user/dev discussion of public-inbox itself
 help / color / mirror / code / Atom feed
From: Eric Wong <e@80x24.org>
To: meta@public-inbox.org
Subject: [PATCH 9/9] lei-daemon: do not leak FDs on bogus requests
Date: Wed, 24 Mar 2021 14:23:35 +0500	[thread overview]
Message-ID: <20210324092335.12345-10-e@80x24.org> (raw)
In-Reply-To: <20210324092335.12345-1-e@80x24.org>

If a client passes us the incorrect number of FDs, we'll vivify
them into PerlIO objects so they can be auto-closed.  Using
POSIX::close was considered, but it would've been more code to
handle an uncommon case.
---
 lib/PublicInbox/LEI.pm | 15 +++++++--------
 t/lei-daemon.t         | 29 +++++++++++++++++++++++++++++
 2 files changed, 36 insertions(+), 8 deletions(-)

diff --git a/lib/PublicInbox/LEI.pm b/lib/PublicInbox/LEI.pm
index 878685f1..e5211764 100644
--- a/lib/PublicInbox/LEI.pm
+++ b/lib/PublicInbox/LEI.pm
@@ -981,17 +981,16 @@ sub accept_dispatch { # Listener {post_accept} callback
 		return send($sock, 'timed out waiting to recv FDs', MSG_EOR);
 	# (4096 * 33) >MAX_ARG_STRLEN
 	my @fds = $recv_cmd->($sock, my $buf, 4096 * 33) or return; # EOF
-	if (scalar(@fds) == 4) {
-		for my $i (0..3) {
-			my $fd = shift(@fds);
-			open($self->{$i}, '+<&=', $fd) and next;
-			send($sock, "open(+<&=$fd) (FD=$i): $!", MSG_EOR);
-		}
-	} elsif (!defined($fds[0])) {
+	if (!defined($fds[0])) {
 		warn(my $msg = "recv_cmd failed: $!");
 		return send($sock, $msg, MSG_EOR);
 	} else {
-		return;
+		my $i = 0;
+		for my $fd (@fds) {
+			open($self->{$i++}, '+<&=', $fd) and next;
+			send($sock, "open(+<&=$fd) (FD=$i): $!", MSG_EOR);
+		}
+		return if scalar(@fds) != 4;
 	}
 	$self->{2}->autoflush(1); # keep stdout buffered until x_it|DESTROY
 	# $ENV_STR = join('', map { "\0$_=$ENV{$_}" } keys %ENV);
diff --git a/t/lei-daemon.t b/t/lei-daemon.t
index c30e5ac1..35e059b9 100644
--- a/t/lei-daemon.t
+++ b/t/lei-daemon.t
@@ -2,8 +2,16 @@
 # Copyright (C) 2020-2021 all contributors <meta@public-inbox.org>
 # License: AGPL-3.0+ <https://www.gnu.org/licenses/agpl-3.0.txt>
 use strict; use v5.10.1; use PublicInbox::TestCommon;
+use Socket qw(AF_UNIX SOCK_SEQPACKET MSG_EOR pack_sockaddr_un);
+use PublicInbox::Spawn qw(which);
 
 test_lei({ daemon_only => 1 }, sub {
+	my $send_cmd = PublicInbox::Spawn->can('send_cmd4') // do {
+		require PublicInbox::CmdIPC4;
+		PublicInbox::CmdIPC4->can('send_cmd4');
+	};
+	$send_cmd or BAIL_OUT 'started testing lei-daemon w/o send_cmd4!';
+
 	my $sock = "$ENV{XDG_RUNTIME_DIR}/lei/5.seq.sock";
 	my $err_log = "$ENV{XDG_RUNTIME_DIR}/lei/errors.log";
 	lei_ok('daemon-pid');
@@ -22,6 +30,27 @@ test_lei({ daemon_only => 1 }, sub {
 	is($pid, $pid_again, 'daemon-pid idempotent');
 	like($lei_err, qr/phail/, 'got mock "phail" error previous run');
 
+	SKIP: {
+		skip 'only testing open files on Linux', 1 if $^O ne 'linux';
+		my $d = "/proc/$pid/fd";
+		skip "no $d on Linux" unless -d $d;
+		my @before = sort(glob("$d/*"));
+		my $addr = pack_sockaddr_un($sock);
+		open my $null, '<', '/dev/null' or BAIL_OUT "/dev/null: $!";
+		my @fds = map { fileno($null) } (0..2);
+		for (0..10) {
+			socket(my $c, AF_UNIX, SOCK_SEQPACKET, 0) or
+							BAIL_OUT "socket: $!";
+			connect($c, $addr) or BAIL_OUT "connect: $!";
+			$send_cmd->($c, \@fds, 'hi',  MSG_EOR);
+		}
+		lei_ok('daemon-pid');
+		chomp($pid = $lei_out);
+		is($pid, $pid_again, 'pid unchanged after failed reqs');
+		my @after = sort(glob("$d/*"));
+		is_deeply(\@before, \@after, 'open files unchanged') or
+			diag explain([\@before, \@after]);;
+	}
 	lei_ok(qw(daemon-kill));
 	is($lei_out, '', 'no output from daemon-kill');
 	is($lei_err, '', 'no error from daemon-kill');

      parent reply	other threads:[~2021-03-24  9:23 UTC|newest]

Thread overview: 11+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2021-03-24  9:23 [PATCH 0/9] lei: various corner case leak fixes Eric Wong
2021-03-24  9:23 ` [PATCH 1/9] ds: improve DS->Reset fork-safety Eric Wong
2021-03-24 23:01   ` [SQUASH] " Eric Wong
2021-03-24  9:23 ` [PATCH 2/9] mbox_lock: dotlock: chdir for relative lock paths Eric Wong
2021-03-24  9:23 ` [PATCH 3/9] lei: drop circular reference in lei_store process Eric Wong
2021-03-24  9:23 ` [PATCH 4/9] lei: update {3} after -C chdirs Eric Wong
2021-03-24  9:23 ` [PATCH 5/9] lei: clean up pkt_op consumer on exception, too Eric Wong
2021-03-24  9:23 ` [PATCH 6/9] lei_store: give process a better name Eric Wong
2021-03-24  9:23 ` [PATCH 7/9] v2writable: cleanup SQLite handles on --xapian-only Eric Wong
2021-03-24  9:23 ` [PATCH 8/9] lei_mirror: fix circular reference Eric Wong
2021-03-24  9:23 ` Eric Wong [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

  List information: https://public-inbox.org/README

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20210324092335.12345-10-e@80x24.org \
    --to=e@80x24.org \
    --cc=meta@public-inbox.org \
    --subject='Re: [PATCH 9/9] lei-daemon: do not leak FDs on bogus requests' \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Code repositories for project(s) associated with this inbox:

	https://80x24.org/public-inbox.git

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).