From 6c49c41c19157cbafb8f4b90276b83550da98da9 Mon Sep 17 00:00:00 2001
From: Jakub Jelen <jjelen@redhat.com>
Date: Wed, 19 Jun 2019 14:27:36 +0200
Subject: [PATCH] socket: Do not process stderr of proxy commands (Fixes T130)

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
---
 src/socket.c | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

diff --git a/src/socket.c b/src/socket.c
index 64c486e3..bbba443d 100644
--- a/src/socket.c
+++ b/src/socket.c
@@ -839,11 +839,18 @@ void
 ssh_execute_command(const char *command, socket_t in, socket_t out)
 {
     const char *args[] = {"/bin/sh", "-c", command, NULL};
+    /* Prepare /dev/null socket for the stderr redirection */
+    int devnull = open("/dev/null", O_WRONLY);
+    if (devnull == -1) {
+        SSH_LOG(SSH_LOG_WARNING, "Failed to open stderr");
+        exit(1);
+    }
 
-    /* redirect in and out to stdin, stdout and stderr */
+    /* redirect in and out to stdin, stdout */
     dup2(in, 0);
     dup2(out, 1);
-    dup2(out, 2);
+    /* Ignore anything on the stderr */
+    dup2(devnull, STDERR_FILENO);
     close(in);
     close(out);
     execv(args[0], (char * const *)args);