summaryrefslogtreecommitdiff
path: root/src/tls
diff options
context:
space:
mode:
authorLaurent Bercot <ska-skaware@skarnet.org>2021-06-02 08:54:17 +0000
committerLaurent Bercot <ska-skaware@skarnet.org>2021-06-02 08:54:17 +0000
commit9cfe27834a3014235526c60c52652399411993de (patch)
treef548574d0090d14b73d102822c8fe8c052fa32c9 /src/tls
parenta6c4fb25b60cbc83a4b8bdb756fcf9c69310e6ae (diff)
downloads6-networking-9cfe27834a3014235526c60c52652399411993de.tar.xz
Correctly clean up the environment for -z
Diffstat (limited to 'src/tls')
-rw-r--r--src/tls/deps-lib/s6tls1
-rw-r--r--src/tls/s6tls-internal.h5
-rw-r--r--src/tls/s6tls_clean_and_exec.c43
-rw-r--r--src/tls/s6tls_sync_and_exec_app.c23
-rw-r--r--src/tls/s6tls_ucspi_exec_app.c11
5 files changed, 54 insertions, 29 deletions
diff --git a/src/tls/deps-lib/s6tls b/src/tls/deps-lib/s6tls
index caa9872..f2306ac 100644
--- a/src/tls/deps-lib/s6tls
+++ b/src/tls/deps-lib/s6tls
@@ -1,3 +1,4 @@
+s6tls_clean_and_exec.o
s6tls_exec_tlscio.o
s6tls_exec_tlsdio.o
s6tls_sync_and_exec_app.o
diff --git a/src/tls/s6tls-internal.h b/src/tls/s6tls-internal.h
index 2ef3b81..d232266 100644
--- a/src/tls/s6tls-internal.h
+++ b/src/tls/s6tls-internal.h
@@ -3,16 +3,15 @@
#ifndef S6TLS_INTERNAL_H
#define S6TLS_INTERNAL_H
+#include <stddef.h>
#include <stdint.h>
-#include <unistd.h>
#include <skalibs/gccattributes.h>
-#define s6tls_envvars "CADIR\0CAFILE\0KEYFILE\0CERTFILE\0TLS_UID\0TLS_GID"
-
extern void s6tls_exec_tlscio (int const *, uint32_t, unsigned int, unsigned int, char const *) gccattr_noreturn ;
extern void s6tls_exec_tlsdio (int const *, uint32_t, unsigned int, unsigned int, unsigned int) gccattr_noreturn ;
extern void s6tls_sync_and_exec_app (char const *const *, int const [4][2], pid_t, uint32_t) gccattr_noreturn ;
extern void s6tls_ucspi_exec_app (char const *const *, int const [4][2], uint32_t) gccattr_noreturn ;
+extern void s6tls_clean_and_exec (char const *const *, uint32_t, char const *, size_t) gccattr_noreturn ;
#endif
diff --git a/src/tls/s6tls_clean_and_exec.c b/src/tls/s6tls_clean_and_exec.c
new file mode 100644
index 0000000..9432e3a
--- /dev/null
+++ b/src/tls/s6tls_clean_and_exec.c
@@ -0,0 +1,43 @@
+/* ISC license. */
+
+#include <stddef.h>
+
+#include <skalibs/posixplz.h>
+#include <skalibs/bytestr.h>
+#include <skalibs/env.h>
+#include <skalibs/exec.h>
+
+#include "s6tls-internal.h"
+
+void s6tls_clean_and_exec (char const *const *argv, uint32_t options, char const *modif, size_t modiflen)
+{
+ if (options & 1)
+ {
+ static char const *const toclean[] =
+ {
+ "CADIR=",
+ "CAFILE=",
+ "KEYFILE=",
+ "CERTFILE=",
+ "TLS_UID=",
+ "TLS_GID=",
+ "KEYFILE:",
+ "CERTFILE:",
+ 0
+ } ;
+ char const *const *envp = (char const *const *)environ ;
+ size_t m = 0 ;
+ size_t n = env_len(envp) ;
+ char const *newenvp[n + 1] ;
+ for (; *envp ; envp++)
+ {
+ char const *const *var = toclean ;
+ for (; *var ; var++)
+ if (str_start(*envp, *var)) break ;
+ if (!*var) newenvp[m++] = *envp ;
+ }
+ newenvp[m] = 0 ;
+ xmexec_fm(argv, newenvp, m, modif, modiflen) ;
+ }
+ else xmexec_m(argv, modif, modiflen) ;
+}
diff --git a/src/tls/s6tls_sync_and_exec_app.c b/src/tls/s6tls_sync_and_exec_app.c
index ff42d73..5c0180c 100644
--- a/src/tls/s6tls_sync_and_exec_app.c
+++ b/src/tls/s6tls_sync_and_exec_app.c
@@ -1,43 +1,32 @@
/* ISC license. */
-#include <stdint.h>
-#include <string.h>
#include <unistd.h>
#include <skalibs/strerr2.h>
#include <skalibs/djbunix.h>
-#include <skalibs/exec.h>
#include "s6tls-internal.h"
-#define MAXENVSIZE 2048
+#define MAXENVSIZE 4096
void s6tls_sync_and_exec_app (char const *const *argv, int const p[4][2], pid_t pid, uint32_t options)
{
- char buf[sizeof(s6tls_envvars) + MAXENVSIZE] ;
- size_t m = 0 ;
+ char buf[MAXENVSIZE] ;
ssize_t r ;
close(p[2][1]) ;
close(p[1][1]) ;
close(p[0][0]) ;
if (fd_move(p[3][0], p[1][0]) < 0 || fd_move(p[3][1], p[0][1]) < 0)
strerr_diefu1sys(111, "move file descriptors") ;
- if (options & 1)
- {
- memcpy(buf + m, s6tls_envvars, sizeof(s6tls_envvars)) ;
- m += sizeof(s6tls_envvars) ;
- }
- r = read(p[2][0], buf + m, MAXENVSIZE) ;
+ r = read(p[2][0], buf, MAXENVSIZE) ;
if (r < 0) strerr_diefu1sys(111, "read from handshake notification pipe") ;
if (!r)
{
int wstat ;
if (wait_pid(pid, &wstat) < 0)
- strerr_diefu1sys(111, "wait") ;
+ strerr_diefu1sys(111, "waitpid") ;
_exit(wait_estatus(wstat)) ;
}
- if (r >= MAXENVSIZE)
- strerr_dief1x(100, "SSL data too large") ;
- m += r - 1 ;
- xmexec_m(argv, buf, m) ;
+ if (r >= MAXENVSIZE) strerr_dief1x(101, "SSL data too large; recompile with a bigger MAXENVSIZE") ;
+ s6tls_clean_and_exec(argv, options, buf, r-1) ;
}
diff --git a/src/tls/s6tls_ucspi_exec_app.c b/src/tls/s6tls_ucspi_exec_app.c
index 34c05e2..6a319b6 100644
--- a/src/tls/s6tls_ucspi_exec_app.c
+++ b/src/tls/s6tls_ucspi_exec_app.c
@@ -1,26 +1,19 @@
/* ISC license. */
-#include <stdint.h>
#include <string.h>
#include <unistd.h>
#include <skalibs/types.h>
-#include <skalibs/exec.h>
#include "s6tls-internal.h"
void s6tls_ucspi_exec_app (char const *const *argv, int const p[4][2], uint32_t options)
{
size_t m = 0 ;
- char modif[sizeof(s6tls_envvars) + 33 + 3 * UINT_FMT] ;
+ char modif[33 + 3 * UINT_FMT] ;
close(p[2][1]) ;
close(p[1][1]) ;
close(p[0][0]) ;
- if (options & 1)
- {
- memcpy(modif + m, s6tls_envvars, sizeof(s6tls_envvars)) ;
- m += sizeof(s6tls_envvars) ;
- }
memcpy(modif + m, "SSLCTLFD=", 9) ; m += 9 ;
m += uint_fmt(modif + m, p[2][0]) ;
modif[m++] = 0 ;
@@ -30,5 +23,5 @@ void s6tls_ucspi_exec_app (char const *const *argv, int const p[4][2], uint32_t
memcpy(modif + m, "SSLWRITEFD=", 11) ; m += 11 ;
m += uint_fmt(modif + m, p[0][1]) ;
modif[m++] = 0 ;
- xmexec_m(argv, modif, m) ;
+ s6tls_clean_and_exec(argv, options, modif, m) ;
}