From dd6498066234ca51e7048473eeec0bfb28053be9 Mon Sep 17 00:00:00 2001
From: Jakub Jelen <jjelen@redhat.com>
Date: Thu, 19 Dec 2019 17:35:23 +0100
Subject: [PATCH] socket: Kill the proxy command if it still runs on disconnect

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
---
 src/socket.c | 34 +++++++++++++++++++++++++++++++++-
 1 file changed, 33 insertions(+), 1 deletion(-)

diff --git a/src/socket.c b/src/socket.c
index ff6e7ae8..e040c870 100644
--- a/src/socket.c
+++ b/src/socket.c
@@ -42,8 +42,10 @@
 #else /* _WIN32 */
 #include <fcntl.h>
 #include <sys/types.h>
+#include <sys/wait.h>
 #include <sys/socket.h>
 #include <sys/un.h>
+#include <signal.h>
 #endif /* _WIN32 */
 
 #include "libssh/priv.h"
@@ -87,6 +89,9 @@ struct ssh_socket_struct {
   ssh_session session;
   ssh_socket_callbacks callbacks;
   ssh_poll_handle poll_handle;
+#ifndef _WIN32
+  pid_t proxy_pid;
+#endif
 };
 
 static int sockets_initialized = 0;
@@ -191,6 +196,9 @@ void ssh_socket_reset(ssh_socket s)
     s->data_except = 0;
     s->poll_handle = NULL;
     s->state=SSH_SOCKET_NONE;
+#ifndef _WIN32
+    s->proxy_pid = 0;
+#endif
 }
 
 /**
@@ -454,6 +462,28 @@ void ssh_socket_close(ssh_socket s)
     }
 
     s->state = SSH_SOCKET_CLOSED;
+
+#ifndef _WIN32
+    /* If the proxy command still runs try to kill it */
+    if (s->proxy_pid != 0) {
+        int status;
+        pid_t pid = s->proxy_pid;
+
+        s->proxy_pid = 0;
+        kill(pid, SIGTERM);
+        while (waitpid(pid, &status, 0) == -1) {
+            if (errno != EINTR) {
+                SSH_LOG(SSH_LOG_WARN, "waitpid failed: %s", strerror(errno));
+                return;
+            }
+        }
+        if (!WIFEXITED(status)) {
+            SSH_LOG(SSH_LOG_WARN, "Proxy command exitted abnormally");
+            return;
+        }
+        SSH_LOG(SSH_LOG_TRACE, "Proxy command returned %d", WEXITSTATUS(status));
+    }
+#endif
 }
 
 /**
@@ -886,9 +916,11 @@ ssh_socket_connect_proxycommand(ssh_socket s, const char *command)
 
     SSH_LOG(SSH_LOG_PROTOCOL, "Executing proxycommand '%s'", command);
     pid = fork();
-    if(pid == 0) {
+    if (pid == 0) {
         ssh_execute_command(command, pair[0], pair[0]);
+        /* Does not return */
     }
+    s->proxy_pid = pid;
     close(pair[0]);
     SSH_LOG(SSH_LOG_PROTOCOL, "ProxyCommand connection pipe: [%d,%d]",pair[0],pair[1]);
     ssh_socket_set_fd(s, pair[1]);