upstream: Clear signal mask early in main(); sshd may have been

started with one or more signals masked (sigprocmask(2) is not cleared on fork/exec) and this could interfere with various things, e.g. the login grace timer. Execution environments that fail to clear the signal mask before running sshd are clearly broken, but apparently they do exist. Reported by Sreedhar Balasubramanian; ok dtucker@ OpenBSD-Commit-ID: 77078c0b1c53c780269fc0c416f121d05e3010ae
kuchaguangjie · Jan 3, 2023 · 93f2ce8 · 93f2ce8
1 parent 4acfaab
commit 93f2ce8
Showing 1 changed file with 5 additions and 1 deletion.
diff --git a/sshd.c b/sshd.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sshd.c,v 1.593 2022/12/04 23:50:49 cheloha Exp $ */
+/* $OpenBSD: sshd.c,v 1.594 2022/12/16 06:56:47 djm Exp $ */
 /*
  * Author: Tatu Ylonen <[email protected]>
  * Copyright (c) 1995 Tatu Ylonen <[email protected]>, Espoo, Finland
@@ -1546,12 +1546,16 @@ main(int ac, char **av)
 	int keytype;
 	Authctxt *authctxt;
 	struct connection_info *connection_info = NULL;
+	sigset_t sigmask;
 
 #ifdef HAVE_SECUREWARE
 	(void)set_auth_parameters(ac, av);
 #endif
 	__progname = ssh_get_progname(av[0]);
 
+	sigemptyset(&sigmask);
+	sigprocmask(SIG_SETMASK, &sigmask, NULL);
+
 	/* Save argv. Duplicate so setproctitle emulation doesn't clobber it */
 	saved_argc = ac;
 	rexec_argc = ac;