diff options
| author | djm@openbsd.org <djm@openbsd.org> | 2018-11-16 07:17:38 +0100 |
|---|---|---|
| committer | Damien Miller <djm@mindrot.org> | 2018-11-16 07:18:29 +0100 |
| commit | ccef7c4faf914993b53035cd2b25ce02ab039c9d (patch) | |
| tree | 15fd42720b91c50da4cd09c27956356d7a7562d7 /sshconnect.c | |
| parent | upstream: make grandparent-parent-child sshbuf chains robust to (diff) | |
| download | openssh-ccef7c4faf914993b53035cd2b25ce02ab039c9d.tar.xz openssh-ccef7c4faf914993b53035cd2b25ce02ab039c9d.zip | |
upstream: redirect stderr of ProxyCommands to /dev/null when ssh is
started with ControlPersist; based on patch from Steffen Prohaska
OpenBSD-Commit-ID: 1bcaa14a03ae80369d31021271ec75dce2597957
Diffstat (limited to 'sshconnect.c')
| -rw-r--r-- | sshconnect.c | 37 |
1 files changed, 32 insertions, 5 deletions
diff --git a/sshconnect.c b/sshconnect.c index 52c328111..a700f467f 100644 --- a/sshconnect.c +++ b/sshconnect.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshconnect.c,v 1.306 2018/10/15 11:28:50 florian Exp $ */ +/* $OpenBSD: sshconnect.c,v 1.307 2018/11/16 06:17:38 djm Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -78,6 +78,7 @@ static int matching_host_key_dns = 0; static pid_t proxy_command_pid = 0; /* import */ +extern int debug_flag; extern Options options; extern char *__progname; @@ -99,6 +100,24 @@ expand_proxy_command(const char *proxy_command, const char *user, return ret; } +static void +stderr_null(void) +{ + int devnull; + + if ((devnull = open(_PATH_DEVNULL, O_WRONLY)) == -1) { + error("Can't open %s for stderr redirection: %s", + _PATH_DEVNULL, strerror(errno)); + return; + } + if (devnull == STDERR_FILENO) + return; + if (dup2(devnull, STDERR_FILENO) == -1) + error("Cannot redirect stderr to %s", _PATH_DEVNULL); + if (devnull > STDERR_FILENO) + close(devnull); +} + /* * Connect to the given ssh server using a proxy command that passes a * a connected fd back to us. @@ -141,9 +160,12 @@ ssh_proxy_fdpass_connect(struct ssh *ssh, const char *host, u_short port, close(sp[0]); /* - * Stderr is left as it is so that error messages get - * printed on the user's terminal. + * Stderr is left for non-ControlPersist connections is so + * error messages may be printed on the user's terminal. */ + if (debug_flag || !options.control_persist) + stderr_null(); + argv[0] = shell; argv[1] = "-c"; argv[2] = command_string; @@ -219,8 +241,13 @@ ssh_proxy_connect(struct ssh *ssh, const char *host, u_short port, /* Cannot be 1 because pin allocated two descriptors. */ close(pout[1]); - /* Stderr is left as it is so that error messages get - printed on the user's terminal. */ + /* + * Stderr is left for non-ControlPersist connections is so + * error messages may be printed on the user's terminal. + */ + if (debug_flag || !options.control_persist) + stderr_null(); + argv[0] = shell; argv[1] = "-c"; argv[2] = command_string; |