]> git.ipfire.org Git - thirdparty/openssh-portable.git/commitdiff
Defer seed_rng until after closefrom call.
authorDarren Tucker <dtucker@dtucker.net>
Tue, 8 Nov 2022 22:23:47 +0000 (09:23 +1100)
committerDarren Tucker <dtucker@dtucker.net>
Tue, 8 Nov 2022 22:23:47 +0000 (09:23 +1100)
seed_rng will initialize OpenSSL, and some engine providers (eg Intel's
QAT) will open descriptors for their own use.  bz#3483, patch from
joel.d.schuetze at intel.com, ok djm@

sshd.c

diff --git a/sshd.c b/sshd.c
index b4bb7d654adde5efd1ab0949ceb0c724557408b5..808d91ef2ffaaae25f6c07aeb8738eb23887f671 100644 (file)
--- a/sshd.c
+++ b/sshd.c
@@ -1580,8 +1580,6 @@ main(int ac, char **av)
        /* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */
        sanitise_stdfd();
 
-       seed_rng();
-
        /* Initialize configuration options to their default values. */
        initialize_server_options(&options);
 
@@ -1703,6 +1701,8 @@ main(int ac, char **av)
        else
                closefrom(REEXEC_DEVCRYPTO_RESERVED_FD);
 
+       seed_rng();
+
        /* If requested, redirect the logs to the specified logfile. */
        if (logfile != NULL)
                log_redirect_stderr_to(logfile);