commit 9fda962861db6c2322384e64fc737f25d4314d66 from: Omar Polo date: Sat Jun 24 09:04:21 2023 UTC better fd rampage avoidance flush imsg right in config_send_file() commit - 2c0716fd7dbfea83669822d86a46a02150378dc7 commit + 9fda962861db6c2322384e64fc737f25d4314d66 blob - 82097604764fbbc218ab0d4a03cbd130ac9d8376 blob + 61fec219e2b9e033732a8323b5994a6575bb41fd --- config.c +++ config.c @@ -170,6 +170,13 @@ config_send_file(struct privsep *ps, enum privsep_proc if (fd != -1) close(fd); + + /* avoid fd rampage */ + if (proc_flush_imsg(ps, id, -1) == -1) { + log_warn("%s: proc_fush_imsg", __func__); + return -1; + } + return 0; } @@ -215,10 +222,6 @@ config_send_kp(struct privsep *ps, int cert_type, int if (config_open_send(ps, key_target, key_type, key) == -1) return -1; - if (proc_flush_imsg(ps, PROC_SERVER, -1) == -1) - return -1; - if (proc_flush_imsg(ps, PROC_CRYPTO, -1) == -1) - return -1; return 0; } @@ -292,15 +295,9 @@ config_send(struct conf *conf) &conf->protos, sizeof(conf->protos)) == -1) return -1; - if (proc_flush_imsg(ps, PROC_SERVER, -1) == -1) - return -1; - if (config_send_socks(conf) == -1) return -1; - if (proc_flush_imsg(ps, PROC_SERVER, -1) == -1) - return -1; - TAILQ_FOREACH(fcgi, &conf->fcgi, fcgi) { log_debug("sending fastcgi %s", fcgi->path); if (proc_compose(ps, PROC_SERVER, IMSG_RECONF_FCGI, @@ -330,8 +327,6 @@ config_send(struct conf *conf) if (config_open_send(ps, PROC_SERVER, IMSG_RECONF_OCSP, h->ocsp_path) == -1) return -1; - if (proc_flush_imsg(ps, PROC_SERVER, -1) == -1) - return -1; } TAILQ_FOREACH(l, &h->locations, locations) { @@ -353,9 +348,6 @@ config_send(struct conf *conf) return -1; } - if (proc_flush_imsg(ps, PROC_SERVER, -1) == -1) - return -1; - TAILQ_FOREACH(e, &h->params, envs) { if (proc_compose(ps, PROC_SERVER, IMSG_RECONF_ENV, e, sizeof(*e)) == -1) @@ -398,9 +390,6 @@ config_send(struct conf *conf) fd, &pcopy, sizeof(pcopy)) == -1) return -1; - if (proc_flush_imsg(ps, PROC_SERVER, -1) == -1) - return -1; - if (p->cert_path == NULL || p->key_path == NULL) continue; @@ -409,13 +398,7 @@ config_send(struct conf *conf) config_open_send(ps, PROC_SERVER, IMSG_RECONF_PROXY_KEY, p->key_path) == -1) return -1; - - if (proc_flush_imsg(ps, PROC_SERVER, -1) == -1) - return -1; } - - if (proc_flush_imsg(ps, PROC_SERVER, -1) == -1) - return -1; } return 0;