parent
f7f9316410
commit
7e27adec3c
@ -1,42 +1,72 @@
|
||||
--- tcp_wrappers_7.6/shell_cmd.c.sigchld 1994-12-28 17:42:44.000000000 +0100
|
||||
+++ tcp_wrappers_7.6/shell_cmd.c 2007-05-25 14:28:33.000000000 +0200
|
||||
@@ -31,6 +31,10 @@
|
||||
+++ tcp_wrappers_7.6/shell_cmd.c 2007-05-28 15:06:28.000000000 +0200
|
||||
@@ -20,6 +20,8 @@
|
||||
#include <stdio.h>
|
||||
#include <syslog.h>
|
||||
#include <string.h>
|
||||
+#include <errno.h>
|
||||
+#include <unistd.h>
|
||||
|
||||
extern void exit();
|
||||
|
||||
@@ -31,13 +33,42 @@
|
||||
|
||||
static void do_child();
|
||||
|
||||
+/* Dummy handler */
|
||||
+
|
||||
+static void sigchld(int sig) {}
|
||||
+/*
|
||||
+ * The sigchld handler. If there is a SIGCHLD caused by a child other than
|
||||
+ * ours, we set a flag and raise the signal later.
|
||||
+ */
|
||||
+volatile static int foreign_sigchld;
|
||||
+volatile static int our_child_pid;
|
||||
+static void sigchld(int sig, siginfo_t *si, void *unused)
|
||||
+{
|
||||
+ if (si && si->si_pid != our_child_pid)
|
||||
+ foreign_sigchld = 1;
|
||||
+}
|
||||
+
|
||||
/* shell_cmd - execute shell command */
|
||||
|
||||
void shell_cmd(command)
|
||||
@@ -39,6 +43,22 @@
|
||||
char *command;
|
||||
{
|
||||
int child_pid;
|
||||
int wait_pid;
|
||||
|
||||
+ struct sigaction new_action, old_action;
|
||||
+ sigset_t new_mask, old_mask;
|
||||
- int wait_pid;
|
||||
+
|
||||
+ new_action.sa_handler = &sigchld;
|
||||
+ new_action.sa_flags = 0;
|
||||
+ struct sigaction new_action, old_action;
|
||||
+ sigset_t new_mask, old_mask, empty_mask;
|
||||
+
|
||||
+ new_action.sa_sigaction = &sigchld;
|
||||
+ new_action.sa_flags = SA_SIGINFO;
|
||||
+ sigemptyset(&new_action.sa_mask);
|
||||
+ sigemptyset(&new_mask);
|
||||
+ sigemptyset(&empty_mask);
|
||||
+ sigaddset(&new_mask, SIGCHLD);
|
||||
+
|
||||
+ /*
|
||||
+ * Ignore the SIGCHLD signal a unblock it so that the program should not
|
||||
+ * see it.
|
||||
+ * Set the variables for handler, set the handler and block the signal
|
||||
+ * until we have the pid.
|
||||
+ */
|
||||
+ foreign_sigchld = 0; our_child_pid = 0;
|
||||
+ sigprocmask(SIG_BLOCK, &new_mask, &old_mask);
|
||||
+ sigaction(SIGCHLD, &new_action, &old_action);
|
||||
+ sigprocmask(SIG_UNBLOCK, &new_mask, &old_mask);
|
||||
+
|
||||
|
||||
/*
|
||||
* Most of the work is done within the child process, to minimize the
|
||||
* risk of damage to the parent.
|
||||
@@ -55,6 +75,12 @@
|
||||
while ((wait_pid = wait((int *) 0)) != -1 && wait_pid != child_pid)
|
||||
/* void */ ;
|
||||
@@ -49,12 +80,26 @@
|
||||
tcpd_warn("cannot fork: %m");
|
||||
break;
|
||||
case 00: /* child */
|
||||
+ /* Clear the blocked mask for the child not to be surprised. */
|
||||
+ sigprocmask(SIG_SETMASK, &empty_mask, 0);
|
||||
do_child(command);
|
||||
/* NOTREACHED */
|
||||
default: /* parent */
|
||||
- while ((wait_pid = wait((int *) 0)) != -1 && wait_pid != child_pid)
|
||||
- /* void */ ;
|
||||
+ our_child_pid = child_pid;
|
||||
+ sigprocmask(SIG_UNBLOCK, &new_mask, 0);
|
||||
+ while (waitpid(child_pid, (int *) 0, 0) == -1 && errno == EINTR);
|
||||
}
|
||||
+
|
||||
+ /*
|
||||
@ -44,6 +74,11 @@
|
||||
+ */
|
||||
+ sigprocmask(SIG_SETMASK, &old_mask, 0);
|
||||
+ sigaction(SIGCHLD, &old_action, 0);
|
||||
+
|
||||
+ /* If there was a foreign SIGCHLD, raise it after we have restored the old
|
||||
+ * mask and handler. */
|
||||
+ if (foreign_sigchld)
|
||||
+ raise(SIGCHLD);
|
||||
}
|
||||
|
||||
/* do_child - exec command with { stdin, stdout, stderr } to /dev/null */
|
||||
|
@ -1,7 +1,7 @@
|
||||
Summary: A security tool which acts as a wrapper for TCP daemons.
|
||||
Name: tcp_wrappers
|
||||
Version: 7.6
|
||||
Release: 45%{?dist}
|
||||
Release: 46%{?dist}
|
||||
|
||||
%define LIB_MAJOR 0
|
||||
%define LIB_MINOR 7
|
||||
@ -143,8 +143,11 @@ rm -rf ${RPM_BUILD_ROOT}
|
||||
%{_mandir}/man3/*
|
||||
|
||||
%changelog
|
||||
* Mon May 28 2007 Tomas Janousek <tjanouse@redhat.com> - 7.6-46
|
||||
- modified the fix for #112975 to fix #156373 as well
|
||||
|
||||
* Fri May 25 2007 Tomas Janousek <tjanouse@redhat.com> - 7.6-45
|
||||
- Unblock and catch SIGCHLD from spawned shell commands, fixes #112975
|
||||
- unblock and catch SIGCHLD from spawned shell commands, fixes #112975
|
||||
|
||||
* Mon Apr 16 2007 Tomas Janousek <tjanouse@redhat.com> - 7.6-44
|
||||
- added restore_sigalarm and siglongjmp patches from Debian, fixes #205129
|
||||
|
Loading…
Reference in New Issue
Block a user