proxmox-mirrors/mirror_frr
1
0
Fork 0
mirror of https://git.proxmox.com/git/mirror_frr synced 2025-04-30 13:14:46 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

lib: add and use set_cloexec()

Browse Source 
watchquagga is already leaking an open file descriptor on its pid file
on fork+exec() invocations; next up is adding vtysh support with even
more fds.  Mark things CLOEXEC before going there.

Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
This commit is contained in:
David Lamparter 2016-11-08 20:46:05 +01:00
parent 73ea75daa5
commit 2da59394ec
4 changed files with 26 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
lib/network.c
View File

@ -94,6 +94,20 @@ set_nonblocking(int fd)
return 0; return 0;
} }
int
set_cloexec(int fd)
{
int flags;
flags = fcntl(fd, F_GETFD, 0);
if (flags == -1)
return -1;
flags |= FD_CLOEXEC;
if (fcntl(fd, F_SETFD, flags) == -1)
return -1;
return 0;
}
float float
htonf (float host) htonf (float host)
{ {

2
lib/network.h
View File

@ -33,6 +33,8 @@ extern int writen (int, const u_char *, int);
-1 on error. */ -1 on error. */
extern int set_nonblocking(int fd); extern int set_nonblocking(int fd);
extern int set_cloexec(int fd);
/* Does the I/O error indicate that the operation should be retried later? */ /* Does the I/O error indicate that the operation should be retried later? */
#define ERRNO_IO_RETRY(EN) \ #define ERRNO_IO_RETRY(EN) \
(((EN) == EAGAIN) || ((EN) == EWOULDBLOCK) || ((EN) == EINTR)) (((EN) == EAGAIN) || ((EN) == EWOULDBLOCK) || ((EN) == EINTR))

3
lib/pid_output.c
View File

@ -24,6 +24,7 @@
#include <fcntl.h> #include <fcntl.h>
#include <log.h> #include <log.h>
#include "version.h" #include "version.h"
#include "network.h"
#define PIDFILE_MASK 0644 #define PIDFILE_MASK 0644
#ifndef HAVE_FCNTL #ifndef HAVE_FCNTL
@ -84,6 +85,8 @@ pid_output (const char *path)
umask(oldumask); umask(oldumask);
memset (&lock, 0, sizeof(lock)); memset (&lock, 0, sizeof(lock));
set_cloexec(fd);
lock.l_type = F_WRLCK; lock.l_type = F_WRLCK;
lock.l_whence = SEEK_SET; lock.l_whence = SEEK_SET;

6
lib/vty.c
View File

@ -1841,6 +1841,7 @@ vty_accept (struct thread *thread)
return -1; return -1;
} }
set_nonblocking(vty_sock); set_nonblocking(vty_sock);
set_cloexec(vty_sock);
sockunion2hostprefix (&su, &p); sockunion2hostprefix (&su, &p);
@ -1939,6 +1940,7 @@ vty_serv_sock_addrinfo (const char *hostname, unsigned short port)
sockopt_v6only (ainfo->ai_family, sock); sockopt_v6only (ainfo->ai_family, sock);
sockopt_reuseaddr (sock); sockopt_reuseaddr (sock);
sockopt_reuseport (sock); sockopt_reuseport (sock);
set_cloexec (sock);
ret = bind (sock, ainfo->ai_addr, ainfo->ai_addrlen); ret = bind (sock, ainfo->ai_addr, ainfo->ai_addrlen);
if (ret < 0) if (ret < 0)
@ -2006,6 +2008,7 @@ vty_serv_sock_family (const char* addr, unsigned short port, int family)
/* This is server, so reuse address. */ /* This is server, so reuse address. */
sockopt_reuseaddr (accept_sock); sockopt_reuseaddr (accept_sock);
sockopt_reuseport (accept_sock); sockopt_reuseport (accept_sock);
set_cloexec (accept_sock);
/* Bind socket to universal address and given port. */ /* Bind socket to universal address and given port. */
ret = sockunion_bind (accept_sock, &su, port, naddr); ret = sockunion_bind (accept_sock, &su, port, naddr);
@ -2068,6 +2071,8 @@ vty_serv_un (const char *path)
len = sizeof (serv.sun_family) + strlen (serv.sun_path); len = sizeof (serv.sun_family) + strlen (serv.sun_path);
#endif /* HAVE_STRUCT_SOCKADDR_UN_SUN_LEN */ #endif /* HAVE_STRUCT_SOCKADDR_UN_SUN_LEN */
set_cloexec (sock);
ret = bind (sock, (struct sockaddr *) &serv, len); ret = bind (sock, (struct sockaddr *) &serv, len);
if (ret < 0) if (ret < 0)
{ {
@ -2135,6 +2140,7 @@ vtysh_accept (struct thread *thread)
close (sock); close (sock);
return -1; return -1;
} }
set_cloexec(sock);
#ifdef VTYSH_DEBUG #ifdef VTYSH_DEBUG
printf ("VTY shell accept\n"); printf ("VTY shell accept\n");