git@vger.kernel.org mailing list mirror (one of many)
 help / color / mirror / code / Atom feed
From: Erik E Brady <brady@cisco.com>
To: git@vger.kernel.org
Cc: Erik E Brady <brady@cisco.com>
Subject: [PATCH] credential: ignore SIGPIPE when writing to credential helpers
Date: Thu, 29 Mar 2018 11:00:56 -0700	[thread overview]
Message-ID: <20180329180056.9941-1-brady@cisco.com> (raw)
In-Reply-To: <20180329175501.GE31833@sigill.intra.peff.net>

The credential subsystem can trigger SIGPIPE when writing to an
external helper if that helper closes its stdin before reading the
whole input. Normally this is rare, since helpers would need to read
that input to make a decision about how to respond, but:

1. It's reasonable to configure a helper which only handles "get"
   while ignoring "store".  Such a handler might not read stdin
   for "store", thereby rapidly closing stdin upon helper exit.

2. A broken or misbehaving helper might exit immediately. That's an
   error, but it's not reasonable for it to take down the parent Git
   process with SIGPIPE.

Even with such a helper, seeing this problem should be rare. Getting
SIGPIPE requires the helper racily exiting before we've written the
fairly small credential output.

Signed-off-by: Erik E Brady <brady@cisco.com>
---
 credential.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/credential.c b/credential.c
index 9747f47b1..62be651b0 100644
--- a/credential.c
+++ b/credential.c
@@ -5,6 +5,7 @@
 #include "run-command.h"
 #include "url.h"
 #include "prompt.h"
+#include "sigchain.h"
 
 void credential_init(struct credential *c)
 {
@@ -227,8 +228,10 @@ static int run_credential_helper(struct credential *c,
 		return -1;
 
 	fp = xfdopen(helper.in, "w");
+	sigchain_push(SIGPIPE, SIG_IGN);
 	credential_write(c, fp);
 	fclose(fp);
+	sigchain_pop(SIGPIPE);
 
 	if (want_output) {
 		int r;
-- 
2.16.3.dirty


  reply	other threads:[~2018-03-29 18:01 UTC|newest]

Thread overview: 9+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2018-03-28 22:20 [PATCH] credential: cred helper fast exit can cause SIGPIPE, crash Erik E Brady
2018-03-29 11:19 ` Jeff King
2018-03-29 17:25   ` Erik Brady -X (brady - ROBERT HALF INTERNATIONAL INC at Cisco)
2018-03-29 17:55     ` Jeff King
2018-03-29 18:00       ` Erik E Brady [this message]
2018-03-29 21:51         ` [PATCH] credential: ignore SIGPIPE when writing to credential helpers Jeff King
2018-03-29 22:20           ` Erik Brady -X (brady - ROBERT HALF INTERNATIONAL INC at Cisco)
2018-03-29 22:29             ` Jeff King
2018-03-29 22:35           ` Junio C Hamano

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

  List information: http://vger.kernel.org/majordomo-info.html

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20180329180056.9941-1-brady@cisco.com \
    --to=brady@cisco.com \
    --cc=git@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
Code repositories for project(s) associated with this public inbox

	https://80x24.org/mirrors/git.git

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).