upstream: sshd listener must not block if reexecd sshd exits

in write(2) on config_s[0] if the forked child exits early before finishing
recv_rexec_state (e.g. with fatal()) because config_s[1] stays open in the
parent. this prevents the parent from accepting new connections. ok djm,
deraadt

OpenBSD-Commit-ID: 92ccfeb939ccd55bda914dc3fe84582158c4a9ef

diff --git a/sshd.c b/sshd.c
index a345bae7012f3ddab864d771caf6a11d50b5e7c8..4151e11fef1808a532782c238409a321ef3c18d4 100644 (file)
--- a/sshd.c
+++ b/sshd.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sshd.c,v 1.553 2020/05/08 05:13:14 djm Exp $ */
+/* $OpenBSD: sshd.c,v 1.554 2020/05/15 08:34:03 markus Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -1270,6 +1270,7 @@ server_accept_loop(int *sock_in, int *sock_out, int *newsock, int *config_s)
                                startup_pipe = -1;
                                pid = getpid();
                                if (rexec_flag) {
+                                       close(config_s[1]);
                                        send_rexec_state(config_s[0], cfg);
                                        close(config_s[0]);
                                }
@@ -1328,9 +1329,9 @@ server_accept_loop(int *sock_in, int *sock_out, int *newsock, int *config_s)
                        close(startup_p[1]);
 
                        if (rexec_flag) {
+                               close(config_s[1]);
                                send_rexec_state(config_s[0], cfg);
                                close(config_s[0]);
-                               close(config_s[1]);
                        }
                        close(*newsock);