- djm@cvs.openbsd.org 2013/11/20 02:19:01

     [sshd.c]
     delay closure of in/out fds until after "Bad protocol version
     identification..." message, as get_remote_ipaddr/get_remote_port
     require them open.

diff --git a/ChangeLog b/ChangeLog
index 381b2a961ebf034473fa1fe1aed4415d9fad269a..f39031200466acff1bd2559ee97f786991f8b1d7 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -6,6 +6,11 @@
    - markus@cvs.openbsd.org 2013/11/13 13:48:20
      [ssh-pkcs11.c]
      add missing braces found by pedro
+   - djm@cvs.openbsd.org 2013/11/20 02:19:01
+     [sshd.c]
+     delay closure of in/out fds until after "Bad protocol version
+     identification..." message, as get_remote_ipaddr/get_remote_port
+     require them open.
 
 20131110
  - (dtucker) [regress/keytype.sh] Populate ECDSA key types to be tested by

diff --git a/sshd.c b/sshd.c
index 8a62fc1a64c69cdb0e711e57de081ebe3097589d..a53deab3b4b4592a8df5f1a386dd8528cc28c8af 100644 (file)
--- a/sshd.c
+++ b/sshd.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sshd.c,v 1.410 2013/11/02 21:59:15 markus Exp $ */
+/* $OpenBSD: sshd.c,v 1.411 2013/11/20 02:19:01 djm Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -480,11 +480,11 @@ sshd_exchange_identification(int sock_in, int sock_out)
            &remote_major, &remote_minor, remote_version) != 3) {
                s = "Protocol mismatch.\n";
                (void) atomicio(vwrite, sock_out, s, strlen(s));
-               close(sock_in);
-               close(sock_out);
                logit("Bad protocol version identification '%.100s' "
                    "from %s port %d", client_version_string,
                    get_remote_ipaddr(), get_remote_port());
+               close(sock_in);
+               close(sock_out);
                cleanup_exit(255);
        }
        debug("Client protocol version %d.%d; client software version %.100s",