Fix two signal races in sshd pre-auth #289
Closed
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
grace_alarm_handler is used as a SIGALRM handler in sshd. It will kill
pmonitor->m_pid, which is meant to be a child of a fork done by sshd,
and then exit.
The first signal race could have caused the SIGALRM handler to be
called before we save the pid from the fork in pmonitor->m_pid. In this
case we would not have killed our child before exiting.
The second signal race could have caused the SIGALRM handler to be
called while waiting for a blocking waitpid or right after that, before
clearing pmonitor->m_pid. In this case we would potentially have killed
a foreign process, that reused this pid.
Shoutout to @c3h2-ctf and @stoeckmann