From 7e27adec3cb5a4312477bc0d618f13bc509842cb Mon Sep 17 00:00:00 2001
From: Tomas Janousek <tjanouse@fedoraproject.org>
Date: Mon, 28 May 2007 13:25:10 +0000
Subject: [PATCH] - modified the fix for #112975 to fix #156373 as well

---
 tcp_wrappers-7.6-sigchld.patch | 75 +++++++++++++++++++++++++---------
 tcp_wrappers.spec              |  7 +++-
 2 files changed, 60 insertions(+), 22 deletions(-)

diff --git a/tcp_wrappers-7.6-sigchld.patch b/tcp_wrappers-7.6-sigchld.patch
index 14eb1c3..2434db8 100644
--- a/tcp_wrappers-7.6-sigchld.patch
+++ b/tcp_wrappers-7.6-sigchld.patch
@@ -1,42 +1,72 @@
 --- tcp_wrappers_7.6/shell_cmd.c.sigchld	1994-12-28 17:42:44.000000000 +0100
-+++ tcp_wrappers_7.6/shell_cmd.c	2007-05-25 14:28:33.000000000 +0200
-@@ -31,6 +31,10 @@
++++ tcp_wrappers_7.6/shell_cmd.c	2007-05-28 15:06:28.000000000 +0200
+@@ -20,6 +20,8 @@
+ #include <stdio.h>
+ #include <syslog.h>
+ #include <string.h>
++#include <errno.h>
++#include <unistd.h>
+ 
+ extern void exit();
+ 
+@@ -31,13 +33,42 @@
  
  static void do_child();
  
-+/* Dummy handler */
-+
-+static void sigchld(int sig) {}
++/*
++ * The sigchld handler. If there is a SIGCHLD caused by a child other than
++ * ours, we set a flag and raise the signal later.
++ */
++volatile static int foreign_sigchld;
++volatile static int our_child_pid;
++static void sigchld(int sig, siginfo_t *si, void *unused)
++{
++    if (si && si->si_pid != our_child_pid)
++	foreign_sigchld = 1;
++}
 +
  /* shell_cmd - execute shell command */
  
  void    shell_cmd(command)
-@@ -39,6 +43,22 @@
+ char   *command;
+ {
      int     child_pid;
-     int     wait_pid;
- 
-+    struct sigaction new_action, old_action;
-+    sigset_t new_mask, old_mask;
+-    int     wait_pid;
 +
-+    new_action.sa_handler = &sigchld;
-+    new_action.sa_flags = 0;
++    struct sigaction new_action, old_action;
++    sigset_t new_mask, old_mask, empty_mask;
++
++    new_action.sa_sigaction = &sigchld;
++    new_action.sa_flags = SA_SIGINFO;
 +    sigemptyset(&new_action.sa_mask);
 +    sigemptyset(&new_mask);
++    sigemptyset(&empty_mask);
 +    sigaddset(&new_mask, SIGCHLD);
 +
 +    /*
-+     * Ignore the SIGCHLD signal a unblock it so that the program should not
-+     * see it.
++     * Set the variables for handler, set the handler and block the signal
++     * until we have the pid.
 +     */
++    foreign_sigchld = 0; our_child_pid = 0;
++    sigprocmask(SIG_BLOCK, &new_mask, &old_mask);
 +    sigaction(SIGCHLD, &new_action, &old_action);
-+    sigprocmask(SIG_UNBLOCK, &new_mask, &old_mask);
-+
+ 
      /*
       * Most of the work is done within the child process, to minimize the
-      * risk of damage to the parent.
-@@ -55,6 +75,12 @@
- 	while ((wait_pid = wait((int *) 0)) != -1 && wait_pid != child_pid)
- 	     /* void */ ;
+@@ -49,12 +80,26 @@
+ 	tcpd_warn("cannot fork: %m");
+ 	break;
+     case 00:					/* child */
++	/* Clear the blocked mask for the child not to be surprised. */
++	sigprocmask(SIG_SETMASK, &empty_mask, 0);
+ 	do_child(command);
+ 	/* NOTREACHED */
+     default:					/* parent */
+-	while ((wait_pid = wait((int *) 0)) != -1 && wait_pid != child_pid)
+-	     /* void */ ;
++	our_child_pid = child_pid;
++	sigprocmask(SIG_UNBLOCK, &new_mask, 0);
++	while (waitpid(child_pid, (int *) 0, 0) == -1 && errno == EINTR);
      }
 +
 +    /*
@@ -44,6 +74,11 @@
 +     */
 +    sigprocmask(SIG_SETMASK, &old_mask, 0);
 +    sigaction(SIGCHLD, &old_action, 0);
++
++    /* If there was a foreign SIGCHLD, raise it after we have restored the old
++     * mask and handler. */
++    if (foreign_sigchld)
++	raise(SIGCHLD);
  }
  
  /* do_child - exec command with { stdin, stdout, stderr } to /dev/null */
diff --git a/tcp_wrappers.spec b/tcp_wrappers.spec
index 2785294..764d2b6 100644
--- a/tcp_wrappers.spec
+++ b/tcp_wrappers.spec
@@ -1,7 +1,7 @@
 Summary: A security tool which acts as a wrapper for TCP daemons.
 Name: tcp_wrappers
 Version: 7.6
-Release: 45%{?dist}
+Release: 46%{?dist}
 
 %define LIB_MAJOR 0
 %define LIB_MINOR 7
@@ -143,8 +143,11 @@ rm -rf ${RPM_BUILD_ROOT}
 %{_mandir}/man3/*
 
 %changelog
+* Mon May 28 2007 Tomas Janousek <tjanouse@redhat.com> - 7.6-46
+- modified the fix for #112975 to fix #156373 as well
+
 * Fri May 25 2007 Tomas Janousek <tjanouse@redhat.com> - 7.6-45
-- Unblock and catch SIGCHLD from spawned shell commands, fixes #112975
+- unblock and catch SIGCHLD from spawned shell commands, fixes #112975
 
 * Mon Apr 16 2007 Tomas Janousek <tjanouse@redhat.com> - 7.6-44
 - added restore_sigalarm and siglongjmp patches from Debian, fixes #205129