Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Submit feedback
Contribute to GitLab
Sign in
Toggle navigation
V
varnish-cache
Project
Project
Details
Activity
Releases
Cycle Analytics
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Charts
Commits
Open sidebar
varnishcache
varnish-cache
Commits
3cd73087
Commit
3cd73087
authored
Jan 15, 2024
by
Poul-Henning Kamp
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Exploit that socketpair(2) is bidirectional
parent
9784b398
Changes
3
Show whitespace changes
Inline
Side-by-side
Showing
3 changed files
with
13 additions
and
26 deletions
+13
-26
cache_cli.c
bin/varnishd/cache/cache_cli.c
+2
-2
heritage.h
bin/varnishd/common/heritage.h
+1
-2
mgt_child.c
bin/varnishd/mgt/mgt_child.c
+10
-22
No files found.
bin/varnishd/cache/cache_cli.c
View file @
3cd73087
...
@@ -99,10 +99,10 @@ CLI_Run(void)
...
@@ -99,10 +99,10 @@ CLI_Run(void)
add_check
=
1
;
add_check
=
1
;
/* Tell waiting MGT that we are ready to speak CLI */
/* Tell waiting MGT that we are ready to speak CLI */
AZ
(
VCLI_WriteResult
(
heritage
.
cli_
out
,
CLIS_OK
,
"Ready"
));
AZ
(
VCLI_WriteResult
(
heritage
.
cli_
fd
,
CLIS_OK
,
"Ready"
));
cli
=
VCLS_AddFd
(
cache_cls
,
cli
=
VCLS_AddFd
(
cache_cls
,
heritage
.
cli_
in
,
heritage
.
cli_out
,
NULL
,
NULL
);
heritage
.
cli_
fd
,
heritage
.
cli_fd
,
NULL
,
NULL
);
AN
(
cli
);
AN
(
cli
);
cli
->
auth
=
255
;
// Non-zero to disable paranoia in vcli_serve
cli
->
auth
=
255
;
// Non-zero to disable paranoia in vcli_serve
...
...
bin/varnishd/common/heritage.h
View file @
3cd73087
...
@@ -60,8 +60,7 @@ VTAILQ_HEAD(listen_sock_head, listen_sock);
...
@@ -60,8 +60,7 @@ VTAILQ_HEAD(listen_sock_head, listen_sock);
struct
heritage
{
struct
heritage
{
/* Two pipe(2)'s for CLI connection between cache and mgt. */
/* Two pipe(2)'s for CLI connection between cache and mgt. */
int
cli_in
;
int
cli_fd
;
int
cli_out
;
/* File descriptor for stdout/stderr */
/* File descriptor for stdout/stderr */
int
std_fd
;
int
std_fd
;
...
...
bin/varnishd/mgt/mgt_child.c
View file @
3cd73087
...
@@ -63,8 +63,7 @@ static pid_t child_pid = -1;
...
@@ -63,8 +63,7 @@ static pid_t child_pid = -1;
static
struct
vbitmap
*
fd_map
;
static
struct
vbitmap
*
fd_map
;
static
int
child_cli_in
=
-
1
;
static
int
child_cli_fd
=
-
1
;
static
int
child_cli_out
=
-
1
;
static
int
child_output
=
-
1
;
static
int
child_output
=
-
1
;
static
enum
{
static
enum
{
...
@@ -320,17 +319,11 @@ mgt_launch_child(struct cli *cli)
...
@@ -320,17 +319,11 @@ mgt_launch_child(struct cli *cli)
/* Open pipe for mgt->child CLI */
/* Open pipe for mgt->child CLI */
AZ
(
socketpair
(
AF_UNIX
,
SOCK_STREAM
,
0
,
cp
));
AZ
(
socketpair
(
AF_UNIX
,
SOCK_STREAM
,
0
,
cp
));
heritage
.
cli_
in
=
cp
[
0
];
heritage
.
cli_
fd
=
cp
[
0
];
assert
(
cp
[
0
]
>
STDERR_FILENO
);
// See #2782
assert
(
cp
[
0
]
>
STDERR_FILENO
);
// See #2782
assert
(
cp
[
1
]
>
STDERR_FILENO
);
assert
(
cp
[
1
]
>
STDERR_FILENO
);
MCH_Fd_Inherit
(
heritage
.
cli_in
,
"cli_in"
);
MCH_Fd_Inherit
(
heritage
.
cli_fd
,
"cli_fd"
);
child_cli_out
=
cp
[
1
];
child_cli_fd
=
cp
[
1
];
/* Open pipe for child->mgt CLI */
AZ
(
pipe
(
cp
));
heritage
.
cli_out
=
cp
[
1
];
MCH_Fd_Inherit
(
heritage
.
cli_out
,
"cli_out"
);
child_cli_in
=
cp
[
0
];
/*
/*
* Open pipe for child stdout/err
* Open pipe for child stdout/err
...
@@ -427,11 +420,8 @@ mgt_launch_child(struct cli *cli)
...
@@ -427,11 +420,8 @@ mgt_launch_child(struct cli *cli)
/* Close stuff the child got */
/* Close stuff the child got */
closefd
(
&
heritage
.
std_fd
);
closefd
(
&
heritage
.
std_fd
);
MCH_Fd_Inherit
(
heritage
.
cli_in
,
NULL
);
MCH_Fd_Inherit
(
heritage
.
cli_fd
,
NULL
);
closefd
(
&
heritage
.
cli_in
);
closefd
(
&
heritage
.
cli_fd
);
MCH_Fd_Inherit
(
heritage
.
cli_out
,
NULL
);
closefd
(
&
heritage
.
cli_out
);
child_std_vlu
=
VLU_New
(
child_line
,
NULL
,
0
);
child_std_vlu
=
VLU_New
(
child_line
,
NULL
,
0
);
AN
(
child_std_vlu
);
AN
(
child_std_vlu
);
...
@@ -440,7 +430,7 @@ mgt_launch_child(struct cli *cli)
...
@@ -440,7 +430,7 @@ mgt_launch_child(struct cli *cli)
bstart
=
mgt_param
.
startup_timeout
>=
mgt_param
.
cli_timeout
;
bstart
=
mgt_param
.
startup_timeout
>=
mgt_param
.
cli_timeout
;
dstart
=
bstart
?
mgt_param
.
startup_timeout
:
mgt_param
.
cli_timeout
;
dstart
=
bstart
?
mgt_param
.
startup_timeout
:
mgt_param
.
cli_timeout
;
t0
=
VTIM_mono
();
t0
=
VTIM_mono
();
if
(
VCLI_ReadResult
(
child_cli_
in
,
&
u
,
NULL
,
dstart
))
{
if
(
VCLI_ReadResult
(
child_cli_
fd
,
&
u
,
NULL
,
dstart
))
{
assert
(
u
==
CLIS_COMMS
);
assert
(
u
==
CLIS_COMMS
);
if
(
VTIM_mono
()
-
t0
<
dstart
)
if
(
VTIM_mono
()
-
t0
<
dstart
)
mgt_launch_err
(
cli
,
u
,
"Child failed on launch "
);
mgt_launch_err
(
cli
,
u
,
"Child failed on launch "
);
...
@@ -480,7 +470,7 @@ mgt_launch_child(struct cli *cli)
...
@@ -480,7 +470,7 @@ mgt_launch_child(struct cli *cli)
ev_poker
=
e
;
ev_poker
=
e
;
}
}
mgt_cli_start_child
(
child_cli_
in
,
child_cli_out
);
mgt_cli_start_child
(
child_cli_
fd
,
child_cli_fd
);
child_pid
=
pid
;
child_pid
=
pid
;
if
(
mgt_push_vcls
(
cli
,
&
u
,
&
p
))
{
if
(
mgt_push_vcls
(
cli
,
&
u
,
&
p
))
{
...
@@ -535,10 +525,8 @@ mgt_reap_child(void)
...
@@ -535,10 +525,8 @@ mgt_reap_child(void)
* This signals orderly shut down to child
* This signals orderly shut down to child
*/
*/
mgt_cli_stop_child
();
mgt_cli_stop_child
();
if
(
child_cli_out
>=
0
)
if
(
child_cli_fd
>=
0
)
closefd
(
&
child_cli_out
);
closefd
(
&
child_cli_fd
);
if
(
child_cli_in
>=
0
)
closefd
(
&
child_cli_in
);
/* Stop the poker */
/* Stop the poker */
if
(
ev_poker
!=
NULL
)
{
if
(
ev_poker
!=
NULL
)
{
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment