From 08e88c5efc65a6f49da40aa002bc5f4b0ebee49d Mon Sep 17 00:00:00 2001
From: Laurent Bercot <ska-skaware@skarnet.org>
Date: Sat, 26 Nov 2016 10:04:40 +0000
Subject:  Add -z option to s6-tlsc/s6-tlsd to clean TLS env vars before
 spawning (default)

---
 src/sbearssl/deps-lib/sbearssl | 1 +
 src/sbearssl/sbearssl_s6tlsc.c | 3 ++-
 src/sbearssl/sbearssl_s6tlsd.c | 3 ++-
 3 files changed, 5 insertions(+), 2 deletions(-)

(limited to 'src/sbearssl')

diff --git a/src/sbearssl/deps-lib/sbearssl b/src/sbearssl/deps-lib/sbearssl
index 0b7b02f..4e2d76c 100644
--- a/src/sbearssl/deps-lib/sbearssl
+++ b/src/sbearssl/deps-lib/sbearssl
@@ -31,4 +31,5 @@ sbearssl_ta_to.o
 sbearssl_s6tlsc.o
 sbearssl_s6tlsd.o
 -lbearssl
+-ls6net
 -lskarnet
diff --git a/src/sbearssl/sbearssl_s6tlsc.c b/src/sbearssl/sbearssl_s6tlsc.c
index 8bc8f65..5665edc 100644
--- a/src/sbearssl/sbearssl_s6tlsc.c
+++ b/src/sbearssl/sbearssl_s6tlsc.c
@@ -11,6 +11,7 @@
 #include <skalibs/genalloc.h>
 #include <skalibs/djbunix.h>
 #include <skalibs/random.h>
+#include <s6-networking/s6net-utils.h>
 #include <s6-networking/sbearssl.h>
 
 int sbearssl_s6tlsc (char const *const *argv, char const *const *envp, tain_t const *tto, uint32_t preoptions, uint32_t options, uid_t uid, gid_t gid, unsigned int verbosity, char const *servername, int *sfd)
@@ -65,7 +66,7 @@ int sbearssl_s6tlsc (char const *const *argv, char const *const *envp, tain_t co
     br_ssl_engine_inject_entropy(&cc.eng, buf, 32) ;
     random_finish() ;
 
-    pid = child_spawn2(argv[0], argv, envp, fds) ;
+    pid = s6net_clean_tls_and_spawn(argv, envp, fds, !!(preoptions & 2)) ;
     if (gid && setgid(gid) < 0) strerr_diefu1sys(111, "setgid") ;
     if (uid && setuid(uid) < 0) strerr_diefu1sys(111, "setuid") ;
 
diff --git a/src/sbearssl/sbearssl_s6tlsd.c b/src/sbearssl/sbearssl_s6tlsd.c
index 35dd18a..3a27e9f 100644
--- a/src/sbearssl/sbearssl_s6tlsd.c
+++ b/src/sbearssl/sbearssl_s6tlsd.c
@@ -11,6 +11,7 @@
 #include <skalibs/genalloc.h>
 #include <skalibs/djbunix.h>
 #include <skalibs/random.h>
+#include <s6-networking/s6net-utils.h>
 #include <s6-networking/sbearssl.h>
 
 int sbearssl_s6tlsd (char const *const *argv, char const *const *envp, tain_t const *tto, uint32_t preoptions, uint32_t options, uid_t uid, gid_t gid, unsigned int verbosity)
@@ -90,7 +91,7 @@ int sbearssl_s6tlsd (char const *const *argv, char const *const *envp, tain_t co
     br_ssl_engine_inject_entropy(&sc.eng, buf, 32) ;
     random_finish() ;
 
-    pid = child_spawn2(argv[0], argv, envp, fds) ;
+    pid = s6net_clean_tls_and_spawn(argv, envp, fds, !!(preoptions & 2)) ;
     if (!pid) strerr_diefu2sys(111, "spawn ", argv[0]) ;
     if (gid && setgid(gid) < 0) strerr_diefu1sys(111, "setgid") ;
     if (uid && setuid(uid) < 0) strerr_diefu1sys(111, "setuid") ;
-- 
cgit v1.2.3