From ac27c967600796d1300ff3054668c987716db296 Mon Sep 17 00:00:00 2001
From: Nikos Mavrogiannopoulos <nmav@redhat.com>
Date: Fri, 1 Aug 2014 11:20:55 +0200
Subject: remote: only accept if the FD is set

---
 p11-kit/remote.c | 86 +++++++++++++++++++++++++++++---------------------------
 1 file changed, 44 insertions(+), 42 deletions(-)

diff --git a/p11-kit/remote.c b/p11-kit/remote.c
index 36cebdf..473015f 100644
--- a/p11-kit/remote.c
+++ b/p11-kit/remote.c
@@ -318,56 +318,58 @@ p11_kit_remote_serve_module (CK_FUNCTION_LIST *module,
 			goto exit;
 		}
 
-		sa_len = sizeof(sa);
-		cfd = accept(sd, (struct sockaddr *)&sa, &sa_len);
-		if (cfd == -1) {
-			e = errno;
-			if (e != EINTR) {
-				p11_message ("could not accept from socket %s: %s", socket_file, strerror(e));
+		if (FD_ISSET(sd, &rd_set)) {
+			sa_len = sizeof(sa);
+			cfd = accept(sd, (struct sockaddr *)&sa, &sa_len);
+			if (cfd == -1) {
+				e = errno;
+				if (e != EINTR) {
+					p11_message ("could not accept from socket %s: %s", socket_file, strerror(e));
+				}
+				continue;
 			}
-			continue;
-		}
-
-		/* check the uid of the peer */
-		rc = p11_get_upeer_id(cfd, &tuid, &tgid, NULL);
-		if (rc == -1) {
-			e = errno;
-			p11_message ("could not check uid from socket %s: %s", socket_file, strerror(e));
-			goto cont;
-		}
 
-		if (uid != -1) {
-			if (uid != tuid) {
-				p11_message ("connecting uid (%u) doesn't match expected (%u)",
-					(unsigned)tuid, (unsigned)uid);
+			/* check the uid of the peer */
+			rc = p11_get_upeer_id(cfd, &tuid, &tgid, NULL);
+			if (rc == -1) {
+				e = errno;
+				p11_message ("could not check uid from socket %s: %s", socket_file, strerror(e));
 				goto cont;
 			}
-		}
 
-		if (gid != -1) {
-			if (gid != tgid) {
-				p11_message ("connecting gid (%u) doesn't match expected (%u)",
-					(unsigned)tgid, (unsigned)gid);
-				goto cont;
+			if (uid != -1) {
+				if (uid != tuid) {
+					p11_message ("connecting uid (%u) doesn't match expected (%u)",
+						(unsigned)tuid, (unsigned)uid);
+					goto cont;
+				}
 			}
-		}
 
-		pid = fork();
-		switch(pid) {
-			case -1:
-				 p11_message_err (errno, "failed to fork for accept");
-				 continue;
-			case 0:
-				/* child */
-				sigprocmask(SIG_UNBLOCK, &blockset, NULL);
-				serve_module (socket_file, module, &options, &buffer, &virt, cfd);
-				_exit(0);
-			default:
-				children_avail++;
-				break;
-		}
+			if (gid != -1) {
+				if (gid != tgid) {
+					p11_message ("connecting gid (%u) doesn't match expected (%u)",
+						(unsigned)tgid, (unsigned)gid);
+					goto cont;
+				}
+			}
+
+			pid = fork();
+			switch(pid) {
+				case -1:
+					 p11_message_err (errno, "failed to fork for accept");
+					 continue;
+				case 0:
+					/* child */
+					sigprocmask(SIG_UNBLOCK, &blockset, NULL);
+					serve_module (socket_file, module, &options, &buffer, &virt, cfd);
+					_exit(0);
+				default:
+					children_avail++;
+					break;
+			}
  cont:
-		close(cfd);
+			close(cfd);
+		}
 	}
 
 	p11_buffer_uninit (&buffer);
-- 
cgit v1.2.1