From fdb7c96bfad783d5c892d6de972cdfd015ae09a9 Mon Sep 17 00:00:00 2001
From: "Jan F. Chadima" <jfch2222@fedoraproject.org>
Date: Mon, 26 Apr 2010 10:53:33 +0000
Subject: [PATCH] - Ignore .bashrc output to stderr in the subsystems

---
 openssh-5.5p1-stderr.diff | 157 ++++++++++++++++++++++++++++++++++++++
 1 file changed, 157 insertions(+)
 create mode 100644 openssh-5.5p1-stderr.diff

diff --git a/openssh-5.5p1-stderr.diff b/openssh-5.5p1-stderr.diff
new file mode 100644
index 0000000..ef35d80
--- /dev/null
+++ b/openssh-5.5p1-stderr.diff
@@ -0,0 +1,157 @@
+diff -up openssh-5.5p1/session.c.stderr openssh-5.5p1/session.c
+--- openssh-5.5p1/session.c.stderr	2010-04-26 10:35:35.000000000 +0200
++++ openssh-5.5p1/session.c	2010-04-26 10:41:11.000000000 +0200
+@@ -47,6 +47,7 @@
+ #include <arpa/inet.h>
+ 
+ #include <errno.h>
++#include <fcntl.h>
+ #include <grp.h>
+ #ifdef HAVE_PATHS_H
+ #include <paths.h>
+@@ -447,6 +448,9 @@ do_exec_no_pty(Session *s, const char *c
+ #ifdef USE_PIPES
+ 	int pin[2], pout[2], perr[2];
+ 
++	if (s == NULL)
++		fatal("do_exec_no_pty: no session");
++
+ 	/* Allocate pipes for communicating with the program. */
+ 	if (pipe(pin) < 0) {
+ 		error("%s: pipe in: %.100s", __func__, strerror(errno));
+@@ -458,33 +462,59 @@ do_exec_no_pty(Session *s, const char *c
+ 		close(pin[1]);
+ 		return -1;
+ 	}
+-	if (pipe(perr) < 0) {
+-		error("%s: pipe err: %.100s", __func__, strerror(errno));
+-		close(pin[0]);
+-		close(pin[1]);
+-		close(pout[0]);
+-		close(pout[1]);
+-		return -1;
++	if (s->is_subsystem) {
++	    	if ((perr[1] = open(_PATH_DEVNULL, O_WRONLY)) == -1) {
++			error("%s: open(%s): %s", __func__, _PATH_DEVNULL,
++			    strerror(errno));
++			close(pin[0]);
++			close(pin[1]);
++			close(pout[0]);
++			close(pout[1]);
++			return -1;
++		}
++		perr[0] = -1;
++	} else {
++		if (pipe(perr) < 0) {
++			error("%s: pipe err: %.100s", __func__,
++			    strerror(errno));
++			close(pin[0]);
++			close(pin[1]);
++			close(pout[0]);
++			close(pout[1]);
++			return -1;
++		}
+ 	}
+ #else
+ 	int inout[2], err[2];
+ 
++	if (s == NULL)
++		fatal("do_exec_no_pty: no session");
++
+ 	/* Uses socket pairs to communicate with the program. */
+ 	if (socketpair(AF_UNIX, SOCK_STREAM, 0, inout) < 0) {
+ 		error("%s: socketpair #1: %.100s", __func__, strerror(errno));
+ 		return -1;
+ 	}
+-	if (socketpair(AF_UNIX, SOCK_STREAM, 0, err) < 0) {
+-		error("%s: socketpair #2: %.100s", __func__, strerror(errno));
+-		close(inout[0]);
+-		close(inout[1]);
+-		return -1;
++	if (s->is_subsystem) {
++	    	if ((err[0] = open(_PATH_DEVNULL, O_WRONLY)) == -1) {
++			error("%s: open(%s): %s", __func__, _PATH_DEVNULL,
++			    strerror(errno));
++			close(inout[0]);
++			close(inout[1]);
++			return -1;
++		}
++		err[1] = -1;
++	} else {
++		if (socketpair(AF_UNIX, SOCK_STREAM, 0, err) < 0) {
++			error("%s: socketpair #2: %.100s", __func__,
++			    strerror(errno));
++			close(inout[0]);
++			close(inout[1]);
++			return -1;
++		}
+ 	}
+ #endif
+ 
+-	if (s == NULL)
+-		fatal("do_exec_no_pty: no session");
+-
+ 	session_proctitle(s);
+ 
+ 	/* Fork the child. */
+@@ -496,13 +526,15 @@ do_exec_no_pty(Session *s, const char *c
+ 		close(pin[1]);
+ 		close(pout[0]);
+ 		close(pout[1]);
+-		close(perr[0]);
++		if (perr[0] != -1)
++			close(perr[0]);
+ 		close(perr[1]);
+ #else
+ 		close(inout[0]);
+ 		close(inout[1]);
+ 		close(err[0]);
+-		close(err[1]);
++		if (err[1] != -1)
++			close(err[1]);
+ #endif
+ 		return -1;
+ 	case 0:
+@@ -536,7 +568,8 @@ do_exec_no_pty(Session *s, const char *c
+ 		close(pout[1]);
+ 
+ 		/* Redirect stderr. */
+-		close(perr[0]);
++		if (perr[0] != -1)
++			close(perr[0]);
+ 		if (dup2(perr[1], 2) < 0)
+ 			perror("dup2 stderr");
+ 		close(perr[1]);
+@@ -547,7 +580,8 @@ do_exec_no_pty(Session *s, const char *c
+ 		 * seem to depend on it.
+ 		 */
+ 		close(inout[1]);
+-		close(err[1]);
++		if (err[1] != -1)
++			close(err[1]);
+ 		if (dup2(inout[0], 0) < 0)	/* stdin */
+ 			perror("dup2 stdin");
+ 		if (dup2(inout[0], 1) < 0)	/* stdout (same as stdin) */
+@@ -595,10 +629,6 @@ do_exec_no_pty(Session *s, const char *c
+ 	close(perr[1]);
+ 
+ 	if (compat20) {
+-		if (s->is_subsystem) {
+-			close(perr[0]);
+-			perr[0] = -1;
+-		}
+ 		session_set_fds(s, pin[1], pout[0], perr[0], 0);
+ 	} else {
+ 		/* Enter the interactive session. */
+@@ -615,10 +645,7 @@ do_exec_no_pty(Session *s, const char *c
+ 	 * handle the case that fdin and fdout are the same.
+ 	 */
+ 	if (compat20) {
+-		session_set_fds(s, inout[1], inout[1],
+-		    s->is_subsystem ? -1 : err[1], 0);
+-		if (s->is_subsystem)
+-			close(err[1]);
++		session_set_fds(s, inout[1], inout[1], err[1], 0);
+ 	} else {
+ 		server_loop(pid, inout[1], inout[1], err[1]);
+ 		/* server_loop has closed inout[1] and err[1]. */