From: Darren Tucker <dtucker@dtucker.net>
Date: Fri, 25 Jun 2021 05:08:18 +0000 (+1000)
Subject: Move closefrom() to before first malloc.
X-Git-Tag: V_8_7_P1~138
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=c9f7bba2e6f70b7ac1f5ea190d890cb5162ce127;p=thirdparty%2Fopenssh-portable.git

Move closefrom() to before first malloc.

When built against tcmalloc, tcmalloc allocates a descriptor for its
internal use, so calling closefrom() afterward causes the descriptor
number to be reused resulting in a corrupted connection.  Moving the
closefrom a little earlier should resolve this.  From kircherlike at
outlook.com via bz#3321, ok djm@
---

diff --git a/ssh.c b/ssh.c
index cf8c018ec..0343cba32 100644
--- a/ssh.c
+++ b/ssh.c
@@ -653,6 +653,12 @@ main(int ac, char **av)
 	/* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */
 	sanitise_stdfd();
 
+	/*
+	 * Discard other fds that are hanging around. These can cause problem
+	 * with backgrounded ssh processes started by ControlPersist.
+	 */
+	closefrom(STDERR_FILENO + 1);
+
 	__progname = ssh_get_progname(av[0]);
 
 #ifndef HAVE_SETPROCTITLE
@@ -668,12 +674,6 @@ main(int ac, char **av)
 
 	seed_rng();
 
-	/*
-	 * Discard other fds that are hanging around. These can cause problem
-	 * with backgrounded ssh processes started by ControlPersist.
-	 */
-	closefrom(STDERR_FILENO + 1);
-
 	/* Get user data. */
 	pw = getpwuid(getuid());
 	if (!pw) {