diff options
| author | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2014-08-01 11:20:55 +0200 |
|---|---|---|
| committer | Stef Walter <stefw@redhat.com> | 2014-09-25 09:48:15 +0200 |
| commit | ac27c967600796d1300ff3054668c987716db296 (patch) | |
| tree | ad970c1c0ad85a39597c83f38a813864e946e1d4 | |
| parent | 620c91d04628321e4e212bc6bbeba4aa345937d4 (diff) | |
| download | p11-kit-rpc-daemon.tar.gz | |
remote: only accept if the FD is setrpc-daemon
| -rw-r--r-- | p11-kit/remote.c | 86 |
1 files changed, 44 insertions, 42 deletions
diff --git a/p11-kit/remote.c b/p11-kit/remote.c index 36cebdf..473015f 100644 --- a/p11-kit/remote.c +++ b/p11-kit/remote.c @@ -318,56 +318,58 @@ p11_kit_remote_serve_module (CK_FUNCTION_LIST *module, goto exit; } - sa_len = sizeof(sa); - cfd = accept(sd, (struct sockaddr *)&sa, &sa_len); - if (cfd == -1) { - e = errno; - if (e != EINTR) { - p11_message ("could not accept from socket %s: %s", socket_file, strerror(e)); + if (FD_ISSET(sd, &rd_set)) { + sa_len = sizeof(sa); + cfd = accept(sd, (struct sockaddr *)&sa, &sa_len); + if (cfd == -1) { + e = errno; + if (e != EINTR) { + p11_message ("could not accept from socket %s: %s", socket_file, strerror(e)); + } + continue; } - continue; - } - - /* check the uid of the peer */ - rc = p11_get_upeer_id(cfd, &tuid, &tgid, NULL); - if (rc == -1) { - e = errno; - p11_message ("could not check uid from socket %s: %s", socket_file, strerror(e)); - goto cont; - } - if (uid != -1) { - if (uid != tuid) { - p11_message ("connecting uid (%u) doesn't match expected (%u)", - (unsigned)tuid, (unsigned)uid); + /* check the uid of the peer */ + rc = p11_get_upeer_id(cfd, &tuid, &tgid, NULL); + if (rc == -1) { + e = errno; + p11_message ("could not check uid from socket %s: %s", socket_file, strerror(e)); goto cont; } - } - if (gid != -1) { - if (gid != tgid) { - p11_message ("connecting gid (%u) doesn't match expected (%u)", - (unsigned)tgid, (unsigned)gid); - goto cont; + if (uid != -1) { + if (uid != tuid) { + p11_message ("connecting uid (%u) doesn't match expected (%u)", + (unsigned)tuid, (unsigned)uid); + goto cont; + } } - } - pid = fork(); - switch(pid) { - case -1: - p11_message_err (errno, "failed to fork for accept"); - continue; - case 0: - /* child */ - sigprocmask(SIG_UNBLOCK, &blockset, NULL); - serve_module (socket_file, module, &options, &buffer, &virt, cfd); - _exit(0); - default: - children_avail++; - break; - } + if (gid != -1) { + if (gid != tgid) { + p11_message ("connecting gid (%u) doesn't match expected (%u)", + (unsigned)tgid, (unsigned)gid); + goto cont; + } + } + + pid = fork(); + switch(pid) { + case -1: + p11_message_err (errno, "failed to fork for accept"); + continue; + case 0: + /* child */ + sigprocmask(SIG_UNBLOCK, &blockset, NULL); + serve_module (socket_file, module, &options, &buffer, &virt, cfd); + _exit(0); + default: + children_avail++; + break; + } cont: - close(cfd); + close(cfd); + } } p11_buffer_uninit (&buffer); |