upstream: stricter validation of messaging socket fd number; disallow

author djm@openbsd.org <djm@openbsd.org>

Tue, 30 Apr 2024 05:53:03 +0000 (05:53 +0000)

committer Damien Miller <djm@mindrot.org>

Tue, 30 Apr 2024 05:53:26 +0000 (15:53 +1000)
author djm@openbsd.org <djm@openbsd.org>
Tue, 30 Apr 2024 05:53:03 +0000 (05:53 +0000)
committer Damien Miller <djm@mindrot.org>
Tue, 30 Apr 2024 05:53:26 +0000 (15:53 +1000)
diff --git a/ssh-keysign.c b/ssh-keysign.c

index c54a4bbb7983864347e3226a626bcf5ecc66b24a..968344e7946f9d157f713c085451503cd578f751 100644 (file)
--- a/ssh-keysign.c
+++ b/ssh-keysign.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-keysign.c,v 1.73 2024/01/11 01:51:16 djm Exp $ */
+/* $OpenBSD: ssh-keysign.c,v 1.74 2024/04/30 05:53:03 djm Exp $ */
  /*
   * Copyright (c) 2002 Markus Friedl.  All rights reserved.
   *
@@ -268,7 +268,7 @@ main(int argc, char **argv)
                     __progname, rver, version);
         if ((r = sshbuf_get_u32(b, (u_int *)&fd)) != 0)
                 fatal_r(r, "%s: buffer error", __progname);
-       if (fd < 0 || fd == STDIN_FILENO || fd == STDOUT_FILENO)
+       if (fd <= STDERR_FILENO)
                 fatal("%s: bad fd = %d", __progname, fd);
         if ((host = get_local_name(fd)) == NULL)
                 fatal("%s: cannot get local name for fd", __progname);
author	djm@openbsd.org <djm@openbsd.org>
	Tue, 30 Apr 2024 05:53:03 +0000 (05:53 +0000)
committer	Damien Miller <djm@mindrot.org>
	Tue, 30 Apr 2024 05:53:26 +0000 (15:53 +1000)