===================================================================
RCS file: /cvsrepo/anoncvs/cvs/src/usr.bin/ssh/ssh-add.c,v
retrieving revision 1.71
retrieving revision 1.71.2.2
diff -u -r1.71 -r1.71.2.2
--- src/usr.bin/ssh/ssh-add.c	2005/03/10 22:01:06	1.71
+++ src/usr.bin/ssh/ssh-add.c	2006/02/03 02:53:45	1.71.2.2
@@ -35,7 +35,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: ssh-add.c,v 1.71 2005/03/10 22:01:06 deraadt Exp $");
+RCSID("$OpenBSD: ssh-add.c,v 1.71.2.2 2006/02/03 02:53:45 brad Exp $");
 
 #include <openssl/evp.h>
 
@@ -145,7 +145,7 @@
 		/* clear passphrase since it did not work */
 		clear_pass();
 		snprintf(msg, sizeof msg, "Enter passphrase for %.200s: ",
-		   comment);
+		    comment);
 		for (;;) {
 			pass = read_passphrase(msg, RP_ALLOW_STDIN);
 			if (strcmp(pass, "") == 0) {
@@ -312,12 +312,16 @@
 	char *sc_reader_id = NULL;
 	int i, ch, deleting = 0, ret = 0;
 
+	/* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */
+	sanitise_stdfd();
+
 	SSLeay_add_all_algorithms();
 
 	/* At first, get a connection to the authentication agent. */
 	ac = ssh_get_authentication_connection();
 	if (ac == NULL) {
-		fprintf(stderr, "Could not open a connection to your authentication agent.\n");
+		fprintf(stderr,
+		    "Could not open a connection to your authentication agent.\n");
 		exit(2);
 	}
 	while ((ch = getopt(argc, argv, "lLcdDxXe:s:t:")) != -1) {