Browse Source

[core] no SOCK_CLOEXEC on Linux kernel < 2.6.27

Linux kernels < 2.6.27 (old!) might return EINVAL if SOCK_CLOEXEC used

x-ref:
  https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=529929
  http://www.linksysinfo.org/index.php?threads/lighttpd-no-longer-starts-toastman-1-28-0510-7.73132/
personal/stbuehler/mod-csrf
Glenn Strauss 5 years ago
parent
commit
8641d1b03f
  1. 18
      src/connections.c
  2. 68
      src/fdevent.c
  3. 7
      src/fdevent.h
  4. 7
      src/mod_fastcgi.c
  5. 7
      src/mod_scgi.c
  6. 4
      src/test_configfile.c

18
src/connections.c

@ -901,13 +901,9 @@ static handler_t connection_handle_fdevent(server *srv, void *context, int reven
connection *connection_accept(server *srv, server_socket *srv_socket) {
/* accept everything */
/* search an empty place */
int cnt;
sock_addr cnt_addr;
socklen_t cnt_len;
/* accept it and register the fd */
size_t cnt_len = sizeof(cnt_addr); /*(size_t intentional; not socklen_t)*/
/**
* check if we can still open a new connections
@ -919,17 +915,7 @@ connection *connection_accept(server *srv, server_socket *srv_socket) {
return NULL;
}
cnt_len = sizeof(cnt_addr);
#if defined(SOCK_CLOEXEC) && defined(SOCK_NONBLOCK)
#if defined(__NetBSD__)
cnt = paccept(srv_socket->fd, (struct sockaddr *) &cnt_addr, &cnt_len, NULL, SOCK_CLOEXEC | SOCK_NONBLOCK);
#else
cnt = accept4(srv_socket->fd, (struct sockaddr *) &cnt_addr, &cnt_len, SOCK_CLOEXEC | SOCK_NONBLOCK);
#endif
#else
cnt = accept(srv_socket->fd, (struct sockaddr *) &cnt_addr, &cnt_len);
#endif
cnt = fdevent_accept_listenfd(srv_socket->fd, (struct sockaddr *) &cnt_addr, &cnt_len);
if (-1 == cnt) {
switch (errno) {
case EAGAIN:

68
src/fdevent.c

@ -5,6 +5,7 @@
#include "log.h"
#include <sys/types.h>
#include "sys-socket.h"
#include <unistd.h>
#include <stdlib.h>
@ -12,9 +13,23 @@
#include <errno.h>
#include <fcntl.h>
static int use_sock_cloexec;
fdevents *fdevent_init(server *srv, size_t maxfds, int type) {
fdevents *ev;
#ifdef SOCK_CLOEXEC
/* Test if SOCK_CLOEXEC is supported by kernel.
* Linux kernels < 2.6.27 might return EINVAL if SOCK_CLOEXEC used
* https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=529929
* http://www.linksysinfo.org/index.php?threads/lighttpd-no-longer-starts-toastman-1-28-0510-7.73132/ */
int fd = socket(AF_INET, SOCK_STREAM | SOCK_CLOEXEC, 0);
if (fd >= 0) {
use_sock_cloexec = 1;
close(fd);
}
#endif
ev = calloc(1, sizeof(*ev));
force_assert(NULL != ev);
ev->srv = srv;
@ -264,7 +279,7 @@ void * fdevent_get_context(fdevents *ev, int fd) {
return ev->fdarray[fd]->ctx;
}
void fd_close_on_exec(int fd) {
void fdevent_setfd_cloexec(int fd) {
#ifdef FD_CLOEXEC
if (fd < 0) return;
force_assert(-1 != fcntl(fd, F_SETFD, FD_CLOEXEC));
@ -273,6 +288,14 @@ void fd_close_on_exec(int fd) {
#endif
}
void fdevent_clrfd_cloexec(int fd) {
#ifdef FD_CLOEXEC
if (fd >= 0) force_assert(-1 != fcntl(fd, F_SETFD, 0));
#else
UNUSED(fd);
#endif
}
int fdevent_fcntl_set(fdevents *ev, int fd) {
return ((ev) && (ev->fcntl_set)) ? ev->fcntl_set(ev, fd) : 0;
}
@ -293,31 +316,32 @@ int fdevent_fcntl_set_nb_cloexec(fdevents *ev, int fd) {
int fdevent_fcntl_set_nb_cloexec_sock(fdevents *ev, int fd) {
#if defined(SOCK_CLOEXEC) && defined(SOCK_NONBLOCK)
return ((ev) && (ev->fcntl_set)) ? ev->fcntl_set(ev, fd) : 0;
#else
return fdevent_fcntl_set_nb_cloexec(ev, fd);
if (use_sock_cloexec)
return ((ev) && (ev->fcntl_set)) ? ev->fcntl_set(ev, fd) : 0;
#endif
return fdevent_fcntl_set_nb_cloexec(ev, fd);
}
int fdevent_socket_cloexec(int domain, int type, int protocol) {
#ifdef SOCK_CLOEXEC
return socket(domain, type | SOCK_CLOEXEC, protocol);
#else
int fd;
#ifdef SOCK_CLOEXEC
if (use_sock_cloexec)
return socket(domain, type | SOCK_CLOEXEC, protocol);
#endif
if (-1 != (fd = socket(domain, type, protocol))) {
#ifdef FD_CLOEXEC
fcntl(fd, F_SETFD, FD_CLOEXEC);
#endif
}
return fd;
#endif
}
int fdevent_socket_nb_cloexec(int domain, int type, int protocol) {
#ifdef SOCK_CLOEXEC
return socket(domain, type | SOCK_CLOEXEC | SOCK_NONBLOCK, protocol);
#else
int fd;
#ifdef SOCK_CLOEXEC
if (use_sock_cloexec)
return socket(domain, type | SOCK_CLOEXEC | SOCK_NONBLOCK, protocol);
#endif
if (-1 != (fd = socket(domain, type, protocol))) {
#ifdef FD_CLOEXEC
fcntl(fd, F_SETFD, FD_CLOEXEC);
@ -327,7 +351,6 @@ int fdevent_socket_nb_cloexec(int domain, int type, int protocol) {
#endif
}
return fd;
#endif
}
#ifndef O_NOCTTY
@ -348,6 +371,27 @@ int fdevent_open_cloexec(const char *pathname, int flags, mode_t mode) {
}
int fdevent_accept_listenfd(int listenfd, struct sockaddr *addr, size_t *addrlen) {
int fd;
socklen_t len = (socklen_t) *addrlen;
#if defined(SOCK_CLOEXEC) && defined(SOCK_NONBLOCK)
#if defined(__NetBSD__)
fd = paccept(listenfd, addr, &len, NULL, SOCK_CLOEXEC | SOCK_NONBLOCK);
#else
fd = (use_sock_cloexec)
? accept4(listenfd, addr, &len, SOCK_CLOEXEC | SOCK_NONBLOCK)
: accept(listenfd, addr, &len);
#endif
#else
fd = accept(listenfd, addr, &len);
#endif
if (fd >= 0) *addrlen = (size_t)len;
return fd;
}
int fdevent_event_next_fdndx(fdevents *ev, int ndx) {
if (ev->event_next_fdndx) return ev->event_next_fdndx(ev, ndx);

7
src/fdevent.h

@ -206,7 +206,9 @@ int fdevent_unregister(fdevents *ev, int fd);
void fdevent_sched_close(fdevents *ev, int fd, int issock);
void fdevent_sched_run(struct server *srv, fdevents *ev);
void fd_close_on_exec(int fd);
#define fd_close_on_exec(fd) fdevent_setfd_cloexec(fd)
void fdevent_setfd_cloexec(int fd);
void fdevent_clrfd_cloexec(int fd);
int fdevent_fcntl_set(fdevents *ev, int fd);
int fdevent_fcntl_set_nb(fdevents *ev, int fd);
int fdevent_fcntl_set_nb_cloexec(fdevents *ev, int fd);
@ -215,6 +217,9 @@ int fdevent_socket_cloexec(int domain, int type, int protocol);
int fdevent_socket_nb_cloexec(int domain, int type, int protocol);
int fdevent_open_cloexec(const char *pathname, int flags, mode_t mode);
struct sockaddr;
int fdevent_accept_listenfd(int listenfd, struct sockaddr *addr, size_t *addrlen);
int fdevent_select_init(fdevents *ev);
int fdevent_poll_init(fdevents *ev);
int fdevent_linux_sysepoll_init(fdevents *ev);

7
src/mod_fastcgi.c

@ -1122,10 +1122,9 @@ static int fcgi_spawn_connection(server *srv,
dup2(fcgi_fd, FCGI_LISTENSOCK_FILENO);
close(fcgi_fd);
}
#ifdef SOCK_CLOEXEC
else
(void)fcntl(fcgi_fd, F_SETFD, 0); /* clear cloexec */
#endif
else {
fdevent_clrfd_cloexec(fcgi_fd);
}
/* we don't need the client socket */
for (i = 3; i < 256; i++) {

7
src/mod_scgi.c

@ -876,10 +876,9 @@ static int scgi_spawn_connection(server *srv,
dup2(scgi_fd, 0);
close(scgi_fd);
}
#ifdef SOCK_CLOEXEC
else
(void)fcntl(scgi_fd, F_SETFD, 0); /* clear cloexec */
#endif
else {
fdevent_clrfd_cloexec(scgi_fd);
}
/* we don't need the client socket */
for (fd = 3; fd < 256; fd++) {

4
src/test_configfile.c

@ -87,5 +87,5 @@ int main (void) {
/*
* stub functions (for linking)
*/
void fd_close_on_exec(int fd);
void fd_close_on_exec(int fd) { UNUSED(fd); }
void fdevent_setfd_cloexec(int fd);
void fdevent_setfd_cloexec(int fd) { UNUSED(fd); }

Loading…
Cancel
Save