Wait until xmlsec program completes to avoid zombies

Popen was often used to execute the xmlsec program without
calling wait() on the process file handler, which resulted
in zombies being left for arbitrary time (depending on gc).

Adding the wait() call as implemented by this fix should not
cause any delays nor deadlocks since it is always run only
after the program finishes - after stdout and stderr are
read. It should thus not cause any regressions.

For more info about Popen causing zombies, please see:
http://stackoverflow.com/questions/2760652/how-to-kill-or-avoid-zombie-processes-with-subprocess-module
https://lbolla.info/blog/2014/01/23/die-zombie-die

1 files changed, 2 insertions, 0 deletions

diff --git a/src/saml2/sigver.py b/src/saml2/sigver.py
index f67db591..04502797 100644
--- a/src/saml2/sigver.py
+++ b/src/saml2/sigver.py
@@ -797,6 +797,7 @@ class CryptoBackendXmlSec1(CryptoBackend):
         com_list = [self.xmlsec, "--version"]
         pof = Popen(com_list, stderr=PIPE, stdout=PIPE)
         content = pof.stdout.read().decode('ascii')
+        pof.wait()
         try:
             return content.split(" ")[1]
         except IndexError:
@@ -990,6 +991,7 @@ class CryptoBackendXmlSec1(CryptoBackend):
 
         p_out = pof.stdout.read().decode('utf-8')
         p_err = pof.stderr.read().decode('utf-8')
+        pof.wait()
 
         if pof.returncode is not None and pof.returncode < 0:
             logger.error(LOG_LINE, p_out, p_err)