Attachment #3142 for bug #2576




}

static void
after_poll(struct pollfd *pfd, size_t npfd, u_int maxfds)
{
	size_t i;
	u_int socknum, activefds = npfd;

	for (i = 0; i < npfd; i++) {
		if (pfd[i].revents == 0)

		/* Process events */
		switch (sockets[socknum].type) {
		case AUTH_SOCKET:
			if ((pfd[i].revents & (POLLIN|POLLERR)) == 0)
				break;
			if (npfd > maxfds) {
				debug3("out of fds (active %u >= limit %u); "
				    "skipping accept", activefds, maxfds);
				break;
			}
			if (handle_socket_read(socknum) == 0)
				activefds++;
			break;
		case AUTH_CONNECTION:
			if ((pfd[i].revents & (POLLIN|POLLERR)) != 0 &&
			    handle_conn_read(socknum) != 0) {
				goto close_sock;
				break;
			}
			if ((pfd[i].revents & (POLLOUT|POLLHUP)) != 0 &&
			    handle_conn_write(socknum) != 0) {
 close_sock:
				if (activefds == 0)
					fatal("activefds == 0 at close_sock");
				close_socket(&sockets[socknum]);
				activefds--;
				break;
			}
			break;
		default:
			break;

}

static int
prepare_poll(struct pollfd **pfdp, size_t *npfdp, int *timeoutp, u_int maxfds)
{
	struct pollfd *pfd = *pfdp;
	size_t i, j, npfd = 0;

	for (i = j = 0; i < sockets_alloc; i++) {
		switch (sockets[i].type) {
		case AUTH_SOCKET:
			if (npfd > maxfds) {
				debug3("out of fds (active %zu >= limit %u); "
				    "skipping arming listener", npfd, maxfds);
				break;
			}
			pfd[j].fd = sockets[i].fd;
			pfd[j].revents = 0;
			pfd[j].events = POLLIN;
			j++;
			break;
		case AUTH_CONNECTION:
			pfd[j].fd = sockets[i].fd;
			pfd[j].revents = 0;

	int timeout = -1; /* INFTIM */
	struct pollfd *pfd = NULL;
	size_t npfd = 0;
	u_int maxfds;

	ssh_malloc_init();	/* must be called before any mallocs */
	/* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */

	setegid(getgid());
	setgid(getgid());

	if (getrlimit(RLIMIT_NOFILE, &rlim) == -1)
		fatal("%s: getrlimit: %s", __progname, strerror(errno));

#ifdef WITH_OPENSSL
	OpenSSL_add_all_algorithms();
#endif

		printf("echo Agent pid %ld killed;\n", (long)pid);
		exit(0);
	}

	/*
	 * Minimum file descriptors:
	 * stdio (3) + listener (1) + syslog (1 maybe) + connection (1).
	 */
	if (rlim.rlim_cur < (3+1+1+1))
		fatal("%s: file descriptior rlimit %lld too low",
		    __progname, (long long)rlim.rlim_cur);
	maxfds = rlim.rlim_cur - (3+1+1);

	parent_pid = getpid();

	if (agentsocket == NULL) {

		fatal("%s: pledge: %s", __progname, strerror(errno));

	while (1) {
		prepare_poll(&pfd, &npfd, &timeout, maxfds);
		result = poll(pfd, npfd, timeout);
		saved_errno = errno;
		if (parent_alive_interval != 0)

				continue;
			fatal("poll: %s", strerror(saved_errno));
		} else if (result > 0)
			after_poll(pfd, npfd, maxfds);
	}
	/* NOTREACHED */
}

Return to bug 2576

Lines 871-880 handle_conn_write(u_int socknum) Link Here

(-)a/ssh-agent.c (-10 / +46 lines)
871	}	871	}
872		872
873	static void	873	static void
874	after_poll(struct pollfd *pfd, size_t npfd)	874	after_poll(struct pollfd *pfd, size_t npfd, u_int maxfds)
875	{	875	{
876	size_t i;	876	size_t i;
877	u_int socknum;	877	u_int socknum, activefds = npfd;
878		878
879	for (i = 0; i < npfd; i++) {	879	for (i = 0; i < npfd; i++) {
880	if (pfd[i].revents == 0)	880	if (pfd[i].revents == 0)
Lines 894-911 after_poll(struct pollfd *pfd, size_t npfd) Link Here
894	/* Process events */	894	/* Process events */
895	switch (sockets[socknum].type) {	895	switch (sockets[socknum].type) {
896	case AUTH_SOCKET:	896	case AUTH_SOCKET:
897	if ((pfd[i].revents & (POLLIN\|POLLERR)) != 0)	897	if ((pfd[i].revents & (POLLIN\|POLLERR)) == 0)
898	handle_socket_read(socknum);	898	break;
		899	if (npfd > maxfds) {
		900	debug3("out of fds (active %u >= limit %u); "
		901	"skipping accept", activefds, maxfds);
		902	break;
		903	}
		904	if (handle_socket_read(socknum) == 0)
		905	activefds++;
899	break;	906	break;
900	case AUTH_CONNECTION:	907	case AUTH_CONNECTION:
901	if ((pfd[i].revents & (POLLIN\|POLLERR)) != 0 &&	908	if ((pfd[i].revents & (POLLIN\|POLLERR)) != 0 &&
902	handle_conn_read(socknum) != 0) {	909	handle_conn_read(socknum) != 0) {
903	close_socket(&sockets[socknum]);	910	goto close_sock;
904	break;
905	}	911	}
906	if ((pfd[i].revents & (POLLOUT\|POLLHUP)) != 0 &&	912	if ((pfd[i].revents & (POLLOUT\|POLLHUP)) != 0 &&
907	handle_conn_write(socknum) != 0)	913	handle_conn_write(socknum) != 0) {
		914	close_sock:
		915	if (activefds == 0)
		916	fatal("activefds == 0 at close_sock");
908	close_socket(&sockets[socknum]);	917	close_socket(&sockets[socknum]);
		918	activefds--;
		919	break;
		920	}
909	break;	921	break;
910	default:	922	default:
911	break;	923	break;
Lines 914-920 after_poll(struct pollfd *pfd, size_t npfd) Link Here
914	}	926	}
915		927
916	static int	928	static int
917	prepare_poll(struct pollfd *pfdp, size_t npfdp, int *timeoutp)	929	prepare_poll(struct pollfd *pfdp, size_t npfdp, int *timeoutp, u_int maxfds)
918	{	930	{
919	struct pollfd pfd = pfdp;	931	struct pollfd pfd = pfdp;
920	size_t i, j, npfd = 0;	932	size_t i, j, npfd = 0;
Lines 943-948 prepare_poll(struct pollfd *pfdp, size_t npfdp, int *timeoutp) Link Here
943	for (i = j = 0; i < sockets_alloc; i++) {	955	for (i = j = 0; i < sockets_alloc; i++) {
944	switch (sockets[i].type) {	956	switch (sockets[i].type) {
945	case AUTH_SOCKET:	957	case AUTH_SOCKET:
		958	if (npfd > maxfds) {
		959	debug3("out of fds (active %zu >= limit %u); "
		960	"skipping arming listener", npfd, maxfds);
		961	break;
		962	}
		963	pfd[j].fd = sockets[i].fd;
		964	pfd[j].revents = 0;
		965	pfd[j].events = POLLIN;
		966	j++;
		967	break;
946	case AUTH_CONNECTION:	968	case AUTH_CONNECTION:
947	pfd[j].fd = sockets[i].fd;	969	pfd[j].fd = sockets[i].fd;
948	pfd[j].revents = 0;	970	pfd[j].revents = 0;
Lines 1041-1046 main(int ac, char **av) Link Here
1041	int timeout = -1; /* INFTIM */	1063	int timeout = -1; /* INFTIM */
1042	struct pollfd *pfd = NULL;	1064	struct pollfd *pfd = NULL;
1043	size_t npfd = 0;	1065	size_t npfd = 0;
		1066	u_int maxfds;
1044		1067
1045	ssh_malloc_init(); /* must be called before any mallocs */	1068	ssh_malloc_init(); /* must be called before any mallocs */
1046	/* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */	1069	/* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */
Lines 1050-1055 main(int ac, char **av) Link Here
1050	setegid(getgid());	1073	setegid(getgid());
1051	setgid(getgid());	1074	setgid(getgid());
1052		1075
		1076	if (getrlimit(RLIMIT_NOFILE, &rlim) == -1)
		1077	fatal("%s: getrlimit: %s", __progname, strerror(errno));
		1078
1053	#ifdef WITH_OPENSSL	1079	#ifdef WITH_OPENSSL
1054	OpenSSL_add_all_algorithms();	1080	OpenSSL_add_all_algorithms();
1055	#endif	1081	#endif
Lines 1143-1148 main(int ac, char **av) Link Here
1143	printf("echo Agent pid %ld killed;\n", (long)pid);	1169	printf("echo Agent pid %ld killed;\n", (long)pid);
1144	exit(0);	1170	exit(0);
1145	}	1171	}
		1172
		1173	/*
		1174	* Minimum file descriptors:
		1175	* stdio (3) + listener (1) + syslog (1 maybe) + connection (1).
		1176	*/
		1177	if (rlim.rlim_cur < (3+1+1+1))
		1178	fatal("%s: file descriptior rlimit %lld too low",
		1179	__progname, (long long)rlim.rlim_cur);
		1180	maxfds = rlim.rlim_cur - (3+1+1);
		1181
1146	parent_pid = getpid();	1182	parent_pid = getpid();
1147		1183
1148	if (agentsocket == NULL) {	1184	if (agentsocket == NULL) {
Lines 1259-1265 skip: Link Here
1259	fatal("%s: pledge: %s", __progname, strerror(errno));	1295	fatal("%s: pledge: %s", __progname, strerror(errno));
1260		1296
1261	while (1) {	1297	while (1) {
1262	prepare_poll(&pfd, &npfd, &timeout);	1298	prepare_poll(&pfd, &npfd, &timeout, maxfds);
1263	result = poll(pfd, npfd, timeout);	1299	result = poll(pfd, npfd, timeout);
1264	saved_errno = errno;	1300	saved_errno = errno;
1265	if (parent_alive_interval != 0)	1301	if (parent_alive_interval != 0)
Lines 1270-1276 skip: Link Here
1270	continue;	1306	continue;
1271	fatal("poll: %s", strerror(saved_errno));	1307	fatal("poll: %s", strerror(saved_errno));
1272	} else if (result > 0)	1308	} else if (result > 0)
1273	after_poll(pfd, npfd);	1309	after_poll(pfd, npfd, maxfds);
1274	}	1310	}
1275	/* NOTREACHED */	1311	/* NOTREACHED */
1276	}	1312	}