFILE, { 0, 0 }): %s",
__func__, strerror(errno));
+#endif
if (setrlimit(RLIMIT_NPROC, &rl_zero) == -1)
fatal("%s: setrlimit(RLIMIT_NPROC, { 0, 0 }): %s",
__func__, strerror(errno));
fatal("%s: setrlimit(RLIMIT_FSIZE, { 0, 0 }): %s",
__func__, strerror(errno));
#endif
+#ifndef SANDBOX_SKIP_RLIMIT_NOFILE
if (setrlimit(RLIMIT_NOFILE, &rl_zero) == -1)
fatal("%s: setrlimit(RLIMIT_NOFILE, { 0, 0 }): %s",
__func__, strerror(errno));
+#endif
#ifdef HAVE_RLIMIT_NPROC
if (setrlimit(RLIMIT_NPROC, &rl_zero) == -1)
fatal("%s: setrlimit(RLIMIT_NPROC, { 0, 0 }): %s",
projects / thirdparty / openssh-portable.git / commitdiff
