gnunet-svn
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[GNUnet-SVN] r22203 - in libmicrohttpd: . src/daemon

From: gnunet
Subject: [GNUnet-SVN] r22203 - in libmicrohttpd: . src/daemon
Date: Fri, 22 Jun 2012 11:58:14 +0200 
Author: grothoff
Date: 2012-06-22 11:58:14 +0200 (Fri, 22 Jun 2012)
New Revision: 22203

Modified:
   libmicrohttpd/ChangeLog
   libmicrohttpd/configure.ac
   libmicrohttpd/src/daemon/daemon.c
   libmicrohttpd/src/daemon/internal.h
Log:
-#2414: make listen and accepted sockets non-inheritable by default

Modified: libmicrohttpd/ChangeLog
===================================================================
--- libmicrohttpd/ChangeLog     2012-06-22 09:08:03 UTC (rev 22202)
+++ libmicrohttpd/ChangeLog     2012-06-22 09:58:14 UTC (rev 22203)
@@ -1,3 +1,6 @@
+Fri Jun 22 11:31:25 CEST 2012
+       Make sure sockets opened by MHD are non-inheritable by default (#2414). 
-CG
+
 Tue Jun 19 19:44:53 CEST 2012
        Change various uses of time(NULL) to new MHD_monotonic_time() function 
to
        make timeouts immune to the system real time clock changing. -MC

Modified: libmicrohttpd/configure.ac
===================================================================
--- libmicrohttpd/configure.ac  2012-06-22 09:08:03 UTC (rev 22202)
+++ libmicrohttpd/configure.ac  2012-06-22 09:58:14 UTC (rev 22203)
@@ -65,7 +65,6 @@
 AC_PROG_LIBTOOL
 AC_C_BIGENDIAN
 
-
 AC_CHECK_MEMBER([struct sockaddr_in.sin_len],
    [ AC_DEFINE(HAVE_SOCKADDR_IN_SIN_LEN, 1, [Do we have sockaddr_in.sin_len?])
    ],
@@ -189,7 +188,9 @@
 AC_CHECK_HEADERS([plibc.h],our_private_plibc_h=0,our_private_plibc_h=1)
 AM_CONDITIONAL(USE_PRIVATE_PLIBC_H, test x$our_private_plibc_h = x1)    
 
-AC_CHECK_FUNCS(memmem)
+AC_CHECK_FUNCS_ONCE(memmem)
+AC_CHECK_FUNCS_ONCE(accept4)
+
 AC_SEARCH_LIBS([clock_gettime], [rt], [
                                AC_DEFINE(HAVE_CLOCK_GETTIME, 1, [Have 
clock_gettime])
 ])

Modified: libmicrohttpd/src/daemon/daemon.c
===================================================================
--- libmicrohttpd/src/daemon/daemon.c   2012-06-22 09:08:03 UTC (rev 22202)
+++ libmicrohttpd/src/daemon/daemon.c   2012-06-22 09:58:14 UTC (rev 22203)
@@ -77,6 +77,11 @@
 #endif
 #endif
 
+#ifndef SOCK_CLOEXEC
+#define SOCK_CLOEXEC 0
+#endif
+
+
 /**
  * Default implementation of the panic function
  */
@@ -961,7 +966,8 @@
         (0 != fcntl (connection->socket_fd, F_SETFL, flags | O_NONBLOCK)) )
       {
 #if HAVE_MESSAGES
-       FPRINTF(stderr, "Failed to make socket non-blocking: %s\n", 
+       FPRINTF(stderr, "Failed to make socket %d non-blocking: %s\n", 
+               connection->socket_fd,
                STRERROR (errno));
 #endif
       }
@@ -1108,10 +1114,23 @@
   struct sockaddr *addr = (struct sockaddr *) &addrstorage;
   socklen_t addrlen;
   int s;
+  int flags;
+  int need_fcntl;
 
   addrlen = sizeof (addrstorage);
   memset (addr, 0, sizeof (addrstorage));
-  s = ACCEPT (daemon->socket_fd, addr, &addrlen);
+#if HAVE_ACCEPT4
+  s = accept4 (daemon->socket_fd, addr, &addrlen, SOCK_CLOEXEC);
+  need_fcntl = MHD_NO;
+#else
+  s = -1;
+  need_fcntl = MHD_YES;
+#endif
+  if (-1 == s)
+  {
+    s = ACCEPT (daemon->socket_fd, addr, &addrlen);
+    need_fcntl = MHD_YES;
+  }
   if ((s == -1) || (addrlen <= 0))
     {
 #if HAVE_MESSAGES
@@ -1127,7 +1146,21 @@
         }
       return MHD_NO;
     }
+  if (MHD_YES == need_fcntl)
+  {
+    /* make socket non-inheritable */
+    flags = fcntl (s, F_GETFD);
+    if ( ( (-1 == flags) ||
+          ( (flags != (flags | FD_CLOEXEC)) &&
+            (0 != fcntl (s, F_SETFD, flags | FD_CLOEXEC)) ) ) )
+      {
 #if HAVE_MESSAGES
+       FPRINTF(stderr, "Failed to make socket non-inheritable: %s\n", 
+               STRERROR (errno));
+#endif
+      }
+  }
+#if HAVE_MESSAGES
 #if DEBUG_CONNECT
   MHD_DLOG (daemon, "Accepted connection on socket %d\n", s);
 #endif
@@ -1947,6 +1980,58 @@
 
 
 /**
+ * Create a listen socket, if possible with CLOEXEC flag set.
+ *
+ * @param domain socket domain (i.e. PF_INET)
+ * @param type socket type (usually SOCK_STREAM)
+ * @param protocol desired protocol, 0 for default
+ */
+static int
+create_socket (int domain, int type, int protocol)
+{
+  static int sock_cloexec = SOCK_CLOEXEC;
+  int ctype = SOCK_STREAM | sock_cloexec;
+  int fd;
+  int flags;
+ 
+  /* use SOCK_STREAM rather than ai_socktype: some getaddrinfo
+   * implementations do not set ai_socktype, e.g. RHL6.2. */
+  fd = socket(domain, ctype, protocol);
+  if ( (-1 == fd) && (EINVAL == errno) && (0 != sock_cloexec) )
+  {
+    sock_cloexec = 0;
+    fd = socket(domain, type, protocol);
+  }
+  if (-1 == fd)
+    return -1;
+  if (0 != sock_cloexec)
+    return fd; /* this is it */  
+  /* flag was not set during 'socket' call, let's try setting it manually */
+  flags = fcntl (fd, F_GETFD);
+  if (flags < 0)
+  {
+#if HAVE_MESSAGES
+    FPRINTF(stderr, "Failed to get socket options to make socket 
non-inheritable: %s\n", 
+           STRERROR (errno));
+#endif
+    return fd; /* good luck */
+  }
+  if (flags == (flags | FD_CLOEXEC))
+    return fd; /* already set */
+  flags |= FD_CLOEXEC;
+  if (0 != fcntl (fd, F_SETFD, flags))
+  {
+#if HAVE_MESSAGES
+    FPRINTF(stderr, "Failed to make socket non-inheritable: %s\n", 
+           STRERROR (errno));
+#endif
+    return fd; /* good luck */
+  }
+  return fd;
+}
+
+
+/**
  * Start a webserver on the given port.
  *
  * @param port port to bind to
@@ -2148,7 +2233,7 @@
     {
       if ((options & MHD_USE_IPv6) != 0)
 #if HAVE_INET6
-       socket_fd = SOCKET (PF_INET6, SOCK_STREAM, 0);
+       socket_fd = create_socket (PF_INET6, SOCK_STREAM, 0);
 #else
       {
 #if HAVE_MESSAGES
@@ -2159,7 +2244,7 @@
       }
 #endif
       else
-       socket_fd = SOCKET (PF_INET, SOCK_STREAM, 0);
+       socket_fd = create_socket (PF_INET, SOCK_STREAM, 0);
       if (socket_fd == -1)
        {
 #if HAVE_MESSAGES
@@ -2358,7 +2443,7 @@
       sk_flags = fcntl (socket_fd, F_GETFL);
       if (sk_flags < 0)
         goto thread_failed;
-      if (fcntl (socket_fd, F_SETFL, sk_flags | O_NONBLOCK) < 0)
+      if (0 != fcntl (socket_fd, F_SETFL, sk_flags | O_NONBLOCK))
         goto thread_failed;
 #else
       sk_flags = 1;

Modified: libmicrohttpd/src/daemon/internal.h
===================================================================
--- libmicrohttpd/src/daemon/internal.h 2012-06-22 09:08:03 UTC (rev 22202)
+++ libmicrohttpd/src/daemon/internal.h 2012-06-22 09:58:14 UTC (rev 22203)
@@ -42,6 +42,7 @@
 #define MHD_MAX(a,b) ((a)<(b)) ? (b) : (a)
 #define MHD_MIN(a,b) ((a)<(b)) ? (a) : (b)
 
+
 /**
  * Size by which MHD usually tries to increment read/write buffers.
  * TODO: we should probably get rid of this magic constant and
reply via email to
[Prev in Thread] Current Thread [Next in Thread]