emo/ndhc
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Add some more syscalls to the ndhc permit filter. Netlink sockets were

Browse Source 
broken before because of too-strict filters.

Move setup_signals under the seccomp filter to give it more testing coverage.

Make the UDP datagram length check much more strict.  If the read buffer
does not match up with the header lengths exactly, it is discarded.

Print a warning to syslog/stdout when ifchd execute_buffer() returns an
error.

Fix a regression introduced in ifchd that would cause the epoll handler to
spin when a client connection closed.
This commit is contained in:
Nicholas J. Kain
2012-07-20 18:48:26 -04:00
parent f9c2059d37
commit 2bf7306bb9
5 changed files with 24 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
ifchd/ifchd.c
View File

@@ -664,15 +664,20 @@ static void process_client_fd(int fd)
memset(buf, '\0', sizeof buf);
r = safe_read(cl->fd, buf, sizeof buf - 1);
if (r == 0)
return;
else if (r < 0) {
if (r == 0) {
// Remote end hung up.
goto fail;
} else if (r < 0) {
if (errno == EAGAIN || errno == EWOULDBLOCK)
return;
log_line("error reading from client fd: %s", strerror(errno));
goto fail;
}
if (execute_buffer(cl, buf) == -1)
if (execute_buffer(cl, buf) == -1) {
log_line("execute_buffer was passed invalid commands");
goto fail;
}
return;
fail:
ifchd_client_wipe(cl);