diff options
| author | Omar Polo <op@omarpolo.com> | 2023-06-24 09:04:21 +0000 |
|---|---|---|
| committer | Omar Polo <op@omarpolo.com> | 2023-06-24 09:04:21 +0000 |
| commit | 9fda962861db6c2322384e64fc737f25d4314d66 (patch) | |
| tree | aba70b951af7dcbfa8142054377a67feade1a5db /config.c | |
| parent | 2c0716fd7dbfea83669822d86a46a02150378dc7 (diff) | |
better fd rampage avoidance
flush imsg right in config_send_file()
Diffstat (limited to 'config.c')
| -rw-r--r-- | config.c | 31 |
1 files changed, 7 insertions, 24 deletions
@@ -170,6 +170,13 @@ config_send_file(struct privsep *ps, enum privsep_procid id, int type, if (fd != -1) close(fd); + + /* avoid fd rampage */ + if (proc_flush_imsg(ps, id, -1) == -1) { + log_warn("%s: proc_fush_imsg", __func__); + return -1; + } + return 0; } @@ -215,10 +222,6 @@ config_send_kp(struct privsep *ps, int cert_type, int key_type, if (config_open_send(ps, key_target, key_type, key) == -1) return -1; - if (proc_flush_imsg(ps, PROC_SERVER, -1) == -1) - return -1; - if (proc_flush_imsg(ps, PROC_CRYPTO, -1) == -1) - return -1; return 0; } @@ -292,15 +295,9 @@ config_send(struct conf *conf) &conf->protos, sizeof(conf->protos)) == -1) return -1; - if (proc_flush_imsg(ps, PROC_SERVER, -1) == -1) - return -1; - if (config_send_socks(conf) == -1) return -1; - if (proc_flush_imsg(ps, PROC_SERVER, -1) == -1) - return -1; - TAILQ_FOREACH(fcgi, &conf->fcgi, fcgi) { log_debug("sending fastcgi %s", fcgi->path); if (proc_compose(ps, PROC_SERVER, IMSG_RECONF_FCGI, @@ -330,8 +327,6 @@ config_send(struct conf *conf) if (config_open_send(ps, PROC_SERVER, IMSG_RECONF_OCSP, h->ocsp_path) == -1) return -1; - if (proc_flush_imsg(ps, PROC_SERVER, -1) == -1) - return -1; } TAILQ_FOREACH(l, &h->locations, locations) { @@ -353,9 +348,6 @@ config_send(struct conf *conf) return -1; } - if (proc_flush_imsg(ps, PROC_SERVER, -1) == -1) - return -1; - TAILQ_FOREACH(e, &h->params, envs) { if (proc_compose(ps, PROC_SERVER, IMSG_RECONF_ENV, e, sizeof(*e)) == -1) @@ -398,9 +390,6 @@ config_send(struct conf *conf) fd, &pcopy, sizeof(pcopy)) == -1) return -1; - if (proc_flush_imsg(ps, PROC_SERVER, -1) == -1) - return -1; - if (p->cert_path == NULL || p->key_path == NULL) continue; @@ -409,13 +398,7 @@ config_send(struct conf *conf) config_open_send(ps, PROC_SERVER, IMSG_RECONF_PROXY_KEY, p->key_path) == -1) return -1; - - if (proc_flush_imsg(ps, PROC_SERVER, -1) == -1) - return -1; } - - if (proc_flush_imsg(ps, PROC_SERVER, -1) == -1) - return -1; } return 0; |