# HG changeset patch # Parent 2e66b48b2212113d9897a58aaada67557b7c4f35 block SIGALRM while logging through syslog to prevent deadlocks (through grace_alarm_handler()) bnc#57354 diff --git a/openssh-7.7p1/log.c b/openssh-7.7p1/log.c --- openssh-7.7p1/log.c +++ openssh-7.7p1/log.c @@ -46,16 +46,17 @@ #include #include #include #if defined(HAVE_STRNVIS) && defined(HAVE_VIS_H) && !defined(BROKEN_STRNVIS) # include #endif #include "log.h" +#include static LogLevel log_level = SYSLOG_LEVEL_INFO; static int log_on_stderr = 1; static int log_stderr_fd = STDERR_FILENO; static int log_facility = LOG_AUTH; static char *argv0; static log_handler_fn *log_handler; static void *log_handler_ctx; @@ -396,16 +397,17 @@ do_log(LogLevel level, const char *fmt, { #if defined(HAVE_OPENLOG_R) && defined(SYSLOG_DATA_INIT) struct syslog_data sdata = SYSLOG_DATA_INIT; #endif char msgbuf[MSGBUFSIZ]; char fmtbuf[MSGBUFSIZ]; char *txt = NULL; int pri = LOG_INFO; + sigset_t nset, oset; int saved_errno = errno; log_handler_fn *tmp_handler; if (level > log_level) return; switch (level) { case SYSLOG_LEVEL_FATAL: @@ -455,20 +457,28 @@ do_log(LogLevel level, const char *fmt, log_handler = NULL; tmp_handler(level, fmtbuf, log_handler_ctx); log_handler = tmp_handler; } else if (log_on_stderr) { snprintf(msgbuf, sizeof msgbuf, "%.*s\r\n", (int)sizeof msgbuf - 3, fmtbuf); (void)write(log_stderr_fd, msgbuf, strlen(msgbuf)); } else { + /* Prevent a race between the grace_alarm which writes a + * log message and terminates and main sshd code that leads + * to deadlock as syslog is not async safe. + */ + sigemptyset(&nset); + sigaddset(&nset, SIGALRM); + sigprocmask(SIG_BLOCK, &nset, &oset); #if defined(HAVE_OPENLOG_R) && defined(SYSLOG_DATA_INIT) openlog_r(argv0 ? argv0 : __progname, LOG_PID, log_facility, &sdata); syslog_r(pri, &sdata, "%.500s", fmtbuf); closelog_r(&sdata); #else openlog(argv0 ? argv0 : __progname, LOG_PID, log_facility); syslog(pri, "%.500s", fmtbuf); closelog(); #endif + sigprocmask(SIG_SETMASK, &oset, NULL); } errno = saved_errno; }