chiark
/
gitweb
/
~ian
/
authbind.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
* Set SHELL=/bin/bash in debian/rules. Closes #374586.
[authbind.git]
/
libauthbind.c
diff --git
a/libauthbind.c
b/libauthbind.c
index dd5c4841c314ff22f3d14768deb1e4926e9a4302..99a7f3f7eaa9ef3c461f376eda07d1a804e535a6 100644
(file)
--- a/
libauthbind.c
+++ b/
libauthbind.c
@@
-25,6
+25,7
@@
#include <unistd.h>
#include <errno.h>
#include <stdlib.h>
#include <unistd.h>
#include <errno.h>
#include <stdlib.h>
+#include <signal.h>
#include <string.h>
#include <sys/socket.h>
#include <sys/wait.h>
#include <string.h>
#include <sys/socket.h>
#include <sys/wait.h>
@@
-40,13
+41,11
@@
typedef int bindfn_type(int fd, const struct sockaddr *addr, socklen_t addrlen);
#define STDERRSTR_CONST(m) write(2,m,sizeof(m)-1)
#define STDERRSTR_STRING(m) write(2,m,strlen(m))
#define STDERRSTR_CONST(m) write(2,m,sizeof(m)-1)
#define STDERRSTR_STRING(m) write(2,m,strlen(m))
-static
int find_any(const char *name, anyfn_type **keep
) {
+static
anyfn_type *find_any(const char *name
) {
static const char *dlerr;
anyfn_type *kv;
static const char *dlerr;
anyfn_type *kv;
- if (*keep) return 0;
- kv= dlsym(RTLD_NEXT,name);
- if (kv) { *keep= kv; return 0; }
+ kv= dlsym(RTLD_NEXT,name); if (kv) return kv;
dlerr= dlerror(); if (!dlerr) dlerr= "dlsym() failed for no reason";
STDERRSTR_CONST("libauthbind: error finding original version of ");
STDERRSTR_STRING(name);
dlerr= dlerror(); if (!dlerr) dlerr= "dlsym() failed for no reason";
STDERRSTR_CONST("libauthbind: error finding original version of ");
STDERRSTR_STRING(name);
@@
-54,14
+53,14
@@
static int find_any(const char *name, anyfn_type **keep) {
STDERRSTR_STRING(dlerr);
STDERRSTR_STRING("\n");
errno= ENOSYS;
STDERRSTR_STRING(dlerr);
STDERRSTR_STRING("\n");
errno= ENOSYS;
- return
-1
;
+ return
0
;
}
static bindfn_type find_bind, *old_bind= find_bind;
int find_bind(int fd, const struct sockaddr *addr, socklen_t addrlen) {
anyfn_type *anyfn;
}
static bindfn_type find_bind, *old_bind= find_bind;
int find_bind(int fd, const struct sockaddr *addr, socklen_t addrlen) {
anyfn_type *anyfn;
-
if (find_any("bind",&anyfn)
) return -1;
+
anyfn= find_any("bind"); if (!anyfn
) return -1;
old_bind= (bindfn_type*)anyfn;
return old_bind(fd,addr,addrlen);
}
old_bind= (bindfn_type*)anyfn;
return old_bind(fd,addr,addrlen);
}
@@
-143,27
+142,39
@@
int _init(void) {
return 0;
}
return 0;
}
+static const int evilsignals[]= { SIGFPE, SIGILL, SIGSEGV, SIGBUS, 0 };
+
int bind(int fd, const struct sockaddr *addr, socklen_t addrlen) {
pid_t child, rchild;
char portarg[5], addrarg[9];
int bind(int fd, const struct sockaddr *addr, socklen_t addrlen) {
pid_t child, rchild;
char portarg[5], addrarg[9];
- int status;
+ int r, status;
+ const int *evilsignal;
+ sigset_t block, saved;
if (addr->sa_family != AF_INET || addrlen != sizeof(struct sockaddr_in) ||
if (addr->sa_family != AF_INET || addrlen != sizeof(struct sockaddr_in) ||
- ntohs(((struct sockaddr_in*)addr)->sin_port) >= IPPORT_RESERVED/2 || !geteuid())
+ !geteuid() || ((struct sockaddr_in*)addr)->sin_port == 0 ||
+ ntohs(((struct sockaddr_in*)addr)->sin_port) >= IPPORT_RESERVED/2)
return old_bind(fd,addr,addrlen);
return old_bind(fd,addr,addrlen);
+ sigfillset(&block);
+ for (evilsignal=evilsignals;
+ *evilsignal;
+ evilsignal++)
+ sigdelset(&block,*evilsignal);
+ if (sigprocmask(SIG_BLOCK,&block,&saved)) return -1;
+
sprintf(addrarg,"%08lx",
((unsigned long)(((struct sockaddr_in*)addr)->sin_addr.s_addr))&0x0ffffffffUL);
sprintf(portarg,"%04x",
((unsigned int)(((struct sockaddr_in*)addr)->sin_port))&0x0ffff);
sprintf(addrarg,"%08lx",
((unsigned long)(((struct sockaddr_in*)addr)->sin_addr.s_addr))&0x0ffffffffUL);
sprintf(portarg,"%04x",
((unsigned int)(((struct sockaddr_in*)addr)->sin_port))&0x0ffff);
- child= fork(); if (child==-1)
return -1
;
+ child= fork(); if (child==-1)
goto x_err
;
if (!child) {
if (dup2(fd,0)) exiterrno(errno);
removepreload();
execl(HELPER,HELPER,addrarg,portarg,(char*)0);
if (!child) {
if (dup2(fd,0)) exiterrno(errno);
removepreload();
execl(HELPER,HELPER,addrarg,portarg,(char*)0);
- status= errno;
+ status= errno
> 0 && errno < 127 ? errno : 127
;
STDERRSTR_CONST("libauthbind: possible installation problem - "
"could not invoke " HELPER " (");
STDERRSTR_STRING(rcsid);
STDERRSTR_CONST("libauthbind: possible installation problem - "
"could not invoke " HELPER " (");
STDERRSTR_STRING(rcsid);
@@
-172,14
+183,25
@@
int bind(int fd, const struct sockaddr *addr, socklen_t addrlen) {
}
rchild= waitpid(child,&status,0);
}
rchild= waitpid(child,&status,0);
- if (rchild==-1)
return -1
;
- if (rchild!=child) { errno= ECHILD;
return -1
; }
+ if (rchild==-1)
goto x_err
;
+ if (rchild!=child) { errno= ECHILD;
goto x_err
; }
if (WIFEXITED(status)) {
if (WIFEXITED(status)) {
- if (WEXITSTATUS(status)) { errno= WEXITSTATUS(status); return -1; }
- return 0;
+ if (WEXITSTATUS(status)) {
+ errno= WEXITSTATUS(status);
+ if (errno >= 127) errno= ENXIO;
+ goto x_err;
+ }
+ r= 0;
+ goto x;
} else {
errno= ENOSYS;
} else {
errno= ENOSYS;
-
return -1
;
+
goto x_err
;
}
}
+
+x_err:
+ r= -1;
+x:
+ if (sigprocmask(SIG_SETMASK,&saved,0)) abort();
+ return r;
}
}