upstream: cleanup file descriptors across PKCS#11 client/helper

execution; ok markus

OpenBSD-Commit-ID: 993628a5b361e30aa48bbb4c07667a280f3f23ab

diff --git a/ssh-pkcs11-client.c b/ssh-pkcs11-client.c
index 85afb62ac6f441c58f27291df6119fdf4f873f05..e58292628b0abe1ad0d74cd6437aaac78f3555a8 100644 (file)
--- a/ssh-pkcs11-client.c
+++ b/ssh-pkcs11-client.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-pkcs11-client.c,v 1.24 2025/07/30 10:17:13 dtucker Exp $ */
+/* $OpenBSD: ssh-pkcs11-client.c,v 1.25 2025/10/31 01:50:43 djm Exp $ */
 /*
  * Copyright (c) 2010 Markus Friedl.  All rights reserved.
  * Copyright (c) 2014 Pedro Martelletto. All rights reserved.
@@ -355,6 +355,7 @@ pkcs11_start_helper(const char *path)
                }
                close(pair[0]);
                close(pair[1]);
+               closefrom(STDERR_FILENO + 1);
                prog = getenv("SSH_PKCS11_HELPER");
                if (prog == NULL || strlen(prog) == 0)
                        prog = _PATH_SSH_PKCS11_HELPER;

diff --git a/ssh-pkcs11-helper.c b/ssh-pkcs11-helper.c
index aeb5b7a8a924f4588951ca9ab4e802e07ba14241..838610d96d273a8c2827bc78882946db3c3f0b7b 100644 (file)
--- a/ssh-pkcs11-helper.c
+++ b/ssh-pkcs11-helper.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-pkcs11-helper.c,v 1.29 2025/07/30 04:27:42 djm Exp $ */
+/* $OpenBSD: ssh-pkcs11-helper.c,v 1.30 2025/10/31 01:50:43 djm Exp $ */
 /*
  * Copyright (c) 2010 Markus Friedl.  All rights reserved.
  *
@@ -222,6 +222,8 @@ main(int argc, char **argv)
        __progname = ssh_get_progname(argv[0]);
        seed_rng();
 
+       sanitise_stdfd();
+       closefrom(STDERR_FILENO + 1);
        log_init(__progname, log_level, log_facility, log_stderr);
 
        while ((ch = getopt(argc, argv, "v")) != -1) {