dropbear: svr-chansession.c comparison

Only redirect stderr after the session login. That lets errors get recorded on the server parent side, rather than being sent over a SSH connection.

comparison

equal deleted inserted replaced

-:ce17be95a42a
+:5c13e765ddbd
 		close(chansess->master);
 		pty_make_controlling_tty(&chansess->slave, chansess->tty);
 		if ((dup2(chansess->slave, STDIN_FILENO) < 0) ||
-			(dup2(chansess->slave, STDERR_FILENO) < 0) ||
 			(dup2(chansess->slave, STDOUT_FILENO) < 0)) {
 			TRACE(("leave ptycommand: error redirecting filedesc"))
 			return DROPBEAR_FAILURE;
 			}
-		close(chansess->slave);
 		/* write the utmp/wtmp login record - must be after changing the
-		 * terminal used for stdout with the dup2 above */
+		 * terminal used for stdout with the dup2 above, otherwise
+		 * the wtmp login will not be recorded */
 		li = chansess_login_alloc(chansess);
 		login_login(li);
+		dropbear_log(LOG_WARNING, "bad thing happened");
 		login_free_entry(li);
+		/* Can now dup2 stderr. Messages from login_login() have gone
+		to the parent stderr */
+		if (dup2(chansess->slave, STDERR_FILENO) < 0) {
+			TRACE(("leave ptycommand: error redirecting filedesc"))
+			return DROPBEAR_FAILURE;
+		}
+		close(chansess->slave);
 #if DO_MOTD
 		if (svr_opts.domotd && !chansess->cmd) {
 			/* don't show the motd if ~/.hushlogin exists */

Mercurial > dropbear