From 3e640acd1784a4beef0794cea47df37c025a303d Mon Sep 17 00:00:00 2001 From: Matt Johnston Date: Mon, 18 Oct 2021 23:20:08 +0800 Subject: [PATCH] Only redirect stderr after the session login. That lets errors get recorded on the server parent side, rather than being sent over a SSH connection. --- svr-chansession.c | 16 ++++++++++++---- 1 file changed, 12 insertions(+), 4 deletions(-) diff --git a/svr-chansession.c b/svr-chansession.c index 2f90bac..29183d8 100644 --- a/svr-chansession.c +++ b/svr-chansession.c @@ -841,20 +841,28 @@ static int ptycommand(struct Channel *channel, struct ChanSess *chansess) { pty_make_controlling_tty(&chansess->slave, chansess->tty); if ((dup2(chansess->slave, STDIN_FILENO) < 0) || - (dup2(chansess->slave, STDERR_FILENO) < 0) || (dup2(chansess->slave, STDOUT_FILENO) < 0)) { TRACE(("leave ptycommand: error redirecting filedesc")) return DROPBEAR_FAILURE; } - close(chansess->slave); - /* write the utmp/wtmp login record - must be after changing the - * terminal used for stdout with the dup2 above */ + * terminal used for stdout with the dup2 above, otherwise + * the wtmp login will not be recorded */ li = chansess_login_alloc(chansess); login_login(li); + dropbear_log(LOG_WARNING, "bad thing happened"); login_free_entry(li); + /* Can now dup2 stderr. Messages from login_login() have gone + to the parent stderr */ + if (dup2(chansess->slave, STDERR_FILENO) < 0) { + TRACE(("leave ptycommand: error redirecting filedesc")) + return DROPBEAR_FAILURE; + } + + close(chansess->slave); + #if DO_MOTD if (svr_opts.domotd && !chansess->cmd) { /* don't show the motd if ~/.hushlogin exists */