libxtables: Use posix_spawn() instead of vfork()

According to covscan, vfork() may lead to a deadlock in the parent
process. It suggests to use posix_spawn() instead. Since the latter
combines vfork() and exec() calls, use it for xtables_insmod().

Signed-off-by: Phil Sutter <phil@nwl.cc>
Signed-off-by: Florian Westphal <fw@strlen.de>

diff --git a/libxtables/xtables.c b/libxtables/xtables.c
index ffd8fbcf294658479c61ccacb5c366e253f2672d..6dd0b152dfecfae22a786231673c3380e9143b60 100644 (file)
--- a/libxtables/xtables.c
+++ b/libxtables/xtables.c
@@ -21,6 +21,7 @@
 #include <fcntl.h>
 #include <inttypes.h>
 #include <netdb.h>
+#include <spawn.h>
 #include <stdarg.h>
 #include <stdbool.h>
 #include <stdio.h>
@@ -362,6 +363,7 @@ int xtables_insmod(const char *modname, const char *modprobe, bool quiet)
        char *buf = NULL;
        char *argv[4];
        int status;
+       pid_t pid;
 
        /* If they don't explicitly set it, read out of kernel */
        if (!modprobe) {
@@ -382,18 +384,11 @@ int xtables_insmod(const char *modname, const char *modprobe, bool quiet)
         */
        fflush(stdout);
 
-       switch (vfork()) {
-       case 0:
-               execv(argv[0], argv);
-
-               /* not usually reached */
-               _exit(1);
-       case -1:
+       if (posix_spawn(&pid, argv[0], NULL, NULL, argv, NULL)) {
                free(buf);
                return -1;
-
-       default: /* parent */
-               wait(&status);
+       } else {
+               waitpid(pid, &status, 0);
        }
 
        free(buf);