ssh: update with post-release V_8_9 branch commits

MFC after:	1 month
Sponsored by:	The FreeBSD Foundation

crypto/openssh/auth-rhosts.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: auth-rhosts.c,v 1.55 2022/02/23 11:15:57 djm Exp $ */
+/* $OpenBSD: auth-rhosts.c,v 1.56 2022/02/23 21:21:49 djm Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -19,6 +19,7 @@
 #include <sys/types.h>
 #include <sys/stat.h>
 
+#include <fcntl.h>
 #ifdef HAVE_NETGROUP_H
 # include <netgroup.h>
 #endif
@@ -26,7 +27,7 @@
 #include <stdio.h>
 #include <string.h>
 #include <stdarg.h>
-#include <fcntl.h>
+#include <stdlib.h>
 #include <unistd.h>
 
 #include "packet.h"

crypto/openssh/openbsd-compat/fmt_scaled.c

@@ -1,4 +1,4 @@
-/*	$OpenBSD: fmt_scaled.c,v 1.17 2018/05/14 04:39:04 djm Exp $	*/
+/*	$OpenBSD: fmt_scaled.c,v 1.21 2022/03/11 07:29:53 dtucker Exp $	*/
 
 /*
  * Copyright (c) 2001, 2002, 2003 Ian F. Darwin.  All rights reserved.
@@ -54,9 +54,9 @@ typedef enum {
 } unit_type;
 
 /* These three arrays MUST be in sync!  XXX make a struct */
-static unit_type units[] = { NONE, KILO, MEGA, GIGA, TERA, PETA, EXA };
-static char scale_chars[] = "BKMGTPE";
-static long long scale_factors[] = {
+static const unit_type units[] = { NONE, KILO, MEGA, GIGA, TERA, PETA, EXA };
+static const char scale_chars[] = "BKMGTPE";
+static const long long scale_factors[] = {
 	1LL,
 	1024LL,
 	1024LL*1024,
@@ -153,10 +153,8 @@ scan_scaled(char *scaled, long long *result)
 		}
 	}
 
-	if (sign) {
+	if (sign)
 		whole *= sign;
-		fpart *= sign;
-	}
 
 	/* If no scale factor given, we're done. fraction is discarded. */
 	if (!*p) {
@@ -191,7 +189,8 @@ scan_scaled(char *scaled, long long *result)
 			/* truncate fpart so it doesn't overflow.
 			 * then scale fractional part.
 			 */
-			while (fpart >= LLONG_MAX / scale_fact) {
+			while (fpart >= LLONG_MAX / scale_fact ||
+			    fpart <= LLONG_MIN / scale_fact) {
 				fpart /= 10;
 				fract_digits--;
 			}
@@ -200,7 +199,10 @@ scan_scaled(char *scaled, long long *result)
 				for (i = 0; i < fract_digits -1; i++)
 					fpart /= 10;
 			}
-			whole += fpart;
+			if (sign == -1)
+				whole -= fpart;
+			else
+				whole += fpart;
 			*result = whole;
 			return 0;
 		}
@@ -222,12 +224,16 @@ fmt_scaled(long long number, char *result)
 	unsigned int i;
 	unit_type unit = NONE;
 
+	/* Not every negative long long has a positive representation. */
+	if (number == LLONG_MIN) {
+		errno = ERANGE;
+		return -1;
+	}
+
 	abval = llabs(number);
 
-	/* Not every negative long long has a positive representation.
-	 * Also check for numbers that are just too darned big to format
-	 */
-	if (abval < 0 || abval / 1024 >= scale_factors[SCALE_LENGTH-1]) {
+	/* Also check for numbers that are just too darned big to format. */
+	if (abval / 1024 >= scale_factors[SCALE_LENGTH-1]) {
 		errno = ERANGE;
 		return -1;
 	}

crypto/openssh/sandbox-seccomp-filter.c

@@ -276,6 +276,9 @@ static const struct sock_filter preauth_insns[] = {
 #ifdef __NR_ppoll
 	SC_ALLOW(__NR_ppoll),
 #endif
+#ifdef __NR_ppoll_time64
+	SC_ALLOW(__NR_ppoll_time64),
+#endif
 #ifdef __NR_poll
 	SC_ALLOW(__NR_poll),
 #endif

crypto/openssh/sshd.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: sshd.c,v 1.583 2022/02/01 07:57:32 dtucker Exp $ */
+/* $OpenBSD: sshd.c,v 1.584 2022/03/01 01:59:19 djm Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -1156,9 +1156,9 @@ static void
 server_accept_loop(int *sock_in, int *sock_out, int *newsock, int *config_s)
 {
 	struct pollfd *pfd = NULL;
-	int i, j, ret;
+	int i, j, ret, npfd;
 	int ostartups = -1, startups = 0, listening = 0, lameduck = 0;
-	int startup_p[2] = { -1 , -1 };
+	int startup_p[2] = { -1 , -1 }, *startup_pollfd;
 	char c = 0;
 	struct sockaddr_storage from;
 	socklen_t fromlen;
@@ -1174,6 +1174,7 @@ server_accept_loop(int *sock_in, int *sock_out, int *newsock, int *config_s)
 	/* pipes connected to unauthenticated child sshd processes */
 	startup_pipes = xcalloc(options.max_startups, sizeof(int));
 	startup_flags = xcalloc(options.max_startups, sizeof(int));
+	startup_pollfd = xcalloc(options.max_startups, sizeof(int));
 	for (i = 0; i < options.max_startups; i++)
 		startup_pipes[i] = -1;
 
@@ -1189,6 +1190,7 @@ server_accept_loop(int *sock_in, int *sock_out, int *newsock, int *config_s)
 	sigaddset(&nsigset, SIGTERM);
 	sigaddset(&nsigset, SIGQUIT);
 
+	/* sized for worst-case */
 	pfd = xcalloc(num_listen_socks + options.max_startups,
 	    sizeof(struct pollfd));
 
@@ -1228,24 +1230,31 @@ server_accept_loop(int *sock_in, int *sock_out, int *newsock, int *config_s)
 			pfd[i].fd = listen_socks[i];
 			pfd[i].events = POLLIN;
 		}
+		npfd = num_listen_socks;
 		for (i = 0; i < options.max_startups; i++) {
-			pfd[num_listen_socks+i].fd = startup_pipes[i];
-			if (startup_pipes[i] != -1)
-				pfd[num_listen_socks+i].events = POLLIN;
+			startup_pollfd[i] = -1;
+			if (startup_pipes[i] != -1) {
+				pfd[npfd].fd = startup_pipes[i];
+				pfd[npfd].events = POLLIN;
+				startup_pollfd[i] = npfd++;
+			}
 		}
 
 		/* Wait until a connection arrives or a child exits. */
-		ret = ppoll(pfd, num_listen_socks + options.max_startups,
-		    NULL, &osigset);
-		if (ret == -1 && errno != EINTR)
+		ret = ppoll(pfd, npfd, NULL, &osigset);
+		if (ret == -1 && errno != EINTR) {
 			error("ppoll: %.100s", strerror(errno));
+			if (errno == EINVAL)
+				cleanup_exit(1); /* can't recover */
+		}
 		sigprocmask(SIG_SETMASK, &osigset, NULL);
 		if (ret == -1)
 			continue;
 
 		for (i = 0; i < options.max_startups; i++) {
 			if (startup_pipes[i] == -1 ||
-			    !(pfd[num_listen_socks+i].revents & (POLLIN|POLLHUP)))
+			    startup_pollfd[i] == -1 ||
+			    !(pfd[startup_pollfd[i]].revents & (POLLIN|POLLHUP)))
 				continue;
 			switch (read(startup_pipes[i], &c, sizeof(c))) {
 			case -1: