X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~ian/git?p=secnet.git;a=blobdiff_plain;f=process.c;h=babcaaca74b72cf3369088c1df14e66b14da535f;hp=8e464beb464707b5761338b0b29b81f62bacdfde;hb=fe5e9cc422cd72526ccfceffbc7e5af8ac83b407;hpb=794f2398b8fe84bf398bb10d6eeca6fe6737f65f

diff --git a/process.c b/process.c
index 8e464be..babcaac 100644
--- a/process.c
+++ b/process.c
@@ -30,7 +30,7 @@ static sigset_t registered,pending;
 
 struct child {
     pid_t pid;
-    string_t desc;
+    cstring_t desc;
     process_callback_fn *cb;
     void *cst;
     bool_t finished;
@@ -57,7 +57,7 @@ static void set_default_signals(void);
    their exit status using the callback function.  We block SIGCHLD
    until signal processing has begun. */
 pid_t makesubproc(process_entry_fn *entry, process_callback_fn *cb,
-		 void *est, void *cst, string_t desc)
+		 void *est, void *cst, cstring_t desc)
 {
     struct child *c;
     pid_t p;
@@ -68,7 +68,7 @@ pid_t makesubproc(process_entry_fn *entry, process_callback_fn *cb,
     c->cst=cst;
 
     if (!signal_handling) {
-	fatal("makesubproc called before signal handling started\n");
+	fatal("makesubproc called before signal handling started");
     }
     p=fork();
     if (p==0) {
@@ -140,7 +140,7 @@ static void sigchld_handler(void *st, int signum)
     }
 }
 
-int sys_cmd(const char *path, char *arg, ...)
+int sys_cmd(const char *path, const char *arg, ...)
 {
     va_list ap;
     int rv;
@@ -155,7 +155,12 @@ int sys_cmd(const char *path, char *arg, ...)
 	char *args[100];
 	int i;
 	/* Child -> exec command */
-	args[0]=arg;
+	/* Really we ought to strcpy() the arguments into the args array,
+	   since the arguments are const char *.  Since we'll exit anyway
+	   if the execvp() fails this seems somewhat pointless, and
+	   increases the chance of the child process failing before it
+	   gets to exec(). */
+	args[0]=(char *)arg;
 	i=1;
 	while ((args[i++]=va_arg(ap,char *)));
 	execvp(path,args);
@@ -234,11 +239,21 @@ static void set_default_signals(void)
 
 static void signal_handler(int signum)
 {
+    int saved_errno;
     uint8_t thing=0;
     sigaddset(&pending,signum);
+    /* XXX the write() may set errno, which can make the main program fail.
+       However, signal handlers aren't allowed to modify anything which
+       is not of type sig_atomic_t.  The world is broken. */
+    /* I have decided to save and restore errno anyway; on most
+       architectures on which secnet can run modifications to errno
+       will be atomic, and it seems to be the lesser of the two
+       evils. */
+    saved_errno=errno;
     write(spw,&thing,1); /* We don't care if this fails (i.e. the pipe
 			    is full) because the service routine will
 			    spot the pending signal anyway */
+    errno=saved_errno;
 }
 
 static void register_signal_handler(struct signotify *s)