upstream commit

revise keys/principals command hang fix (bz#2655) to
consume entire output, avoiding sending SIGPIPE to subprocesses early; ok
dtucker@

Upstream-ID: 7cb04b31a61f8c78c4e48ceededcd2fd5c4ee1bc

1 files changed, 12 insertions, 5 deletions

diff --git a/auth2-pubkey.c b/auth2-pubkey.c
index 70c021589..3e5706f4d 100644
--- a/auth2-pubkey.c
+++ b/auth2-pubkey.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: auth2-pubkey.c,v 1.61 2016/12/30 22:08:02 djm Exp $ */
+/* $OpenBSD: auth2-pubkey.c,v 1.62 2017/01/30 01:03:00 djm Exp $ */
 /*
  * Copyright (c) 2000 Markus Friedl.  All rights reserved.
  *
@@ -564,9 +564,12 @@ process_principals(FILE *f, char *file, struct passwd *pw,
 {
 	char line[SSH_MAX_PUBKEY_BYTES], *cp, *ep, *line_opts;
 	u_long linenum = 0;
-	u_int i;
+	u_int i, found_principal = 0;
 
 	while (read_keyfile_line(f, file, line, sizeof(line), &linenum) != -1) {
+		/* Always consume entire input */
+		if (found_principal)
+			continue;
 		/* Skip leading whitespace. */
 		for (cp = line; *cp == ' ' || *cp == '\t'; cp++)
 			;
@@ -599,11 +602,12 @@ process_principals(FILE *f, char *file, struct passwd *pw,
 				if (auth_parse_options(pw, line_opts,
 				    file, linenum) != 1)
 					continue;
-				return 1;
+				found_principal = 1;
+				continue;
 			}
 		}
 	}
-	return 0;
+	return found_principal;
 }
 
 static int
@@ -771,6 +775,9 @@ check_authkeys_file(FILE *f, char *file, Key* key, struct passwd *pw)
 		char *cp, *key_options = NULL, *fp = NULL;
 		const char *reason = NULL;
 
+		/* Always consume entrire file */
+		if (found_key)
+			continue;
 		if (found != NULL)
 			key_free(found);
 		found = key_new(key_is_cert(key) ? KEY_UNSPEC : key->type);
@@ -857,7 +864,7 @@ check_authkeys_file(FILE *f, char *file, Key* key, struct passwd *pw)
 			    file, linenum, key_type(found), fp);
 			free(fp);
 			found_key = 1;
-			break;
+			continue;
 		}
 	}
 	if (found != NULL)