From: Roy Marples Date: Tue, 10 Jun 2008 22:23:57 +0000 (+0000) Subject: Remove the signal array stack as our pipe handling should be secure enough now. Also... X-Git-Tag: v4.0.2~283 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=eb942e0abce48272767404ca604573d3ea674302;p=thirdparty%2Fdhcpcd.git Remove the signal array stack as our pipe handling should be secure enough now. Also, move the normalize close_on_exec and setting non block. --- diff --git a/bpf.c b/bpf.c index ed9c4a1d..3cbfc40c 100644 --- a/bpf.c +++ b/bpf.c @@ -121,7 +121,8 @@ open_socket(struct interface *iface, int protocol) } if (ioctl(fd, BIOCSETF, &pf) == -1) goto eexit; - close_on_exec(fd); + if (set_cloexec(fd) == -1) + goto eexit; if (*fdp != -1) close(*fdp); *fdp = fd; diff --git a/common.c b/common.c index 7eeb1d9d..5754d40f 100644 --- a/common.c +++ b/common.c @@ -171,7 +171,7 @@ fd_hasdata(int fd) } int -close_on_exec(int fd) +set_cloexec(int fd) { int flags; @@ -184,6 +184,20 @@ close_on_exec(int fd) return 0; } +int +set_nonblock(int fd) +{ + int flags; + + if ((flags = fcntl(fd, F_GETFL, 0)) == -1 + || fcntl(fd, F_SETFL, flags | O_NONBLOCK) == -1) + { + logger(LOG_ERR, "fcntl: %s", strerror(errno)); + return -1; + } + return 0; +} + /* Handy function to get the time. * We only care about time advancements, not the actual time itself * Which is why we use CLOCK_MONOTONIC, but it is not available on all diff --git a/common.h b/common.h index 817ccaaa..94a1cc0c 100644 --- a/common.h +++ b/common.h @@ -71,7 +71,8 @@ int closefrom(int); #endif int close_fds(void); -int close_on_exec(int); +int set_cloexec(int); +int set_nonblock(int); int fd_hasdata(int); ssize_t get_line(char **, size_t *, FILE *); int get_time(struct timeval *); diff --git a/dhcpcd.c b/dhcpcd.c index 14af5ff3..6c34d028 100644 --- a/dhcpcd.c +++ b/dhcpcd.c @@ -830,7 +830,8 @@ main(int argc, char **argv) goto abort; } - close_on_exec(pid_fd); + if (set_cloexec(pid_fd) == -1) + goto abort; writepid(pid_fd, getpid()); logger(LOG_INFO, PACKAGE " " VERSION " starting"); } diff --git a/lpf.c b/lpf.c index c507378f..04d47b76 100644 --- a/lpf.c +++ b/lpf.c @@ -102,12 +102,11 @@ open_socket(struct interface *iface, int protocol) } if (setsockopt(s, SOL_SOCKET, SO_ATTACH_FILTER, &pf, sizeof(pf)) != 0) goto eexit; - if ((flags = fcntl(s, F_GETFL, 0)) == -1 - || fcntl(s, F_SETFL, flags | O_NONBLOCK) == -1) + if (set_cloexec(s) == -1) goto eexit; - if (bind(s, &su.sa, sizeof(su)) == -1) + if (set_nonblock(s) == -1) goto eexit; - if (close_on_exec(s) == -1) + if (bind(s, &su.sa, sizeof(su)) == -1) goto eexit; #ifdef ENABLE_ARP if (protocol == ETHERTYPE_ARP) diff --git a/net.c b/net.c index aa530ba2..a2feeb8a 100644 --- a/net.c +++ b/net.c @@ -436,7 +436,7 @@ open_udp_socket(struct interface *iface) goto eexit; iface->udp_fd = s; - close_on_exec(s); + set_cloexec(s); return 0; eexit: diff --git a/signals.c b/signals.c index 3d7f63cd..fb986d7d 100644 --- a/signals.c +++ b/signals.c @@ -38,7 +38,6 @@ #include "signals.h" static int signal_pipe[2]; -static int signals[5]; static const int handle_sigs[] = { SIGHUP, @@ -50,17 +49,9 @@ static const int handle_sigs[] = { static void signal_handler(int sig) { - unsigned int i = 0; int serrno = errno; - /* Add a signal to our stack */ - while (signals[i]) - i++; - if (i <= sizeof(signals) / sizeof(signals[0])) - signals[i] = sig; - write(signal_pipe[1], &sig, sizeof(sig)); - /* Restore errno */ errno = serrno; } @@ -75,7 +66,7 @@ signal_fd(void) int signal_exists(int fd) { - if (signals[0] || fd_hasdata(fd) == 1) + if (fd_hasdata(fd) == 1) return 0; return -1; } @@ -87,20 +78,9 @@ int signal_read(int fd) { int sig = -1; - unsigned int i = 0; char buf[16]; size_t bytes; - /* Pop a signal off the our stack */ - if (signals[0]) { - sig = signals[0]; - while (i < (sizeof(signals) / sizeof(signals[0])) - 1) { - signals[i] = signals[i + 1]; - if (!signals[++i]) - break; - } - } - if (fd_hasdata(fd) == 1) { memset(buf, 0, sizeof(buf)); bytes = read(signal_pipe[0], buf, sizeof(buf)); @@ -117,12 +97,14 @@ signal_init(void) { if (pipe(signal_pipe) == -1) return -1; - + /* Don't block on read */ + if (set_nonblock(signal_pipe[0]) == -1) + return -1; /* Stop any scripts from inheriting us */ - close_on_exec(signal_pipe[0]); - close_on_exec(signal_pipe[1]); - - memset(signals, 0, sizeof(signals)); + if (set_cloexec(signal_pipe[0]) == -1) + return -1; + if (set_cloexec(signal_pipe[1]) == -1) + return -1; return 0; }