From: Eric Wong <e@80x24.org>
To: meta@public-inbox.org
Subject: [PATCH 9/9] lei-daemon: do not leak FDs on bogus requests
Date: Wed, 24 Mar 2021 14:23:35 +0500 [thread overview]
Message-ID: <20210324092335.12345-10-e@80x24.org> (raw)
In-Reply-To: <20210324092335.12345-1-e@80x24.org>
If a client passes us the incorrect number of FDs, we'll vivify
them into PerlIO objects so they can be auto-closed. Using
POSIX::close was considered, but it would've been more code to
handle an uncommon case.
---
lib/PublicInbox/LEI.pm | 15 +++++++--------
t/lei-daemon.t | 29 +++++++++++++++++++++++++++++
2 files changed, 36 insertions(+), 8 deletions(-)
diff --git a/lib/PublicInbox/LEI.pm b/lib/PublicInbox/LEI.pm
index 878685f1..e5211764 100644
--- a/lib/PublicInbox/LEI.pm
+++ b/lib/PublicInbox/LEI.pm
@@ -981,17 +981,16 @@ sub accept_dispatch { # Listener {post_accept} callback
return send($sock, 'timed out waiting to recv FDs', MSG_EOR);
# (4096 * 33) >MAX_ARG_STRLEN
my @fds = $recv_cmd->($sock, my $buf, 4096 * 33) or return; # EOF
- if (scalar(@fds) == 4) {
- for my $i (0..3) {
- my $fd = shift(@fds);
- open($self->{$i}, '+<&=', $fd) and next;
- send($sock, "open(+<&=$fd) (FD=$i): $!", MSG_EOR);
- }
- } elsif (!defined($fds[0])) {
+ if (!defined($fds[0])) {
warn(my $msg = "recv_cmd failed: $!");
return send($sock, $msg, MSG_EOR);
} else {
- return;
+ my $i = 0;
+ for my $fd (@fds) {
+ open($self->{$i++}, '+<&=', $fd) and next;
+ send($sock, "open(+<&=$fd) (FD=$i): $!", MSG_EOR);
+ }
+ return if scalar(@fds) != 4;
}
$self->{2}->autoflush(1); # keep stdout buffered until x_it|DESTROY
# $ENV_STR = join('', map { "\0$_=$ENV{$_}" } keys %ENV);
diff --git a/t/lei-daemon.t b/t/lei-daemon.t
index c30e5ac1..35e059b9 100644
--- a/t/lei-daemon.t
+++ b/t/lei-daemon.t
@@ -2,8 +2,16 @@
# Copyright (C) 2020-2021 all contributors <meta@public-inbox.org>
# License: AGPL-3.0+ <https://www.gnu.org/licenses/agpl-3.0.txt>
use strict; use v5.10.1; use PublicInbox::TestCommon;
+use Socket qw(AF_UNIX SOCK_SEQPACKET MSG_EOR pack_sockaddr_un);
+use PublicInbox::Spawn qw(which);
test_lei({ daemon_only => 1 }, sub {
+ my $send_cmd = PublicInbox::Spawn->can('send_cmd4') // do {
+ require PublicInbox::CmdIPC4;
+ PublicInbox::CmdIPC4->can('send_cmd4');
+ };
+ $send_cmd or BAIL_OUT 'started testing lei-daemon w/o send_cmd4!';
+
my $sock = "$ENV{XDG_RUNTIME_DIR}/lei/5.seq.sock";
my $err_log = "$ENV{XDG_RUNTIME_DIR}/lei/errors.log";
lei_ok('daemon-pid');
@@ -22,6 +30,27 @@ test_lei({ daemon_only => 1 }, sub {
is($pid, $pid_again, 'daemon-pid idempotent');
like($lei_err, qr/phail/, 'got mock "phail" error previous run');
+ SKIP: {
+ skip 'only testing open files on Linux', 1 if $^O ne 'linux';
+ my $d = "/proc/$pid/fd";
+ skip "no $d on Linux" unless -d $d;
+ my @before = sort(glob("$d/*"));
+ my $addr = pack_sockaddr_un($sock);
+ open my $null, '<', '/dev/null' or BAIL_OUT "/dev/null: $!";
+ my @fds = map { fileno($null) } (0..2);
+ for (0..10) {
+ socket(my $c, AF_UNIX, SOCK_SEQPACKET, 0) or
+ BAIL_OUT "socket: $!";
+ connect($c, $addr) or BAIL_OUT "connect: $!";
+ $send_cmd->($c, \@fds, 'hi', MSG_EOR);
+ }
+ lei_ok('daemon-pid');
+ chomp($pid = $lei_out);
+ is($pid, $pid_again, 'pid unchanged after failed reqs');
+ my @after = sort(glob("$d/*"));
+ is_deeply(\@before, \@after, 'open files unchanged') or
+ diag explain([\@before, \@after]);;
+ }
lei_ok(qw(daemon-kill));
is($lei_out, '', 'no output from daemon-kill');
is($lei_err, '', 'no error from daemon-kill');
prev parent reply other threads:[~2021-03-24 9:23 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-03-24 9:23 [PATCH 0/9] lei: various corner case leak fixes Eric Wong
2021-03-24 9:23 ` [PATCH 1/9] ds: improve DS->Reset fork-safety Eric Wong
2021-03-24 23:01 ` [SQUASH] " Eric Wong
2021-03-24 9:23 ` [PATCH 2/9] mbox_lock: dotlock: chdir for relative lock paths Eric Wong
2021-03-24 9:23 ` [PATCH 3/9] lei: drop circular reference in lei_store process Eric Wong
2021-03-24 9:23 ` [PATCH 4/9] lei: update {3} after -C chdirs Eric Wong
2021-03-24 9:23 ` [PATCH 5/9] lei: clean up pkt_op consumer on exception, too Eric Wong
2021-03-24 9:23 ` [PATCH 6/9] lei_store: give process a better name Eric Wong
2021-03-24 9:23 ` [PATCH 7/9] v2writable: cleanup SQLite handles on --xapian-only Eric Wong
2021-03-24 9:23 ` [PATCH 8/9] lei_mirror: fix circular reference Eric Wong
2021-03-24 9:23 ` Eric Wong [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://public-inbox.org/README
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210324092335.12345-10-e@80x24.org \
--to=e@80x24.org \
--cc=meta@public-inbox.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://80x24.org/public-inbox.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).