Fri Feb 16 18:24:08 IST 2007 Mark McLoughlin <markmc@redhat.com>

* qemud/qemud.c, qemud/bridge.c, qemud/iptables.c: fix
	our FD_CLOEXEC usage so that all fds which should be
	closed on exec are marked as such and that we leave
	exec() to do the actual closing.
This commit is contained in:
Mark McLoughlin 2007-02-16 18:26:18 +00:00
parent 80820ec7a9
commit 49dcc264e5
4 changed files with 38 additions and 49 deletions

View File

@ -1,3 +1,10 @@
Fri Feb 16 18:24:08 IST 2007 Mark McLoughlin <markmc@redhat.com>
* qemud/qemud.c, qemud/bridge.c, qemud/iptables.c: fix
our FD_CLOEXEC usage so that all fds which should be
closed on exec are marked as such and that we leave
exec() to do the actual closing.
Fri Feb 16 18:23:15 IST 2007 Mark McLoughlin <markmc@redhat.com> Fri Feb 16 18:23:15 IST 2007 Mark McLoughlin <markmc@redhat.com>
* qemud/qemud.c: fix qemudEnableIpForwarding() to not leak * qemud/qemud.c: fix qemudEnableIpForwarding() to not leak

View File

@ -54,6 +54,7 @@ int
brInit(brControl **ctlp) brInit(brControl **ctlp)
{ {
int fd; int fd;
int flags;
if (!ctlp || *ctlp) if (!ctlp || *ctlp)
return EINVAL; return EINVAL;
@ -62,6 +63,13 @@ brInit(brControl **ctlp)
if (fd < 0) if (fd < 0)
return errno; return errno;
if ((flags = fcntl(fd, F_GETFD)) < 0 ||
fcntl(fd, F_SETFD, flags | FD_CLOEXEC) < 0) {
int err = errno;
close(fd);
return err;
}
*ctlp = (brControl *)malloc(sizeof(struct _brControl)); *ctlp = (brControl *)malloc(sizeof(struct _brControl));
if (!*ctlp) if (!*ctlp)
return ENOMEM; return ENOMEM;

View File

@ -317,15 +317,11 @@ iptablesSpawn(int errors, char * const *argv)
} }
if (pid == 0) { /* child */ if (pid == 0) { /* child */
int i, open_max = sysconf(_SC_OPEN_MAX); if (errors == NO_ERRORS) {
dup2(null, STDIN_FILENO);
for (i = 0; i < open_max; i++) { dup2(null, STDOUT_FILENO);
if (i != STDOUT_FILENO && dup2(null, STDERR_FILENO);
i != STDERR_FILENO && close(null);
i != STDIN_FILENO)
close(i);
else if (errors == NO_ERRORS)
dup2(null, i);
} }
execvp(argv[0], argv); execvp(argv[0], argv);

View File

@ -85,7 +85,7 @@ static int qemudGoDaemon(void) {
{ {
int stdinfd = -1; int stdinfd = -1;
int stdoutfd = -1; int stdoutfd = -1;
int i, open_max, nextpid; int nextpid;
if ((stdinfd = open(_PATH_DEVNULL, O_RDONLY)) < 0) if ((stdinfd = open(_PATH_DEVNULL, O_RDONLY)) < 0)
goto cleanup; goto cleanup;
@ -104,13 +104,6 @@ static int qemudGoDaemon(void) {
goto cleanup; goto cleanup;
stdoutfd = -1; stdoutfd = -1;
open_max = sysconf (_SC_OPEN_MAX);
for (i = 0; i < open_max; i++)
if (i != STDIN_FILENO &&
i != STDOUT_FILENO &&
i != STDERR_FILENO)
close(i);
if (setsid() < 0) if (setsid() < 0)
goto cleanup; goto cleanup;
@ -352,24 +345,9 @@ static int qemudDispatchServer(struct qemud_server *server, struct qemud_socket
} }
static int
qemudLeaveFdOpen(int *openfds, int fd)
{
int i;
if (!openfds)
return 0;
for (i = 0; openfds[i] != -1; i++)
if (fd == openfds[i])
return 1;
return 0;
}
static int static int
qemudExec(struct qemud_server *server, char **argv, qemudExec(struct qemud_server *server, char **argv,
int *retpid, int *outfd, int *errfd, int *openfds) { int *retpid, int *outfd, int *errfd) {
int pid, null; int pid, null;
int pipeout[2] = {-1,-1}; int pipeout[2] = {-1,-1};
int pipeerr[2] = {-1,-1}; int pipeerr[2] = {-1,-1};
@ -398,11 +376,13 @@ qemudExec(struct qemud_server *server, char **argv,
if (outfd) { if (outfd) {
close(pipeout[1]); close(pipeout[1]);
qemudSetNonBlock(pipeout[0]); qemudSetNonBlock(pipeout[0]);
qemudSetCloseExec(pipeout[0]);
*outfd = pipeout[0]; *outfd = pipeout[0];
} }
if (errfd) { if (errfd) {
close(pipeerr[1]); close(pipeerr[1]);
qemudSetNonBlock(pipeerr[0]); qemudSetNonBlock(pipeerr[0]);
qemudSetCloseExec(pipeerr[0]);
*errfd = pipeerr[0]; *errfd = pipeerr[0];
} }
*retpid = pid; *retpid = pid;
@ -423,13 +403,11 @@ qemudExec(struct qemud_server *server, char **argv,
if (dup2(pipeerr[1] > 0 ? pipeerr[1] : null, STDERR_FILENO) < 0) if (dup2(pipeerr[1] > 0 ? pipeerr[1] : null, STDERR_FILENO) < 0)
_exit(1); _exit(1);
int i, open_max = sysconf (_SC_OPEN_MAX); close(null);
for (i = 0; i < open_max; i++) if (pipeout[1] > 0)
if (i != STDOUT_FILENO && close(pipeout[1]);
i != STDERR_FILENO && if (pipeerr[1] > 0)
i != STDIN_FILENO && close(pipeerr[1]);
!qemudLeaveFdOpen(openfds, i))
close(i);
execvp(argv[0], argv); execvp(argv[0], argv);
@ -439,13 +417,13 @@ qemudExec(struct qemud_server *server, char **argv,
cleanup: cleanup:
if (pipeerr[0] > 0) if (pipeerr[0] > 0)
close(pipeerr[0] > 0); close(pipeerr[0]);
if (pipeerr[1]) if (pipeerr[1] > 0)
close(pipeerr[1] > 0); close(pipeerr[1]);
if (pipeout[0]) if (pipeout[0] > 0)
close(pipeout[0] > 0); close(pipeout[0]);
if (pipeout[1]) if (pipeout[1] > 0)
close(pipeout[1] > 0); close(pipeout[1]);
if (null > 0) if (null > 0)
close(null); close(null);
return -1; return -1;
@ -465,7 +443,7 @@ int qemudStartVMDaemon(struct qemud_server *server,
if (qemudBuildCommandLine(server, vm, &argv) < 0) if (qemudBuildCommandLine(server, vm, &argv) < 0)
return -1; return -1;
if (qemudExec(server, argv, &vm->pid, &vm->stdout, &vm->stderr, vm->tapfds) == 0) { if (qemudExec(server, argv, &vm->pid, &vm->stdout, &vm->stderr) == 0) {
vm->id = server->nextvmid++; vm->id = server->nextvmid++;
ret = 0; ret = 0;
} }
@ -861,7 +839,7 @@ dhcpStartDhcpDaemon(struct qemud_server *server,
if (qemudBuildDnsmasqArgv(server, network, &argv) < 0) if (qemudBuildDnsmasqArgv(server, network, &argv) < 0)
return -1; return -1;
ret = qemudExec(server, argv, &network->dnsmasqPid, NULL, NULL, NULL); ret = qemudExec(server, argv, &network->dnsmasqPid, NULL, NULL);
for (i = 0; argv[i]; i++) for (i = 0; argv[i]; i++)
free(argv[i]); free(argv[i]);