From 08e88c5efc65a6f49da40aa002bc5f4b0ebee49d Mon Sep 17 00:00:00 2001 From: Laurent Bercot Date: Sat, 26 Nov 2016 10:04:40 +0000 Subject: Add -z option to s6-tlsc/s6-tlsd to clean TLS env vars before spawning (default) --- src/libs6net/deps-lib/s6net | 1 + src/libs6net/s6net_clean_tls_and_spawn.c | 21 +++++++++++++++++++++ 2 files changed, 22 insertions(+) create mode 100644 src/libs6net/s6net_clean_tls_and_spawn.c (limited to 'src/libs6net') diff --git a/src/libs6net/deps-lib/s6net b/src/libs6net/deps-lib/s6net index 27067c4..b8be843 100644 --- a/src/libs6net/deps-lib/s6net +++ b/src/libs6net/deps-lib/s6net @@ -2,4 +2,5 @@ s6net_ident_client.o s6net_ident_reply_get.o s6net_ident_reply_parse.o s6net_ident_error.o +s6net_clean_tls_and_spawn.o -lskarnet diff --git a/src/libs6net/s6net_clean_tls_and_spawn.c b/src/libs6net/s6net_clean_tls_and_spawn.c new file mode 100644 index 0000000..67ba79b --- /dev/null +++ b/src/libs6net/s6net_clean_tls_and_spawn.c @@ -0,0 +1,21 @@ +/* ISC license. */ + +#include +#include +#include +#include + +pid_t s6net_clean_tls_and_spawn (char const *const *argv, char const *const *envp, int *fds, uint32_t options) +{ + if (!(options & 1)) return child_spawn2(argv[0], argv, envp, fds) ; + else + { + char const modifs[] = "CADIR\0CAFILE\0KEYFILE\0CERTFILE\0TLS_UID\0TLS_GID" ; + size_t modiflen = sizeof(modifs) ; + size_t n = env_len(envp) ; + char const *newenv[n + 7] ; + size_t newenvlen = env_merge(newenv, n+7, envp, n, modifs, modiflen) ; + if (!newenvlen) return 0 ; + return child_spawn2(argv[0], argv, newenv, fds) ; + } +} -- cgit v1.2.3