[master] 3cd73087d Exploit that socketpair(2) is bidirectional
Poul-Henning Kamp
phk at FreeBSD.org
Mon Jan 15 13:26:06 UTC 2024
commit 3cd73087d53d1e3912a82ee3e729a317606cb48a
Author: Poul-Henning Kamp <phk at FreeBSD.org>
Date: Mon Jan 15 13:25:07 2024 +0000
Exploit that socketpair(2) is bidirectional
diff --git a/bin/varnishd/cache/cache_cli.c b/bin/varnishd/cache/cache_cli.c
index 2dd203597..0a99bc3cf 100644
--- a/bin/varnishd/cache/cache_cli.c
+++ b/bin/varnishd/cache/cache_cli.c
@@ -99,10 +99,10 @@ CLI_Run(void)
add_check = 1;
/* Tell waiting MGT that we are ready to speak CLI */
- AZ(VCLI_WriteResult(heritage.cli_out, CLIS_OK, "Ready"));
+ AZ(VCLI_WriteResult(heritage.cli_fd, CLIS_OK, "Ready"));
cli = VCLS_AddFd(cache_cls,
- heritage.cli_in, heritage.cli_out, NULL, NULL);
+ heritage.cli_fd, heritage.cli_fd, NULL, NULL);
AN(cli);
cli->auth = 255; // Non-zero to disable paranoia in vcli_serve
diff --git a/bin/varnishd/common/heritage.h b/bin/varnishd/common/heritage.h
index 5b68d96a3..3112c1214 100644
--- a/bin/varnishd/common/heritage.h
+++ b/bin/varnishd/common/heritage.h
@@ -60,8 +60,7 @@ VTAILQ_HEAD(listen_sock_head, listen_sock);
struct heritage {
/* Two pipe(2)'s for CLI connection between cache and mgt. */
- int cli_in;
- int cli_out;
+ int cli_fd;
/* File descriptor for stdout/stderr */
int std_fd;
diff --git a/bin/varnishd/mgt/mgt_child.c b/bin/varnishd/mgt/mgt_child.c
index 0ea50c16e..697b05826 100644
--- a/bin/varnishd/mgt/mgt_child.c
+++ b/bin/varnishd/mgt/mgt_child.c
@@ -63,8 +63,7 @@ static pid_t child_pid = -1;
static struct vbitmap *fd_map;
-static int child_cli_in = -1;
-static int child_cli_out = -1;
+static int child_cli_fd = -1;
static int child_output = -1;
static enum {
@@ -320,17 +319,11 @@ mgt_launch_child(struct cli *cli)
/* Open pipe for mgt->child CLI */
AZ(socketpair(AF_UNIX, SOCK_STREAM, 0, cp));
- heritage.cli_in = cp[0];
+ heritage.cli_fd = cp[0];
assert(cp[0] > STDERR_FILENO); // See #2782
assert(cp[1] > STDERR_FILENO);
- MCH_Fd_Inherit(heritage.cli_in, "cli_in");
- child_cli_out = cp[1];
-
- /* Open pipe for child->mgt CLI */
- AZ(pipe(cp));
- heritage.cli_out = cp[1];
- MCH_Fd_Inherit(heritage.cli_out, "cli_out");
- child_cli_in = cp[0];
+ MCH_Fd_Inherit(heritage.cli_fd, "cli_fd");
+ child_cli_fd = cp[1];
/*
* Open pipe for child stdout/err
@@ -427,11 +420,8 @@ mgt_launch_child(struct cli *cli)
/* Close stuff the child got */
closefd(&heritage.std_fd);
- MCH_Fd_Inherit(heritage.cli_in, NULL);
- closefd(&heritage.cli_in);
-
- MCH_Fd_Inherit(heritage.cli_out, NULL);
- closefd(&heritage.cli_out);
+ MCH_Fd_Inherit(heritage.cli_fd, NULL);
+ closefd(&heritage.cli_fd);
child_std_vlu = VLU_New(child_line, NULL, 0);
AN(child_std_vlu);
@@ -440,7 +430,7 @@ mgt_launch_child(struct cli *cli)
bstart = mgt_param.startup_timeout >= mgt_param.cli_timeout;
dstart = bstart ? mgt_param.startup_timeout : mgt_param.cli_timeout;
t0 = VTIM_mono();
- if (VCLI_ReadResult(child_cli_in, &u, NULL, dstart)) {
+ if (VCLI_ReadResult(child_cli_fd, &u, NULL, dstart)) {
assert(u == CLIS_COMMS);
if (VTIM_mono() - t0 < dstart)
mgt_launch_err(cli, u, "Child failed on launch ");
@@ -480,7 +470,7 @@ mgt_launch_child(struct cli *cli)
ev_poker = e;
}
- mgt_cli_start_child(child_cli_in, child_cli_out);
+ mgt_cli_start_child(child_cli_fd, child_cli_fd);
child_pid = pid;
if (mgt_push_vcls(cli, &u, &p)) {
@@ -535,10 +525,8 @@ mgt_reap_child(void)
* This signals orderly shut down to child
*/
mgt_cli_stop_child();
- if (child_cli_out >= 0)
- closefd(&child_cli_out);
- if (child_cli_in >= 0)
- closefd(&child_cli_in);
+ if (child_cli_fd >= 0)
+ closefd(&child_cli_fd);
/* Stop the poker */
if (ev_poker != NULL) {
More information about the varnish-commit
mailing list