Remove the signal array stack as our pipe handling should be secure enough now. Also...

diff --git a/bpf.c b/bpf.c
index ed9c4a1dfa0851e5b8bc1b9e0f6d52191d489550..3cbfc40c1fc548d8bd7673ba8f1641a9d83257ad 100644 (file)
--- a/bpf.c
+++ b/bpf.c
@@ -121,7 +121,8 @@ open_socket(struct interface *iface, int protocol)
        }
        if (ioctl(fd, BIOCSETF, &pf) == -1)
                goto eexit;
-       close_on_exec(fd);
+       if (set_cloexec(fd) == -1)
+               goto eexit;
        if (*fdp != -1)
                close(*fdp);
        *fdp = fd;

diff --git a/common.c b/common.c
index 7eeb1d9d268c032c7c2cfc1c03d73750886f5a62..5754d40f242dd06c07b280efe9cfb2d9f9aa451b 100644 (file)
--- a/common.c
+++ b/common.c
@@ -171,7 +171,7 @@ fd_hasdata(int fd)
 }
 
 int
-close_on_exec(int fd)
+set_cloexec(int fd)
 {
        int flags;
 
@@ -184,6 +184,20 @@ close_on_exec(int fd)
        return 0;
 }
 
+int
+set_nonblock(int fd)
+{
+       int flags;
+
+       if ((flags = fcntl(fd, F_GETFL, 0)) == -1
+           || fcntl(fd, F_SETFL, flags | O_NONBLOCK) == -1)
+       {
+               logger(LOG_ERR, "fcntl: %s", strerror(errno));
+               return -1;
+       }
+       return 0;
+}
+
 /* Handy function to get the time.
  * We only care about time advancements, not the actual time itself
  * Which is why we use CLOCK_MONOTONIC, but it is not available on all

diff --git a/common.h b/common.h
index 817ccaaa2f56a0dc75ef3c03142d98d5512bb312..94a1cc0c379e4887402b840d0e4f766ee94c045a 100644 (file)
--- a/common.h
+++ b/common.h
@@ -71,7 +71,8 @@ int closefrom(int);
 #endif
 
 int close_fds(void);
-int close_on_exec(int);
+int set_cloexec(int);
+int set_nonblock(int);
 int fd_hasdata(int);
 ssize_t get_line(char **, size_t *, FILE *);
 int get_time(struct timeval *);

diff --git a/dhcpcd.c b/dhcpcd.c
index 14af5ff338da1185dfadc3f7aa62a9e8d5f94d1b..6c34d0287295ba65dca8f4c157dfdfc8686e99cc 100644 (file)
--- a/dhcpcd.c
+++ b/dhcpcd.c
@@ -830,7 +830,8 @@ main(int argc, char **argv)
                        goto abort;
                }
 
-               close_on_exec(pid_fd);
+               if (set_cloexec(pid_fd) == -1)
+                       goto abort;
                writepid(pid_fd, getpid());
                logger(LOG_INFO, PACKAGE " " VERSION " starting");
        }

diff --git a/lpf.c b/lpf.c
index c507378f5738f969b4aadba8d05bac97a89536c0..04d47b7679fc95b8dbd858aa95d7c07dafb4d25b 100644 (file)
--- a/lpf.c
+++ b/lpf.c
@@ -102,12 +102,11 @@ open_socket(struct interface *iface, int protocol)
        }
        if (setsockopt(s, SOL_SOCKET, SO_ATTACH_FILTER, &pf, sizeof(pf)) != 0)
                goto eexit;
-       if ((flags = fcntl(s, F_GETFL, 0)) == -1
-           || fcntl(s, F_SETFL, flags | O_NONBLOCK) == -1)
+       if (set_cloexec(s) == -1)
                goto eexit;
-       if (bind(s, &su.sa, sizeof(su)) == -1)
+       if (set_nonblock(s) == -1)
                goto eexit;
-       if (close_on_exec(s) == -1)
+       if (bind(s, &su.sa, sizeof(su)) == -1)
                goto eexit;
 #ifdef ENABLE_ARP
        if (protocol == ETHERTYPE_ARP)

diff --git a/net.c b/net.c
index aa530ba2726acd7f9b9588dca340953a212d7d94..a2feeb8a4193b29b32ab38b792a5c1035942993f 100644 (file)
--- a/net.c
+++ b/net.c
@@ -436,7 +436,7 @@ open_udp_socket(struct interface *iface)
                goto eexit;
 
        iface->udp_fd = s;
-       close_on_exec(s);
+       set_cloexec(s);
        return 0;
 
 eexit:

diff --git a/signals.c b/signals.c
index 3d7f63cde22dc23e8cbd5fb6ce5bd567de1e55a9..fb986d7ddf6b80fce71b836ab75c87b08a58ce0d 100644 (file)
--- a/signals.c
+++ b/signals.c
@@ -38,7 +38,6 @@
 #include "signals.h"
 
 static int signal_pipe[2];
-static int signals[5];
 
 static const int handle_sigs[] = {
        SIGHUP,
@@ -50,17 +49,9 @@ static const int handle_sigs[] = {
 static void
 signal_handler(int sig)
 {
-       unsigned int i = 0;
        int serrno = errno;
 
-       /* Add a signal to our stack */
-       while (signals[i])
-               i++;
-       if (i <= sizeof(signals) / sizeof(signals[0]))
-               signals[i] = sig;
-
        write(signal_pipe[1], &sig, sizeof(sig));
-
        /* Restore errno */
        errno = serrno;
 }
@@ -75,7 +66,7 @@ signal_fd(void)
 int
 signal_exists(int fd)
 {
-       if (signals[0] || fd_hasdata(fd) == 1)
+       if (fd_hasdata(fd) == 1)
                return 0;
        return -1;
 }
@@ -87,20 +78,9 @@ int
 signal_read(int fd)
 {
        int sig = -1;
-       unsigned int i = 0;
        char buf[16];
        size_t bytes;
 
-       /* Pop a signal off the our stack */
-       if (signals[0]) {
-               sig = signals[0];
-               while (i < (sizeof(signals) / sizeof(signals[0])) - 1) {
-                       signals[i] = signals[i + 1];
-                       if (!signals[++i])
-                               break;
-               }
-       }
-
        if (fd_hasdata(fd) == 1) {
                memset(buf, 0, sizeof(buf));
                bytes = read(signal_pipe[0], buf, sizeof(buf));
@@ -117,12 +97,14 @@ signal_init(void)
 {
        if (pipe(signal_pipe) == -1)
                return -1;
-
+       /* Don't block on read */
+       if (set_nonblock(signal_pipe[0]) == -1)
+               return -1;
        /* Stop any scripts from inheriting us */
-       close_on_exec(signal_pipe[0]);
-       close_on_exec(signal_pipe[1]);
-
-       memset(signals, 0, sizeof(signals));
+       if (set_cloexec(signal_pipe[0]) == -1)
+               return -1;
+       if (set_cloexec(signal_pipe[1]) == -1)
+               return -1;
        return 0;
 }