d/freebsd-skq
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
18a2ccd22d
freebsd-skq/lib
History
Maxim Sobolev 18a2ccd22d Fix bug in the readpassphrase(3) function, which can be exposed 
by application closing its stdin (i.e. STDIN_FILENO) prior to
calling readpassphrase WITHOUT setting RPP_STDIN. What happens
then is that the readpassphrase would open /dev/tty, and since
file descriptors are reused, the call would return first unused
fd, which is 0 which is also STDIN_FILENO. Then due to the usage
of "input != STDIN_FILENO" in the code to do its logic, that
would result in noecho flags not set on that file descriptor,
which was original issue I've been trying to fix.

In addition to that, the readpassphrase() would leak file
descriptor on its way out, so fix that one as well.

This problem can be tested with:

 $ ssh-add - < /tmp/myprivate.key

The password will not be hidden as it should and ktrace will
show:

 53326 ssh-add  CALL  open(0x80142443c,0x100002<O_RDWR|O_CLOEXEC>,<unused>0x165f030)
 53326 ssh-add  NAMI  "/dev/tty"
 53326 ssh-add  RET   open 0
 53326 ssh-add  CALL  sigprocmask(SIG_SETMASK,0x802eb1324,0x7fffffffd5e0)
 53326 ssh-add  RET   sigprocmask 0
 53326 ssh-add  CALL  sigaction(SIGALRM,0x7fffffffd630,0x7fffffffd610)

Instead of:

 57690 ssh-add  CALL  open(0x80142443c,0x100002<O_RDWR|O_CLOEXEC>,<unused>0x165f030)
 57690 ssh-add  NAMI  "/dev/tty"
 57690 ssh-add  RET   open 4
 57690 ssh-add  CALL  ioctl(0x4,TIOCGETA,0x7fffffffd860)
 57690 ssh-add  RET   ioctl 0
 57690 ssh-add  CALL  ioctl(0x4,TIOCSETAF,0x7fffffffd680)
 57690 ssh-add  RET   ioctl 0
 57690 ssh-add  CALL  sigprocmask(SIG_SETMASK,0x802eb1324,0x7fffffffd620)
 57690 ssh-add  RET   sigprocmask 0
 57690 ssh-add  CALL  sigaction(SIGALRM,0x7fffffffd670,0x7fffffffd650)

For the case when the key is read from the file.

Technically this can also be workaround'ed at the application side
by not closing the STDIN_FILENO in the first place, but readpassphrase(3)
doesn't need to make any assumptions about that. Plus the file descriptor
leak confirms that this is an oversight, rather than a deliberate behaviour.

MFC after:	1 week
2016-01-24 22:20:13 +00:00
..
atf META MODE: Prefer INSTALL=tools/install.sh to lessen the need for xinstall.host. 2015-11-25 19:10:28 +00:00
clang Disable -mlong-calls for the clang libraries for now, it increases the 2016-01-21 12:59:54 +00:00
csu Remove the compat code to handle the kernel passing us an unalinged 2016-01-13 15:54:17 +00:00
lib80211 Minor spelling, mdoc and style cleanup. 2015-12-15 10:24:48 +00:00
libalias META MODE: Prefer INSTALL=tools/install.sh to lessen the need for xinstall.host. 2015-11-25 19:10:28 +00:00
libarchive Don't override LIB*DIR variables from src.libnames.mk. 2015-12-01 22:20:04 +00:00
libauditd Don't override LIB*DIR variables from src.libnames.mk. 2015-12-01 22:03:40 +00:00
libbegemot META MODE: Prefer INSTALL=tools/install.sh to lessen the need for xinstall.host. 2015-11-25 19:10:28 +00:00
libblocksruntime META MODE: Prefer INSTALL=tools/install.sh to lessen the need for xinstall.host. 2015-11-25 19:10:28 +00:00
libbluetooth META MODE: Prefer INSTALL=tools/install.sh to lessen the need for xinstall.host. 2015-11-25 19:10:28 +00:00
libbsdstat META MODE: Update dependencies with 'the-lot' and add missing directories. 2015-12-01 05:23:19 +00:00
libbsm Add au_notify.2 and MLINKs (added in OpenBSM 1.2 alpha 4). 2015-12-18 09:50:24 +00:00
libbsnmp META MODE: Prefer INSTALL=tools/install.sh to lessen the need for xinstall.host. 2015-11-25 19:10:28 +00:00
libbz2 META MODE: Prefer INSTALL=tools/install.sh to lessen the need for xinstall.host. 2015-11-25 19:10:28 +00:00
libc Fix bug in the readpassphrase(3) function, which can be exposed 2016-01-24 22:20:13 +00:00
libc_nonshared Add META_MODE support. 2015-06-13 19:20:56 +00:00
libc++ Set -mlong-calls where needed to get a static clang and lldb 3.8.0 2016-01-14 19:00:13 +00:00
libcalendar META MODE: Prefer INSTALL=tools/install.sh to lessen the need for xinstall.host. 2015-11-25 19:10:28 +00:00
libcam META MODE: Prefer INSTALL=tools/install.sh to lessen the need for xinstall.host. 2015-11-25 19:10:28 +00:00
libcapsicum META MODE: Prefer INSTALL=tools/install.sh to lessen the need for xinstall.host. 2015-11-25 19:10:28 +00:00
libcasper META MODE: Update dependencies with 'the-lot' and add missing directories. 2015-12-01 05:23:19 +00:00
libclang_rt Upgrade our copies of clang and llvm to 3.7.1 release. This is a 2015-12-25 21:39:45 +00:00
libcom_err META MODE: Prefer INSTALL=tools/install.sh to lessen the need for xinstall.host. 2015-11-25 19:10:28 +00:00
libcompat Add META_MODE support. 2015-06-13 19:20:56 +00:00
libcompiler_rt Merge ^/head r288197 through r288456. 2015-10-01 19:02:45 +00:00
libcrypt Replace sys/crypto/sha2/sha2.c with lib/libmd/sha512c.c 2015-12-27 17:33:59 +00:00
libcuse Make CUSE usable with platforms where the size of "unsigned long" is 2015-12-22 09:55:44 +00:00
libcxxrt META MODE: Prefer INSTALL=tools/install.sh to lessen the need for xinstall.host. 2015-11-25 19:10:28 +00:00
libdevctl META MODE: Update dependencies with 'the-lot' and add missing directories. 2015-12-01 05:23:19 +00:00
libdevinfo META MODE: Prefer INSTALL=tools/install.sh to lessen the need for xinstall.host. 2015-11-25 19:10:28 +00:00
libdevstat META MODE: Prefer INSTALL=tools/install.sh to lessen the need for xinstall.host. 2015-11-25 19:10:28 +00:00
libdpv Default to en_US.ISO8859-1 if no locale 2016-01-14 01:59:20 +00:00
libdwarf META MODE: Fix 'make bootstrap-tools'. 2015-11-25 19:44:51 +00:00
libedit META MODE: Prefer INSTALL=tools/install.sh to lessen the need for xinstall.host. 2015-11-25 19:10:28 +00:00
libefi use .Mt to mark up email addresses consistently (part3) 2014-06-23 08:23:05 +00:00
libelf Correct r291566 for defining SHLIBDIR. 2015-12-01 16:08:38 +00:00
libelftc Use MAN= to specify that no man page is provided 2016-01-22 21:33:27 +00:00
libevent META MODE: Update dependencies with 'the-lot' and add missing directories. 2015-12-01 05:23:19 +00:00
libexecinfo META MODE: Prefer INSTALL=tools/install.sh to lessen the need for xinstall.host. 2015-11-25 19:10:28 +00:00
libexpat META MODE: Prefer INSTALL=tools/install.sh to lessen the need for xinstall.host. 2015-11-25 19:10:28 +00:00
libfetch Test for /etc/ssl/cert.pem existence to avoid masking SSL_CA_CERT_PATH 2016-01-19 15:02:37 +00:00
libfigpar META MODE: Prefer INSTALL=tools/install.sh to lessen the need for xinstall.host. 2015-11-25 19:10:28 +00:00
libgeom META MODE: Prefer INSTALL=tools/install.sh to lessen the need for xinstall.host. 2015-11-25 19:10:28 +00:00
libgpio META MODE: Prefer INSTALL=tools/install.sh to lessen the need for xinstall.host. 2015-11-25 19:10:28 +00:00
libgssapi Fix a memory leak in gss_release_oid_set 2016-01-04 17:42:12 +00:00
libiconv_modules META MODE: Prefer INSTALL=tools/install.sh to lessen the need for xinstall.host. 2015-11-25 19:10:28 +00:00
libipsec META MODE: Prefer INSTALL=tools/install.sh to lessen the need for xinstall.host. 2015-11-25 19:10:28 +00:00
libjail META MODE: Prefer INSTALL=tools/install.sh to lessen the need for xinstall.host. 2015-11-25 19:10:28 +00:00
libkiconv META MODE: Prefer INSTALL=tools/install.sh to lessen the need for xinstall.host. 2015-11-25 19:10:28 +00:00
libkvm Add mmu format info into ARM vmcore. 2016-01-15 18:53:06 +00:00
libldns META MODE: Prefer INSTALL=tools/install.sh to lessen the need for xinstall.host. 2015-11-25 19:10:28 +00:00
liblzma META MODE: Fix 'make bootstrap-tools'. 2015-11-25 19:44:51 +00:00
libmagic META MODE: Prefer INSTALL=tools/install.sh to lessen the need for xinstall.host. 2015-11-25 19:10:28 +00:00
libmd Improvements to the MDXFileChunk() template function: 2016-01-14 21:08:23 +00:00
libmemstat META MODE: Prefer INSTALL=tools/install.sh to lessen the need for xinstall.host. 2015-11-25 19:10:28 +00:00
libmilter META MODE: Don't create .meta files when symlinking sources into the obj directory. 2015-11-25 19:44:43 +00:00
libmp META MODE: Prefer INSTALL=tools/install.sh to lessen the need for xinstall.host. 2015-11-25 19:10:28 +00:00
libmt META MODE: Prefer INSTALL=tools/install.sh to lessen the need for xinstall.host. 2015-11-25 19:10:28 +00:00
libnandfs META MODE: Connect MK_NAND directories. 2015-12-02 05:31:01 +00:00
libnetbsd Fix spelling error. 2015-11-05 01:54:38 +00:00
libnetgraph META MODE: Prefer INSTALL=tools/install.sh to lessen the need for xinstall.host. 2015-11-25 19:10:28 +00:00
libngatm META MODE: Prefer INSTALL=tools/install.sh to lessen the need for xinstall.host. 2015-11-25 19:10:28 +00:00
libnv Remove free'ing of an uninitialized variable 2016-01-04 03:34:22 +00:00
libopenbsd Remove NO_WERROR, after fix from r292023. 2015-12-09 19:25:45 +00:00
libopie META MODE: Prefer INSTALL=tools/install.sh to lessen the need for xinstall.host. 2015-11-25 19:10:28 +00:00
libpam Update for API changes in OpenSSH 6.8p1. 2016-01-20 00:26:50 +00:00
libpcap META MODE: Don't create .meta files when symlinking sources into the obj directory. 2015-11-25 19:44:43 +00:00
libpjdlog META MODE: Update dependencies with 'the-lot' and add missing directories. 2015-12-01 05:23:19 +00:00
libpmc Add support for Intel Skylake and Intel Broadwell PMC's. The Broadwell PMC's have been 2015-11-30 17:35:49 +00:00
libproc Add support for RISC-V ISA. 2016-01-24 12:10:29 +00:00
libprocstat META MODE: Prefer INSTALL=tools/install.sh to lessen the need for xinstall.host. 2015-11-25 19:10:28 +00:00
libradius META MODE: Prefer INSTALL=tools/install.sh to lessen the need for xinstall.host. 2015-11-25 19:10:28 +00:00
librpcsec_gss META MODE: Prefer INSTALL=tools/install.sh to lessen the need for xinstall.host. 2015-11-25 19:10:28 +00:00
librpcsvc META MODE: Prefer INSTALL=tools/install.sh to lessen the need for xinstall.host. 2015-11-25 19:10:28 +00:00
librt Unbreak symbol versioning. I have no idea when it was broken, but it's been 2015-11-29 06:14:51 +00:00
librtld_db META MODE: Rework circular dependency guard for librtld_db/libproc. 2015-11-25 19:13:35 +00:00
libsbuf META MODE: Prefer INSTALL=tools/install.sh to lessen the need for xinstall.host. 2015-11-25 19:10:28 +00:00
libsdp META MODE: Prefer INSTALL=tools/install.sh to lessen the need for xinstall.host. 2015-11-25 19:10:28 +00:00
libsm META MODE: Don't create .meta files when symlinking sources into the obj directory. 2015-11-25 19:44:43 +00:00
libsmb META MODE: Prefer INSTALL=tools/install.sh to lessen the need for xinstall.host. 2015-11-25 19:10:28 +00:00
libsmdb META MODE: Don't create .meta files when symlinking sources into the obj directory. 2015-11-25 19:44:43 +00:00
libsmutil META MODE: Don't create .meta files when symlinking sources into the obj directory. 2015-11-25 19:44:43 +00:00
libsqlite3 META MODE: Prefer INSTALL=tools/install.sh to lessen the need for xinstall.host. 2015-11-25 19:10:28 +00:00
libstand Bring in initial libc and libstand support for RISC-V. 2016-01-17 15:21:23 +00:00
libstdbuf META MODE: Prefer INSTALL=tools/install.sh to lessen the need for xinstall.host. 2015-11-25 19:10:28 +00:00
libstdthreads META MODE: Prefer INSTALL=tools/install.sh to lessen the need for xinstall.host. 2015-11-25 19:10:28 +00:00
libsysdecode Add in DIRDEPS_BUILD support. 2016-01-07 00:19:30 +00:00
libtacplus Add META_MODE support. 2015-06-13 19:20:56 +00:00
libtelnet Add META_MODE support. 2015-06-13 19:20:56 +00:00
libthr libthr: const-ify two variables 2016-01-13 22:34:55 +00:00
libthread_db META MODE: Prefer INSTALL=tools/install.sh to lessen the need for xinstall.host. 2015-11-25 19:10:28 +00:00
libucl META MODE: Prefer INSTALL=tools/install.sh to lessen the need for xinstall.host. 2015-11-25 19:10:28 +00:00
libufs META MODE: Prefer INSTALL=tools/install.sh to lessen the need for xinstall.host. 2015-11-25 19:10:28 +00:00
libugidfw META MODE: Prefer INSTALL=tools/install.sh to lessen the need for xinstall.host. 2015-11-25 19:10:28 +00:00
libulog META MODE: Prefer INSTALL=tools/install.sh to lessen the need for xinstall.host. 2015-11-25 19:10:28 +00:00
libunbound META MODE: Update dependencies with 'the-lot' and add missing directories. 2015-12-01 05:23:19 +00:00
libusb META MODE: Prefer INSTALL=tools/install.sh to lessen the need for xinstall.host. 2015-11-25 19:10:28 +00:00
libusbhid META MODE: Prefer INSTALL=tools/install.sh to lessen the need for xinstall.host. 2015-11-25 19:10:28 +00:00
libutil META MODE: Prefer INSTALL=tools/install.sh to lessen the need for xinstall.host. 2015-11-25 19:10:28 +00:00
libvgl META MODE: Prefer INSTALL=tools/install.sh to lessen the need for xinstall.host. 2015-11-25 19:10:28 +00:00
libvmmapi META MODE: Prefer INSTALL=tools/install.sh to lessen the need for xinstall.host. 2015-11-25 19:10:28 +00:00
libwrap Use LIBEXECDIR for /usr/libexec. 2015-11-26 01:14:40 +00:00
libxo META MODE: Prefer INSTALL=tools/install.sh to lessen the need for xinstall.host. 2015-11-25 19:10:28 +00:00
liby Add META_MODE support. 2015-06-13 19:20:56 +00:00
libypclnt META MODE: Prefer INSTALL=tools/install.sh to lessen the need for xinstall.host. 2015-11-25 19:10:28 +00:00
libz META MODE: Prefer INSTALL=tools/install.sh to lessen the need for xinstall.host. 2015-11-25 19:10:28 +00:00
msun Use j instead of a hardcoded index (9) and increment it after 2015-12-23 09:11:18 +00:00
ncurses META MODE: Prefer INSTALL=tools/install.sh to lessen the need for xinstall.host. 2015-11-25 19:10:28 +00:00
tests Refactor the test/ Makefiles after recent changes to bsd.test.mk (r289158) and 2015-10-12 08:16:03 +00:00
Makefile Make the building of libsmb and mount_smbfs unconditional, now that r292552 2015-12-21 17:41:08 +00:00
Makefile.inc