Add a couple of non-negativity checks to avoid close(-1).

ok djm

diff --git a/usr.bin/ssh/monitor.c b/usr.bin/ssh/monitor.c
index a64d614..c2b0885 100644 (file)
--- a/usr.bin/ssh/monitor.c
+++ b/usr.bin/ssh/monitor.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: monitor.c,v 1.178 2018/01/23 05:27:21 djm Exp $ */
+/* $OpenBSD: monitor.c,v 1.179 2018/02/05 05:37:46 tb Exp $ */
 /*
  * Copyright 2002 Niels Provos <provos@citi.umich.edu>
  * Copyright 2002 Markus Friedl <markus@openbsd.org>
@@ -230,8 +230,10 @@ monitor_child_preauth(Authctxt *_authctxt, struct monitor *pmonitor)
 
        debug3("preauth child monitor started");
 
-       close(pmonitor->m_recvfd);
-       close(pmonitor->m_log_sendfd);
+       if (pmonitor->m_recvfd >= 0)
+               close(pmonitor->m_recvfd);
+       if (pmonitor->m_log_sendfd >= 0)
+               close(pmonitor->m_log_sendfd);
        pmonitor->m_log_sendfd = pmonitor->m_recvfd = -1;
 
        authctxt = _authctxt;
@@ -298,8 +300,10 @@ monitor_child_preauth(Authctxt *_authctxt, struct monitor *pmonitor)
        while (pmonitor->m_log_recvfd != -1 && monitor_read_log(pmonitor) == 0)
                ;
 
-       close(pmonitor->m_sendfd);
-       close(pmonitor->m_log_recvfd);
+       if (pmonitor->m_recvfd >= 0)
+               close(pmonitor->m_recvfd);
+       if (pmonitor->m_log_sendfd >= 0)
+               close(pmonitor->m_log_sendfd);
        pmonitor->m_sendfd = pmonitor->m_log_recvfd = -1;
 }
 

diff --git a/usr.bin/ssh/ssh-pkcs11-client.c b/usr.bin/ssh/ssh-pkcs11-client.c
index e1aca10..d03c808 100644 (file)
--- a/usr.bin/ssh/ssh-pkcs11-client.c
+++ b/usr.bin/ssh/ssh-pkcs11-client.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-pkcs11-client.c,v 1.7 2017/05/30 08:52:19 markus Exp $ */
+/* $OpenBSD: ssh-pkcs11-client.c,v 1.8 2018/02/05 05:37:46 tb Exp $ */
 /*
  * Copyright (c) 2010 Markus Friedl.  All rights reserved.
  *
@@ -93,7 +93,8 @@ pkcs11_init(int interactive)
 void
 pkcs11_terminate(void)
 {
-       close(fd);
+       if (fd >= 0)
+               close(fd);
 }
 
 static int