diff options
| author | Laurent Bercot <ska-skaware@skarnet.org> | 2021-06-02 08:54:17 +0000 |
|---|---|---|
| committer | Laurent Bercot <ska-skaware@skarnet.org> | 2021-06-02 08:54:17 +0000 |
| commit | 9cfe27834a3014235526c60c52652399411993de (patch) | |
| tree | f548574d0090d14b73d102822c8fe8c052fa32c9 /src | |
| parent | a6c4fb25b60cbc83a4b8bdb756fcf9c69310e6ae (diff) | |
| download | s6-networking-9cfe27834a3014235526c60c52652399411993de.tar.xz | |
Correctly clean up the environment for -z
Diffstat (limited to 'src')
| -rw-r--r-- | src/tls/deps-lib/s6tls | 1 | ||||
| -rw-r--r-- | src/tls/s6tls-internal.h | 5 | ||||
| -rw-r--r-- | src/tls/s6tls_clean_and_exec.c | 43 | ||||
| -rw-r--r-- | src/tls/s6tls_sync_and_exec_app.c | 23 | ||||
| -rw-r--r-- | src/tls/s6tls_ucspi_exec_app.c | 11 |
5 files changed, 54 insertions, 29 deletions
diff --git a/src/tls/deps-lib/s6tls b/src/tls/deps-lib/s6tls index caa9872..f2306ac 100644 --- a/src/tls/deps-lib/s6tls +++ b/src/tls/deps-lib/s6tls @@ -1,3 +1,4 @@ +s6tls_clean_and_exec.o s6tls_exec_tlscio.o s6tls_exec_tlsdio.o s6tls_sync_and_exec_app.o diff --git a/src/tls/s6tls-internal.h b/src/tls/s6tls-internal.h index 2ef3b81..d232266 100644 --- a/src/tls/s6tls-internal.h +++ b/src/tls/s6tls-internal.h @@ -3,16 +3,15 @@ #ifndef S6TLS_INTERNAL_H #define S6TLS_INTERNAL_H +#include <stddef.h> #include <stdint.h> -#include <unistd.h> #include <skalibs/gccattributes.h> -#define s6tls_envvars "CADIR\0CAFILE\0KEYFILE\0CERTFILE\0TLS_UID\0TLS_GID" - extern void s6tls_exec_tlscio (int const *, uint32_t, unsigned int, unsigned int, char const *) gccattr_noreturn ; extern void s6tls_exec_tlsdio (int const *, uint32_t, unsigned int, unsigned int, unsigned int) gccattr_noreturn ; extern void s6tls_sync_and_exec_app (char const *const *, int const [4][2], pid_t, uint32_t) gccattr_noreturn ; extern void s6tls_ucspi_exec_app (char const *const *, int const [4][2], uint32_t) gccattr_noreturn ; +extern void s6tls_clean_and_exec (char const *const *, uint32_t, char const *, size_t) gccattr_noreturn ; #endif diff --git a/src/tls/s6tls_clean_and_exec.c b/src/tls/s6tls_clean_and_exec.c new file mode 100644 index 0000000..9432e3a --- /dev/null +++ b/src/tls/s6tls_clean_and_exec.c @@ -0,0 +1,43 @@ +/* ISC license. */ + +#include <stddef.h> + +#include <skalibs/posixplz.h> +#include <skalibs/bytestr.h> +#include <skalibs/env.h> +#include <skalibs/exec.h> + +#include "s6tls-internal.h" + +void s6tls_clean_and_exec (char const *const *argv, uint32_t options, char const *modif, size_t modiflen) +{ + if (options & 1) + { + static char const *const toclean[] = + { + "CADIR=", + "CAFILE=", + "KEYFILE=", + "CERTFILE=", + "TLS_UID=", + "TLS_GID=", + "KEYFILE:", + "CERTFILE:", + 0 + } ; + char const *const *envp = (char const *const *)environ ; + size_t m = 0 ; + size_t n = env_len(envp) ; + char const *newenvp[n + 1] ; + for (; *envp ; envp++) + { + char const *const *var = toclean ; + for (; *var ; var++) + if (str_start(*envp, *var)) break ; + if (!*var) newenvp[m++] = *envp ; + } + newenvp[m] = 0 ; + xmexec_fm(argv, newenvp, m, modif, modiflen) ; + } + else xmexec_m(argv, modif, modiflen) ; +} diff --git a/src/tls/s6tls_sync_and_exec_app.c b/src/tls/s6tls_sync_and_exec_app.c index ff42d73..5c0180c 100644 --- a/src/tls/s6tls_sync_and_exec_app.c +++ b/src/tls/s6tls_sync_and_exec_app.c @@ -1,43 +1,32 @@ /* ISC license. */ -#include <stdint.h> -#include <string.h> #include <unistd.h> #include <skalibs/strerr2.h> #include <skalibs/djbunix.h> -#include <skalibs/exec.h> #include "s6tls-internal.h" -#define MAXENVSIZE 2048 +#define MAXENVSIZE 4096 void s6tls_sync_and_exec_app (char const *const *argv, int const p[4][2], pid_t pid, uint32_t options) { - char buf[sizeof(s6tls_envvars) + MAXENVSIZE] ; - size_t m = 0 ; + char buf[MAXENVSIZE] ; ssize_t r ; close(p[2][1]) ; close(p[1][1]) ; close(p[0][0]) ; if (fd_move(p[3][0], p[1][0]) < 0 || fd_move(p[3][1], p[0][1]) < 0) strerr_diefu1sys(111, "move file descriptors") ; - if (options & 1) - { - memcpy(buf + m, s6tls_envvars, sizeof(s6tls_envvars)) ; - m += sizeof(s6tls_envvars) ; - } - r = read(p[2][0], buf + m, MAXENVSIZE) ; + r = read(p[2][0], buf, MAXENVSIZE) ; if (r < 0) strerr_diefu1sys(111, "read from handshake notification pipe") ; if (!r) { int wstat ; if (wait_pid(pid, &wstat) < 0) - strerr_diefu1sys(111, "wait") ; + strerr_diefu1sys(111, "waitpid") ; _exit(wait_estatus(wstat)) ; } - if (r >= MAXENVSIZE) - strerr_dief1x(100, "SSL data too large") ; - m += r - 1 ; - xmexec_m(argv, buf, m) ; + if (r >= MAXENVSIZE) strerr_dief1x(101, "SSL data too large; recompile with a bigger MAXENVSIZE") ; + s6tls_clean_and_exec(argv, options, buf, r-1) ; } diff --git a/src/tls/s6tls_ucspi_exec_app.c b/src/tls/s6tls_ucspi_exec_app.c index 34c05e2..6a319b6 100644 --- a/src/tls/s6tls_ucspi_exec_app.c +++ b/src/tls/s6tls_ucspi_exec_app.c @@ -1,26 +1,19 @@ /* ISC license. */ -#include <stdint.h> #include <string.h> #include <unistd.h> #include <skalibs/types.h> -#include <skalibs/exec.h> #include "s6tls-internal.h" void s6tls_ucspi_exec_app (char const *const *argv, int const p[4][2], uint32_t options) { size_t m = 0 ; - char modif[sizeof(s6tls_envvars) + 33 + 3 * UINT_FMT] ; + char modif[33 + 3 * UINT_FMT] ; close(p[2][1]) ; close(p[1][1]) ; close(p[0][0]) ; - if (options & 1) - { - memcpy(modif + m, s6tls_envvars, sizeof(s6tls_envvars)) ; - m += sizeof(s6tls_envvars) ; - } memcpy(modif + m, "SSLCTLFD=", 9) ; m += 9 ; m += uint_fmt(modif + m, p[2][0]) ; modif[m++] = 0 ; @@ -30,5 +23,5 @@ void s6tls_ucspi_exec_app (char const *const *argv, int const p[4][2], uint32_t memcpy(modif + m, "SSLWRITEFD=", 11) ; m += 11 ; m += uint_fmt(modif + m, p[0][1]) ; modif[m++] = 0 ; - xmexec_m(argv, modif, m) ; + s6tls_clean_and_exec(argv, options, modif, m) ; } |