upstream commit

fd leaks; report Qualys Security Advisory team; ok
 deraadt@

Upstream-ID: 4ec0f12b9d8fa202293c9effa115464185aa071d

diff --git a/sshconnect.c b/sshconnect.c
index a22710d9f742a4b3d334403cbcebdb3025a43b95..356ec79f0a0e8aeac499303b8f2e1814ec219a6f 100644 (file)
--- a/sshconnect.c
+++ b/sshconnect.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sshconnect.c,v 1.270 2016/01/14 16:17:40 markus Exp $ */
+/* $OpenBSD: sshconnect.c,v 1.271 2016/01/14 22:56:56 markus Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -167,6 +167,7 @@ ssh_proxy_fdpass_connect(const char *host, u_short port,
 
        if ((sock = mm_receive_fd(sp[1])) == -1)
                fatal("proxy dialer did not pass back a connection");
+       close(sp[1]);
 
        while (waitpid(pid, NULL, 0) == -1)
                if (errno != EINTR)

diff --git a/sshconnect2.c b/sshconnect2.c
index 1f918533f9eed3f36168d407779ba83a901d8f06..4d426c33c24b3f81534afc97cc1438e8d21e6992 100644 (file)
--- a/sshconnect2.c
+++ b/sshconnect2.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sshconnect2.c,v 1.236 2016/01/14 16:17:40 markus Exp $ */
+/* $OpenBSD: sshconnect2.c,v 1.237 2016/01/14 22:56:56 markus Exp $ */
 /*
  * Copyright (c) 2000 Markus Friedl.  All rights reserved.
  * Copyright (c) 2008 Damien Miller.  All rights reserved.
@@ -1344,6 +1344,7 @@ pubkey_prepare(Authctxt *authctxt)
                if (r != SSH_ERR_AGENT_NO_IDENTITIES)
                        debug("%s: ssh_fetch_identitylist: %s",
                            __func__, ssh_err(r));
+               close(agent_fd);
        } else {
                for (j = 0; j < idlist->nkeys; j++) {
                        found = 0;