Browse Source

Use the stack to hold the constraint child process variables instead of

using the heap.
ok bcook@
OPENBSD_6_1
rzalamena 8 years ago
parent
commit
19841ef136
1 changed files with 18 additions and 22 deletions
  1. +18
    -22
      src/usr.sbin/ntpd/constraint.c

+ 18
- 22
src/usr.sbin/ntpd/constraint.c View File

@ -1,4 +1,4 @@
/* $OpenBSD: constraint.c,v 1.34 2016/10/18 22:05:47 rzalamena Exp $ */
/* $OpenBSD: constraint.c,v 1.35 2016/12/05 10:41:33 rzalamena Exp $ */
/* /*
* Copyright (c) 2015 Reyk Floeter <reyk@openbsd.org> * Copyright (c) 2015 Reyk Floeter <reyk@openbsd.org>
@ -321,8 +321,8 @@ priv_constraint_readquery(struct constraint *cstr, struct ntp_addr_msg *am,
void void
priv_constraint_child(const char *pw_dir, uid_t pw_uid, gid_t pw_gid) priv_constraint_child(const char *pw_dir, uid_t pw_uid, gid_t pw_gid)
{ {
struct constraint *cstr;
struct ntp_addr_msg *am;
struct constraint cstr;
struct ntp_addr_msg am;
uint8_t *data; uint8_t *data;
static char addr[NI_MAXHOST]; static char addr[NI_MAXHOST];
struct timeval rectv, xmttv; struct timeval rectv, xmttv;
@ -336,10 +336,6 @@ priv_constraint_child(const char *pw_dir, uid_t pw_uid, gid_t pw_gid)
if (setpriority(PRIO_PROCESS, 0, 0) == -1) if (setpriority(PRIO_PROCESS, 0, 0) == -1)
log_warn("could not set priority"); log_warn("could not set priority");
if ((cstr = calloc(1, sizeof(*cstr))) == NULL ||
(am = calloc(1, sizeof(*am))) == NULL)
fatal("%s: calloc", __func__);
/* Init TLS and load CA certs before chroot() */ /* Init TLS and load CA certs before chroot() */
if (tls_init() == -1) if (tls_init() == -1)
fatalx("tls_init"); fatalx("tls_init");
@ -368,9 +364,9 @@ priv_constraint_child(const char *pw_dir, uid_t pw_uid, gid_t pw_gid)
if (pledge("stdio inet", NULL) == -1) if (pledge("stdio inet", NULL) == -1)
fatal("pledge"); fatal("pledge");
cstr->fd = CONSTRAINT_PASSFD;
imsg_init(&cstr->ibuf, cstr->fd);
priv_constraint_readquery(cstr, am, &data);
cstr.fd = CONSTRAINT_PASSFD;
imsg_init(&cstr.ibuf, cstr.fd);
priv_constraint_readquery(&cstr, &am, &data);
/* /*
* Get the IP address as name and set the process title accordingly. * Get the IP address as name and set the process title accordingly.
@ -378,8 +374,8 @@ priv_constraint_child(const char *pw_dir, uid_t pw_uid, gid_t pw_gid)
* any DNS operation, so it is safe to be called without the dns * any DNS operation, so it is safe to be called without the dns
* pledge. * pledge.
*/ */
if (getnameinfo((struct sockaddr *)&cstr->addr->ss,
SA_LEN((struct sockaddr *)&cstr->addr->ss),
if (getnameinfo((struct sockaddr *)&cstr.addr->ss,
SA_LEN((struct sockaddr *)&cstr.addr->ss),
addr, sizeof(addr), NULL, 0, addr, sizeof(addr), NULL, 0,
NI_NUMERICHOST) != 0) NI_NUMERICHOST) != 0)
fatalx("%s getnameinfo", __func__); fatalx("%s getnameinfo", __func__);
@ -398,21 +394,21 @@ priv_constraint_child(const char *pw_dir, uid_t pw_uid, gid_t pw_gid)
fatal("%s fcntl F_SETFD", __func__); fatal("%s fcntl F_SETFD", __func__);
/* Get remaining data from imsg in the unpriv child */ /* Get remaining data from imsg in the unpriv child */
if (am->namelen) {
if ((cstr->addr_head.name =
get_string(data, am->namelen)) == NULL)
if (am.namelen) {
if ((cstr.addr_head.name =
get_string(data, am.namelen)) == NULL)
fatalx("invalid IMSG_CONSTRAINT_QUERY name"); fatalx("invalid IMSG_CONSTRAINT_QUERY name");
data += am->namelen;
data += am.namelen;
} }
if (am->pathlen) {
if ((cstr->addr_head.path =
get_string(data, am->pathlen)) == NULL)
if (am.pathlen) {
if ((cstr.addr_head.path =
get_string(data, am.pathlen)) == NULL)
fatalx("invalid IMSG_CONSTRAINT_QUERY path"); fatalx("invalid IMSG_CONSTRAINT_QUERY path");
} }
/* Run! */ /* Run! */
if ((ctx = httpsdate_query(addr, if ((ctx = httpsdate_query(addr,
CONSTRAINT_PORT, cstr->addr_head.name, cstr->addr_head.path,
CONSTRAINT_PORT, cstr.addr_head.name, cstr.addr_head.path,
conf->ca, conf->ca_len, &rectv, &xmttv)) == NULL) { conf->ca, conf->ca_len, &rectv, &xmttv)) == NULL) {
/* Abort with failure but without warning */ /* Abort with failure but without warning */
exit(1); exit(1);
@ -422,10 +418,10 @@ priv_constraint_child(const char *pw_dir, uid_t pw_uid, gid_t pw_gid)
iov[0].iov_len = sizeof(rectv); iov[0].iov_len = sizeof(rectv);
iov[1].iov_base = &xmttv; iov[1].iov_base = &xmttv;
iov[1].iov_len = sizeof(xmttv); iov[1].iov_len = sizeof(xmttv);
imsg_composev(&cstr->ibuf,
imsg_composev(&cstr.ibuf,
IMSG_CONSTRAINT_RESULT, 0, 0, -1, iov, 2); IMSG_CONSTRAINT_RESULT, 0, 0, -1, iov, 2);
do { do {
rv = imsg_flush(&cstr->ibuf);
rv = imsg_flush(&cstr.ibuf);
} while (rv == -1 && errno == EAGAIN); } while (rv == -1 && errno == EAGAIN);
/* Tear down the TLS connection after sending the result */ /* Tear down the TLS connection after sending the result */


Loading…
Cancel
Save