1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
|
From: Matt Johnston <matt@ucc.asn.au>
Date: Wed, 8 Jun 2022 21:26:20 +0800
Subject: Fix MAX_UNAUTH_CLIENTS regression
Since re-exec change in 2022.82 Dropbear count
treat authenticated sessions towards the unauthenticated
session limit. This is fixed by passing the childpipe FD
through to the re-execed process.
---
runopts.h | 5 +++--
svr-main.c | 21 +++++++++++----------
svr-runopts.c | 15 ++++++++++++---
3 files changed, 26 insertions(+), 15 deletions(-)
--- a/runopts.h
+++ b/runopts.h
@@ -79,8 +79,9 @@ typedef struct svr_runopts {
char *addresses[DROPBEAR_MAX_PORTS];
int inetdmode;
- /* Hidden "-2" flag indicates it's re-executing itself */
- int reexec_child;
+ /* Hidden "-2 childpipe_fd" flag indicates it's re-executing itself,
+ stores the childpipe preauth file descriptor. Set to -1 otherwise. */
+ int reexec_childpipe;
/* Flags indicating whether to use ipv4 and ipv6 */
/* not used yet
--- a/svr-main.c
+++ b/svr-main.c
@@ -71,7 +71,7 @@ int main(int argc, char ** argv)
#endif
#if DROPBEAR_DO_REEXEC
- if (svr_opts.reexec_child) {
+ if (svr_opts.reexec_childpipe >= 0) {
#ifdef PR_SET_NAME
/* Fix the "Name:" in /proc/pid/status, otherwise it's
a FD number from fexecve.
@@ -102,7 +102,7 @@ static void main_inetd() {
seedrandom();
- if (!svr_opts.reexec_child) {
+ if (svr_opts.reexec_childpipe < 0) {
/* In case our inetd was lax in logging source addresses */
get_socket_address(0, NULL, NULL, &host, &port, 0);
dropbear_log(LOG_INFO, "Child connection from %s:%s", host, port);
@@ -115,10 +115,8 @@ static void main_inetd() {
setsid();
}
- /* Start service program
- * -1 is a dummy childpipe, just something we can close() without
- * mattering. */
- svr_session(0, -1);
+ /* -1 for childpipe in the inetd case is discarded */
+ svr_session(0, svr_opts.reexec_childpipe);
/* notreached */
}
@@ -347,9 +345,10 @@ static void main_noinetd(int argc, char
if (execfd >= 0) {
#if DROPBEAR_DO_REEXEC
- /* Add "-2" to the args and re-execute ourself. */
- char **new_argv = m_malloc(sizeof(char*) * (argc+3));
- int pos0 = 0, new_argc = argc+1;
+ /* Add "-2 childpipe[1]" to the args and re-execute ourself. */
+ char **new_argv = m_malloc(sizeof(char*) * (argc+4));
+ char buf[10];
+ int pos0 = 0, new_argc = argc+2;
/* We need to specially handle "dropbearmulti dropbear". */
if (multipath) {
@@ -359,7 +358,9 @@ static void main_noinetd(int argc, char
}
memcpy(&new_argv[pos0], argv, sizeof(char*) * argc);
- new_argv[new_argc-1] = "-2";
+ new_argv[new_argc-2] = "-2";
+ snprintf(buf, sizeof(buf), "%d", childpipe[1]);
+ new_argv[new_argc-1] = buf;
new_argv[new_argc] = NULL;
if ((dup2(childsock, STDIN_FILENO) < 0)) {
--- a/svr-runopts.c
+++ b/svr-runopts.c
@@ -138,6 +138,7 @@ void svr_getopts(int argc, char ** argv)
char* keepalive_arg = NULL;
char* idle_timeout_arg = NULL;
char* maxauthtries_arg = NULL;
+ char* reexec_fd_arg = NULL;
char* keyfile = NULL;
char c;
#if DROPBEAR_PLUGIN
@@ -175,6 +176,7 @@ void svr_getopts(int argc, char ** argv)
svr_opts.pubkey_plugin_options = NULL;
#endif
svr_opts.pass_on_env = 0;
+ svr_opts.reexec_childpipe = -1;
#ifndef DISABLE_ZLIB
opts.compress_mode = DROPBEAR_COMPRESS_DELAYED;
@@ -250,12 +252,12 @@ void svr_getopts(int argc, char ** argv)
#if DROPBEAR_DO_REEXEC && NON_INETD_MODE
/* For internal use by re-exec */
case '2':
- svr_opts.reexec_child = 1;
+ next = &reexec_fd_arg;
break;
#endif
case 'p':
- nextisport = 1;
- break;
+ nextisport = 1;
+ break;
case 'P':
next = &svr_opts.pidfile;
break;
@@ -426,6 +428,13 @@ void svr_getopts(int argc, char ** argv)
dropbear_log(LOG_INFO, "Forced command set to '%s'", svr_opts.forced_command);
}
+ if (reexec_fd_arg) {
+ if (m_str_to_uint(reexec_fd_arg, &svr_opts.reexec_childpipe) == DROPBEAR_FAILURE
+ || svr_opts.reexec_childpipe < 0) {
+ dropbear_exit("Bad -2");
+ }
+ }
+
#if INETD_MODE
if (svr_opts.inetdmode && (
opts.usingsyslog == 0
|
