aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorStefan Bühler <stbuehler@web.de>2014-06-01 16:30:43 +0000
committerStefan Bühler <stbuehler@web.de>2014-06-01 16:30:43 +0000
commitd2cba05c2e154f6ade01b5f1e417c517788965d3 (patch)
tree9fab0134d8afbfca7048071d9b880e10203c3b49
parent935cad9f8e0b1a88a9d6ccae39aecd75524cc1dd (diff)
downloadspawn-fcgi-d2cba05c2e154f6ade01b5f1e417c517788965d3.tar.gz
spawn-fcgi-d2cba05c2e154f6ade01b5f1e417c517788965d3.zip
Check return values of setuid, setgid, setgroups, initgroups, write
From: Stefan Bühler <stbuehler@web.de> git-svn-id: svn://svn.lighttpd.net/spawn-fcgi/trunk@63 4a9f3682-ca7b-49a8-9a55-ba4640e46f83
-rw-r--r--NEWS1
-rw-r--r--src/spawn-fcgi.c59
2 files changed, 49 insertions, 11 deletions
diff --git a/NEWS b/NEWS
index c9e559a..75c5332 100644
--- a/NEWS
+++ b/NEWS
@@ -10,6 +10,7 @@ NEWS
* Add example apparmor spawn-fcgi abstraction
* Use autoreconf instead of calling tools manually
* Add more flags to extra-warning flags
+ * Check return values of setuid, setgid, setgroups, initgroups, write
- 1.6.3 - 2009-09-23
* Fix unix socket mode change to work without specifying user/group for socket
diff --git a/src/spawn-fcgi.c b/src/spawn-fcgi.c
index a756a31..34a041e 100644
--- a/src/spawn-fcgi.c
+++ b/src/spawn-fcgi.c
@@ -85,6 +85,20 @@ static mode_t read_umask(void) {
return mask;
}
+static ssize_t write_all(int fildes, const void *buf, size_t nbyte) {
+ size_t rem;
+ for (rem = nbyte; rem > 0;) {
+ ssize_t res = write(fildes, buf, rem);
+ if (-1 == res) {
+ if (EINTR != errno) return res;
+ } else {
+ buf = res + (char const*) buf;
+ rem -= res;
+ }
+ }
+ return nbyte;
+}
+
static int bind_socket(const char *addr, unsigned short port, const char *unixsocket, uid_t uid, gid_t gid, mode_t mode, int backlog) {
int fcgi_fd, socket_type, val;
@@ -307,16 +321,24 @@ static int fcgi_spawn_connection(char *appPath, char **appArgv, int fcgi_fd, int
fprintf(stdout, "spawn-fcgi: child spawned successfully: PID: %d\n", child);
/* write pid file */
- if (pid_fd != -1) {
+ if (-1 != pid_fd) {
/* assume a 32bit pid_t */
char pidbuf[12];
snprintf(pidbuf, sizeof(pidbuf) - 1, "%d", child);
- write(pid_fd, pidbuf, strlen(pidbuf));
+ if (-1 == write_all(pid_fd, pidbuf, strlen(pidbuf))) {
+ fprintf(stderr, "spawn-fcgi: writing pid file failed: %s\n", strerror(errno));
+ close(pid_fd);
+ pid_fd = -1;
+ }
/* avoid eol for the last one */
- if (fork_count != 0) {
- write(pid_fd, "\n", 1);
+ if (-1 != pid_fd && fork_count != 0) {
+ if (-1 == write_all(pid_fd, "\n", 1)) {
+ fprintf(stderr, "spawn-fcgi: writing pid file failed: %s\n", strerror(errno));
+ close(pid_fd);
+ pid_fd = -1;
+ }
}
}
@@ -342,7 +364,10 @@ static int fcgi_spawn_connection(char *appPath, char **appArgv, int fcgi_fd, int
break;
}
}
- close(pid_fd);
+
+ if (-1 != pid_fd) {
+ close(pid_fd);
+ }
close(fcgi_fd);
@@ -410,14 +435,14 @@ static int find_user_group(const char *user, const char *group, uid_t *uid, gid_
}
static void show_version () {
- write(1, CONST_STR_LEN(
+ (void) write_all(1, CONST_STR_LEN(
PACKAGE_DESC \
"Build-Date: " __DATE__ " " __TIME__ "\n"
));
}
static void show_help () {
- write(1, CONST_STR_LEN(
+ (void) write_all(1, CONST_STR_LEN(
"Usage: spawn-fcgi [options] [-- <fcgiapp> [fcgi app arguments]]\n" \
"\n" \
PACKAGE_DESC \
@@ -598,10 +623,19 @@ int main(int argc, char **argv) {
* to /etc/group
*/
if (gid != 0) {
- setgid(gid);
- setgroups(0, NULL);
+ if (-1 == setgid(gid)) {
+ fprintf(stderr, "spawn-fcgi: setgid(%i) failed: %s\n", (int) gid, strerror(errno));
+ return -1;
+ }
+ if (-1 == setgroups(0, NULL)) {
+ fprintf(stderr, "spawn-fcgi: setgroups(0, NULL) failed: %s\n", strerror(errno));
+ return -1;
+ }
if (real_username) {
- initgroups(real_username, gid);
+ if (-1 == initgroups(real_username, gid)) {
+ fprintf(stderr, "spawn-fcgi: initgroups('%s', %i) failed: %s\n", real_username, (int) gid, strerror(errno));
+ return -1;
+ }
}
}
@@ -621,7 +655,10 @@ int main(int argc, char **argv) {
/* drop root privs */
if (uid != 0) {
- setuid(uid);
+ if (-1 == setuid(uid)) {
+ fprintf(stderr, "spawn-fcgi: setuid(%i) failed: %s\n", (int) uid, strerror(errno));
+ return -1;
+ }
}
} else {
if (-1 == (fcgi_fd = bind_socket(addr, port, unixsocket, 0, 0, sockmode, backlog)))