Move the dlopen/dlsym/dlclose check of newly compiled VCL code to

a sub process, to make contamination of the MGR process impossible. git-svn-id: http://www.varnish-cache.org/svn/trunk/varnish-cache@4995 d4fa192b-c00b-0410-8231-f00ffab90ce4

Move the dlopen/dlsym/dlclose check of newly compiled VCL code to
a sub process, to make contamination of the MGR process impossible. git-svn-id: http://www.varnish-cache.org/svn/trunk/varnish-cache@4995 d4fa192b-c00b-0410-8231-f00ffab90ce4
dcd67ff3 · Poul-Henning Kamp · 5a48d2b1 · dcd67ff3
Commit dcd67ff3 authored Jul 03, 2010 by Poul-Henning Kamp
Hide whitespace changes
Inline Side-by-side

Showing with 55 additions and 26 deletions

mgt_vcc.c bin/varnishd/mgt_vcc.c +55 -26

No files found.
--- a/bin/varnishd/mgt_vcc.c
+++ b/bin/varnishd/mgt_vcc.c
@@ -55,6 +55,7 @@ SVNID("$Id$")
 #include "mgt_cli.h"
 #include "heritage.h"

+#include "vcl.h"
 #include "vss.h"

 struct vclprog {
@@ -123,16 +124,6 @@ mgt_make_cc_cmd(const char *sf, const char *of)
 	return (sb);
 }

-/*--------------------------------------------------------------------
- * Invoke system C compiler in a sub-process
- */
-
-static void
-run_cc(void *priv)
-{
-	(void)execl("/bin/sh", "/bin/sh", "-c", priv, NULL);
-}
-
 /*--------------------------------------------------------------------
 * Invoke system VCC compiler in a sub-process
 */
@@ -168,7 +159,6 @@ run_vcc(void *priv)
 		fprintf(stderr, "Cannot open %s", vp->sf);
 		exit (1);
 	}
-	mgt_got_fd(fd);
 	l = strlen(csrc);
 	i = write(fd, csrc, l);
 	if (i != l) {
@@ -180,6 +170,57 @@ run_vcc(void *priv)
 	exit (0);
 }

+/*--------------------------------------------------------------------
+ * Invoke system C compiler in a sub-process
+ */
+
+static void
+run_cc(void *priv)
+{
+	(void)execl("/bin/sh", "/bin/sh", "-c", priv, NULL);
+}
+
+/*--------------------------------------------------------------------
+ * Attempt to open compiled VCL in a sub-process
+ */
+
+static void
+run_dlopen(void *priv)
+{
+	const char *of;
+	void *dlh;
+	struct VCL_conf const *cnf;
+
+	of = priv;
+
+	/* Try to load the object into the management process */
+	if ((dlh = dlopen(of, RTLD_NOW | RTLD_LOCAL)) == NULL) {
+		fprintf(stderr,
+		    "Compiled VCL program failed to load:\n  %s\n",
+		    dlerror());
+		exit(1);
+	}
+
+	cnf = dlsym(dlh, "VCL_conf");
+	if (cnf == NULL) {
+		fprintf(stderr, "Compiled VCL program, metadata not found\n");
+		exit(1);
+	}
+
+	if (cnf->magic != VCL_CONF_MAGIC) {
+		fprintf(stderr, "Compiled VCL program, mangled metadata\n");
+		exit(1);
+	}
+
+	if (dlclose(dlh)) {
+		fprintf(stderr,
+		    "Compiled VCL program failed to unload:\n  %s\n",
+		    dlerror());
+		exit(1);
+	}
+	exit(0);
+}
+
 /*--------------------------------------------------------------------
 * Compile a VCL program, return shared object, errors in sb.
 */
@@ -193,7 +234,6 @@ mgt_run_cc(const char *vcl, struct vsb *sb, int C_flag)
 	char of[sizeof sf + 1];
 	char *retval;
 	int sfd, i;
-	void *dlh;
 	struct vcc_priv vp;

 	/* Create temporary C source file */
@@ -235,25 +275,14 @@ mgt_run_cc(const char *vcl, struct vsb *sb, int C_flag)
 	(void)unlink(sf);
 	vsb_delete(cmdsb);

-	if (i) {
-		(void)unlink(of);
-		return (NULL);
-	}
+	if (!i) 
+		i = SUB_run(sb, run_dlopen, of, "dlopen", 10);

-	/* Try to load the object into the management process */
-	if ((dlh = dlopen(of, RTLD_NOW | RTLD_LOCAL)) == NULL) {
-		vsb_printf(sb,
-		    "Compiled VCL program failed to load:\n  %s", dlerror());
+	if (i) {
 		(void)unlink(of);
 		return (NULL);
 	}

-	/*
-	 * XXX: we should look up and check the handle in the loaded
-	 * object
-	 */
-
-	AZ(dlclose(dlh));
 	retval = strdup(of);
 	XXXAN(retval);
 	return (retval);