/mandos/release

To get this branch, use:
bzr branch http://bzr.recompile.se/loggerhead/mandos/release

« back to all changes in this revision

Viewing changes to plugin-runner.c

  • Committer: Teddy Hogeborn
  • Date: 2014-06-14 22:55:11 UTC
  • mto: (237.7.272 trunk)
  • mto: This revision was merged to the branch mainline in revision 317.
  • Revision ID: teddy@recompile.se-20140614225511-0ge6tce2esulf65t
In plugin-runner, do scandirat() or scandir() instead of readdir().

* plugin-runner.c (set_cloexec_flag): Only define if O_CLOEXEC is not
                                      defined, it is not called
                                      otherwise.
  (main): Remove variables "dir" and "dirst"; new variable "dir_fd".
          Use scandirat() if available, scandir() otherwise, both
          using new filter function "good_name".  Removed checking of
          plugin file name patterns; this is now done by "good_name".
          Do not set FD_CLOEXEC flag on plugin_fd, since fexecve()
          will not work with it.  Use pipe2() to set O_CLOEXEC on pipe
          FD's (if possible).
  (main/good_name): New filter function for scandirat() or scandir().

Show diffs side-by-side

added added

removed removed

Lines of Context:
349
349
  char *plugindir = NULL;
350
350
  char *argfile = NULL;
351
351
  FILE *conffp;
352
 
  struct dirent **direntries = NULL;
 
352
  struct dirent **direntries;
353
353
  struct stat st;
354
354
  fd_set rfds_all;
355
355
  int ret, maxfd = 0;
829
829
    ret = set_cloexec_flag(dir_fd);
830
830
    if(ret < 0){
831
831
      error(0, errno, "set_cloexec_flag");
 
832
      TEMP_FAILURE_RETRY(close(dir_fd));
832
833
      exitstatus = EX_OSERR;
833
834
      goto fallback;
834
835
    }
874
875
#endif  /* not __GLIBC__ */
875
876
  if(numplugins == -1){
876
877
    error(0, errno, "Could not scan plugin dir");
877
 
    direntries = NULL;
 
878
    TEMP_FAILURE_RETRY(close(dir_fd));
878
879
    exitstatus = EX_OSERR;
879
880
    goto fallback;
880
881
  }
887
888
    int plugin_fd = openat(dir_fd, direntries[i]->d_name, O_RDONLY);
888
889
    if(plugin_fd == -1){
889
890
      error(0, errno, "Could not open plugin");
890
 
      free(direntries[i]);
891
891
      continue;
892
892
    }
893
893
    ret = (int)TEMP_FAILURE_RETRY(fstat(plugin_fd, &st));
894
894
    if(ret == -1){
895
895
      error(0, errno, "stat");
896
896
      TEMP_FAILURE_RETRY(close(plugin_fd));
897
 
      free(direntries[i]);
898
897
      continue;
899
898
    }
900
899
    
909
908
                direntries[i]->d_name);
910
909
      }
911
910
      TEMP_FAILURE_RETRY(close(plugin_fd));
912
 
      free(direntries[i]);
913
911
      continue;
914
912
    }
915
913
    
917
915
    if(p == NULL){
918
916
      error(0, errno, "getplugin");
919
917
      TEMP_FAILURE_RETRY(close(plugin_fd));
920
 
      free(direntries[i]);
921
918
      continue;
922
919
    }
923
920
    if(p->disabled){
926
923
                direntries[i]->d_name);
927
924
      }
928
925
      TEMP_FAILURE_RETRY(close(plugin_fd));
929
 
      free(direntries[i]);
930
926
      continue;
931
927
    }
932
928
    {
965
961
    if(ret == -1){
966
962
      error(0, errno, "pipe");
967
963
      exitstatus = EX_OSERR;
968
 
      free(direntries[i]);
969
964
      goto fallback;
970
965
    }
971
966
    if(pipefd[0] >= FD_SETSIZE){
974
969
      TEMP_FAILURE_RETRY(close(pipefd[0]));
975
970
      TEMP_FAILURE_RETRY(close(pipefd[1]));
976
971
      exitstatus = EX_OSERR;
977
 
      free(direntries[i]);
978
972
      goto fallback;
979
973
    }
980
974
#ifndef O_CLOEXEC
985
979
      TEMP_FAILURE_RETRY(close(pipefd[0]));
986
980
      TEMP_FAILURE_RETRY(close(pipefd[1]));
987
981
      exitstatus = EX_OSERR;
988
 
      free(direntries[i]);
989
982
      goto fallback;
990
983
    }
991
984
    ret = set_cloexec_flag(pipefd[1]);
994
987
      TEMP_FAILURE_RETRY(close(pipefd[0]));
995
988
      TEMP_FAILURE_RETRY(close(pipefd[1]));
996
989
      exitstatus = EX_OSERR;
997
 
      free(direntries[i]);
998
990
      goto fallback;
999
991
    }
1000
992
#endif  /* not O_CLOEXEC */
1005
997
    if(ret < 0){
1006
998
      error(0, errno, "sigprocmask");
1007
999
      exitstatus = EX_OSERR;
1008
 
      free(direntries[i]);
1009
1000
      goto fallback;
1010
1001
    }
1011
1002
    /* Starting a new process to be watched */
1020
1011
      TEMP_FAILURE_RETRY(close(pipefd[0]));
1021
1012
      TEMP_FAILURE_RETRY(close(pipefd[1]));
1022
1013
      exitstatus = EX_OSERR;
1023
 
      free(direntries[i]);
1024
1014
      goto fallback;
1025
1015
    }
1026
1016
    if(pid == 0){
1065
1055
        error(0, errno, "sigprocmask");
1066
1056
      }
1067
1057
      exitstatus = EX_OSERR;
1068
 
      free(direntries[i]);
1069
1058
      goto fallback;
1070
1059
    }
1071
 
    free(direntries[i]);
1072
1060
    
1073
1061
    new_plugin->pid = pid;
1074
1062
    new_plugin->fd = pipefd[0];
1104
1092
    }
1105
1093
  }
1106
1094
  
1107
 
  free(direntries);
1108
 
  direntries = NULL;
1109
1095
  TEMP_FAILURE_RETRY(close(dir_fd));
1110
 
  dir_fd = -1;
1111
1096
  free_plugin(getplugin(NULL));
1112
1097
  
1113
1098
  for(plugin *p = plugin_list; p != NULL; p = p->next){
1307
1292
    free(custom_argv);
1308
1293
  }
1309
1294
  
1310
 
  free(direntries);
1311
 
  
1312
1295
  if(dir_fd != -1){
1313
1296
    TEMP_FAILURE_RETRY(close(dir_fd));
1314
1297
  }