CID 1309355: check error return from closefrom(3) where appropriate.

crypto/external/bsd/openssh/dist/auth2-pubkey.c

@@ -1,4 +1,4 @@
-/*	$NetBSD: auth2-pubkey.c,v 1.12 2015/07/03 00:59:59 christos Exp $	*/
+/*	$NetBSD: auth2-pubkey.c,v 1.13 2015/07/06 15:09:17 christos Exp $	*/
 /* $OpenBSD: auth2-pubkey.c,v 1.53 2015/06/15 18:44:22 jsing Exp $ */
 /*
  * Copyright (c) 2000 Markus Friedl.  All rights reserved.
@@ -25,7 +25,7 @@
  */
 
 #include "includes.h"
-__RCSID("$NetBSD: auth2-pubkey.c,v 1.12 2015/07/03 00:59:59 christos Exp $");
+__RCSID("$NetBSD: auth2-pubkey.c,v 1.13 2015/07/06 15:09:17 christos Exp $");
 #include <sys/types.h>
 #include <sys/stat.h>
 #include <sys/wait.h>
@@ -474,7 +474,10 @@ subprocess(const char *tag, struct passwd *pw, const char *command,
 			error("%s: dup2: %s", tag, strerror(errno));
 			_exit(1);
 		}
-		closefrom(STDERR_FILENO + 1);
+		if (closefrom(STDERR_FILENO + 1) == -1) {
+			error("closefrom: %s", strerror(errno));
+			_exit(1);
+		}
 
 		/* Don't use permanently_set_uid() here to avoid fatal() */
 		if (setgid(pw->pw_gid) == -1) {

crypto/external/bsd/openssh/dist/readconf.c

@@ -1,4 +1,4 @@
-/*	$NetBSD: readconf.c,v 1.14 2015/07/03 01:00:00 christos Exp $	*/
+/*	$NetBSD: readconf.c,v 1.15 2015/07/06 15:09:17 christos Exp $	*/
 /* $OpenBSD: readconf.c,v 1.237 2015/06/26 05:13:20 djm Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -14,7 +14,7 @@
  */
 
 #include "includes.h"
-__RCSID("$NetBSD: readconf.c,v 1.14 2015/07/03 01:00:00 christos Exp $");
+__RCSID("$NetBSD: readconf.c,v 1.15 2015/07/06 15:09:17 christos Exp $");
 #include <sys/types.h>
 #include <sys/stat.h>
 #include <sys/socket.h>
@@ -467,7 +467,8 @@ execute_in_shell(const char *cmd)
 			fatal("dup2: %s", strerror(errno));
 		if (devnull > STDERR_FILENO)
 			close(devnull);
-		closefrom(STDERR_FILENO + 1);
+		if (closefrom(STDERR_FILENO + 1) == -1)
+			fatal("closefrom: %s", strerror(errno));
 
 		argv[0] = __UNCONST(shell);
 		argv[1] = __UNCONST("-c");

crypto/external/bsd/openssh/dist/session.c

@@ -1,4 +1,4 @@
-/*	$NetBSD: session.c,v 1.15 2015/07/03 01:00:00 christos Exp $	*/
+/*	$NetBSD: session.c,v 1.16 2015/07/06 15:09:17 christos Exp $	*/
 /* $OpenBSD: session.c,v 1.278 2015/04/24 01:36:00 deraadt Exp $ */
 /*
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -35,7 +35,7 @@
  */
 
 #include "includes.h"
-__RCSID("$NetBSD: session.c,v 1.15 2015/07/03 01:00:00 christos Exp $");
+__RCSID("$NetBSD: session.c,v 1.16 2015/07/06 15:09:17 christos Exp $");
 #include <sys/types.h>
 #include <sys/wait.h>
 #include <sys/un.h>
@@ -1557,7 +1557,7 @@ child_close_fds(void)
 	 * initgroups, because at least on Solaris 2.3 it leaves file
 	 * descriptors open.
 	 */
-	closefrom(STDERR_FILENO + 1);
+	(void)closefrom(STDERR_FILENO + 1);
 }
 
 /*
@@ -1688,7 +1688,7 @@ do_child(Session *s, const char *command)
 			exit(1);
 	}
 
-	closefrom(STDERR_FILENO + 1);
+	(void)closefrom(STDERR_FILENO + 1);
 
 	if (!options.use_login)
 		do_rc_files(s, shell);

crypto/external/bsd/openssh/dist/ssh.c

@@ -1,4 +1,4 @@
-/*	$NetBSD: ssh.c,v 1.17 2015/07/03 01:00:00 christos Exp $	*/
+/*	$NetBSD: ssh.c,v 1.18 2015/07/06 15:09:17 christos Exp $	*/
 /* $OpenBSD: ssh.c,v 1.418 2015/05/04 06:10:48 djm Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -42,7 +42,7 @@
  */
 
 #include "includes.h"
-__RCSID("$NetBSD: ssh.c,v 1.17 2015/07/03 01:00:00 christos Exp $");
+__RCSID("$NetBSD: ssh.c,v 1.18 2015/07/06 15:09:17 christos Exp $");
 #include <sys/types.h>
 #include <sys/param.h>
 #include <sys/ioctl.h>
@@ -515,7 +515,8 @@ main(int ac, char **av)
 	 * Discard other fds that are hanging around. These can cause problem
 	 * with backgrounded ssh processes started by ControlPersist.
 	 */
-	closefrom(STDERR_FILENO + 1);
+	if (closefrom(STDERR_FILENO + 1) == -1)
+		fatal("closefrom failed: %.100s", strerror(errno));
 
 	/*
 	 * Save the original real uid.  It will be needed later (uid-swapping

crypto/external/bsd/openssh/dist/sshconnect2.c

@@ -1,4 +1,4 @@
-/*	$NetBSD: sshconnect2.c,v 1.20 2015/07/03 01:00:00 christos Exp $	*/
+/*	$NetBSD: sshconnect2.c,v 1.21 2015/07/06 15:09:17 christos Exp $	*/
 /* $OpenBSD: sshconnect2.c,v 1.224 2015/05/04 06:10:48 djm Exp $ */
 /*
  * Copyright (c) 2000 Markus Friedl.  All rights reserved.
@@ -26,7 +26,7 @@
  */
 
 #include "includes.h"
-__RCSID("$NetBSD: sshconnect2.c,v 1.20 2015/07/03 01:00:00 christos Exp $");
+__RCSID("$NetBSD: sshconnect2.c,v 1.21 2015/07/06 15:09:17 christos Exp $");
 #include <sys/types.h>
 #include <sys/socket.h>
 #include <sys/wait.h>
@@ -1543,7 +1543,8 @@ ssh_keysign(struct sshkey *key, u_char **sigp, size_t *lenp,
 		/* Close everything but stdio and the socket */
 		for (i = STDERR_FILENO + 1; i < sock; i++)
 			close(i);
-		closefrom(sock + 1);
+		if (closefrom(sock + 1) < 0)
+			fatal("%s: closefrom: %s", __func__, strerror(errno));
 		debug3("%s: [child] pid=%ld, exec %s",
 		    __func__, (long)getpid(), _PATH_SSH_KEY_SIGN);
 		execl(_PATH_SSH_KEY_SIGN, _PATH_SSH_KEY_SIGN, (char *) 0);

crypto/external/bsd/openssh/dist/sshd.c

@@ -1,4 +1,4 @@
-/*	$NetBSD: sshd.c,v 1.19 2015/07/03 01:00:00 christos Exp $	*/
+/*	$NetBSD: sshd.c,v 1.20 2015/07/06 15:09:17 christos Exp $	*/
 /* $OpenBSD: sshd.c,v 1.450 2015/05/24 23:39:16 djm Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -44,7 +44,7 @@
  */
 
 #include "includes.h"
-__RCSID("$NetBSD: sshd.c,v 1.19 2015/07/03 01:00:00 christos Exp $");
+__RCSID("$NetBSD: sshd.c,v 1.20 2015/07/06 15:09:17 christos Exp $");
 #include <sys/types.h>
 #include <sys/param.h>
 #include <sys/ioctl.h>
@@ -1572,9 +1572,11 @@ main(int ac, char **av)
 	if (!test_flag && (rexec_flag && (av[0] == NULL || *av[0] != '/')))
 		fatal("sshd re-exec requires execution with an absolute path");
 	if (rexeced_flag)
-		closefrom(REEXEC_MIN_FREE_FD);
+		r = closefrom(REEXEC_MIN_FREE_FD);
 	else
-		closefrom(REEXEC_DEVCRYPTO_RESERVED_FD);
+		r = closefrom(REEXEC_DEVCRYPTO_RESERVED_FD);
+	if (r == -1)
+		fatal("closefrom failed: %.200s", strerror(errno));
 
 #ifdef WITH_OPENSSL
 	OpenSSL_add_all_algorithms();