From: ian Date: Sun, 29 Jun 2003 22:31:14 +0000 (+0000) Subject: @@ -1,10 +1,12 @@ X-Git-Tag: debian_version_1_2_0~11 X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~ian/git?p=authbind.git;a=commitdiff_plain;h=039d1df0a7df9db6a2ff34ae3bb210f00dc4efc9 @@ -1,10 +1,12 @@ authbind (1.1.6) unstable; urgency=low - * Do not Build-Depends: libc6-dev (it's build-essential). + * Block signals during our child's execution. Closes #186439. * manpage: fix subtle error in description of interaction between set-id and LD_PRELOAD. Closes #36890. * Say in manpage that we may not work properly with multithreaded programs. See also Bug#186439. + * Make sure we don't try to encode errno's >127 in a status code. + * Do not Build-Depends: libc6-dev (it's build-essential). -- --- diff --git a/debian/changelog b/debian/changelog index 2d0d3cd..438c022 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,10 +1,12 @@ authbind (1.1.6) unstable; urgency=low - * Do not Build-Depends: libc6-dev (it's build-essential). + * Block signals during our child's execution. Closes #186439. * manpage: fix subtle error in description of interaction between set-id and LD_PRELOAD. Closes #36890. * Say in manpage that we may not work properly with multithreaded programs. See also Bug#186439. + * Make sure we don't try to encode errno's >127 in a status code. + * Do not Build-Depends: libc6-dev (it's build-essential). -- diff --git a/libauthbind.c b/libauthbind.c index dc004a3..a16f835 100644 --- a/libauthbind.c +++ b/libauthbind.c @@ -141,28 +141,39 @@ int _init(void) { return 0; } +static const int evilsignals[]= { SIGFPE, SIGILL, SIGSEGV, SIGBUS, 0 }; + int bind(int fd, const struct sockaddr *addr, socklen_t addrlen) { pid_t child, rchild; char portarg[5], addrarg[9]; - int status; + int r, status; + const int *evilsignal; + sigset_t block, saved; if (addr->sa_family != AF_INET || addrlen != sizeof(struct sockaddr_in) || !geteuid() || ((struct sockaddr_in*)addr)->sin_port == 0 || ntohs(((struct sockaddr_in*)addr)->sin_port) >= IPPORT_RESERVED/2) return old_bind(fd,addr,addrlen); + sigfillset(&block); + for (evilsignal=evilsignals; + *evilsignal; + evilsignal++) + sigdelset(&block,*evilsignal); + if (sigprocmask(SIG_BLOCK,&block,&saved)) return -1; + sprintf(addrarg,"%08lx", ((unsigned long)(((struct sockaddr_in*)addr)->sin_addr.s_addr))&0x0ffffffffUL); sprintf(portarg,"%04x", ((unsigned int)(((struct sockaddr_in*)addr)->sin_port))&0x0ffff); - child= fork(); if (child==-1) return -1; + child= fork(); if (child==-1) goto x_err; if (!child) { if (dup2(fd,0)) exiterrno(errno); removepreload(); execl(HELPER,HELPER,addrarg,portarg,(char*)0); - status= errno; + status= errno > 0 && errno < 127 ? errno : 127; STDERRSTR_CONST("libauthbind: possible installation problem - " "could not invoke " HELPER " ("); STDERRSTR_STRING(rcsid); @@ -171,14 +182,25 @@ int bind(int fd, const struct sockaddr *addr, socklen_t addrlen) { } rchild= waitpid(child,&status,0); - if (rchild==-1) return -1; - if (rchild!=child) { errno= ECHILD; return -1; } + if (rchild==-1) goto x_err; + if (rchild!=child) { errno= ECHILD; goto x_err; } if (WIFEXITED(status)) { - if (WEXITSTATUS(status)) { errno= WEXITSTATUS(status); return -1; } - return 0; + if (WEXITSTATUS(status)) { + errno= WEXITSTATUS(status); + if (errno >= 127) errno= ENXIO; + goto x_err; + } + r= 0; + goto x; } else { errno= ENOSYS; - return -1; + goto x_err; } + +x_err: + r= -1; +x: + if (sigprocmask(SIG_SETMASK,&saved,0)) abort(); + return r; }