[Selinux-commits] SF.net SVN: selinux: [2027] trunk/libselinux/src/setrans_client.c

[<mad...@us...>]

Revision: 2027
          http://svn.sourceforge.net/selinux/?rev=2027&view=rev
Author:   madmethod
Date:     2006-09-13 08:11:00 -0700 (Wed, 13 Sep 2006)

Log Message:
-----------
Author: Stephen Smalley
Email: sd...@ty...
Subject: Latest policycoreutils patch
Date: Fri, 08 Sep 2006 16:25:16 -0400

On Fri, 2006-09-08 at 12:37 -0400, Daniel J Walsh wrote:
> Stephen Smalley wrote:
> > On Thu, 2006-09-07 at 09:31 -0400, Daniel J Walsh wrote:
> >   
> >> Have newrole ignore sigpipe so it gives correct error message when 
> >> flooded with 4000 character security context.
> >>     
> >
> > I'm a little unclear on this one, although I did find a bug report about
> > it (which would be helpful to identify in the patch posting in the
> > future when it applies for easy reference), at
> > https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=203801
> >
> > If I read that one correctly, the SIGPIPE is actually happening when
> > libselinux tries to write the context to the setrans socket, because the
> > daemon is dropping the connection immediately upon getting the header
> > with such a large length (more generally, any failure in the daemon
> > before reading the entire request could lead to this).  So that could
> > affect any user of libselinux, not just newrole, right?
> >
> > Looking around a bit, I see that if we changed the use of writev() in
> > libselinux to instead use sendmsg() with an explicit MSG_NOSIGNAL flag,
> > we could avoid having such failures generate SIGPIPE altogether.  Then
> > we would just get an error return and have the usual fallback handling.
> >   
> That sounds like a better solution.

Possible patch below.  Changes:
1) Collect up the entire request into a single msg and send it once.
2) Use sendmsg with MSG_NOSIGNAL rather than writev.

Acked-By: Joshua Brindle <jbr...@tr...>

Modified Paths:
--------------
    trunk/libselinux/src/setrans_client.c

Modified: trunk/libselinux/src/setrans_client.c
===================================================================
--- trunk/libselinux/src/setrans_client.c	2006-09-05 14:57:13 UTC (rev 2026)
+++ trunk/libselinux/src/setrans_client.c	2006-09-13 15:11:00 UTC (rev 2027)
@@ -58,11 +58,12 @@
 static int
 send_request(int fd, uint32_t function, const char *data1, const char *data2)
 {
-	struct iovec req_hdr[3];
+	struct msghdr msgh;
+	struct iovec iov[5];
 	uint32_t data1_size;
 	uint32_t data2_size;
-	struct iovec req_data[2];
-	ssize_t count;
+	ssize_t count, expected;
+	unsigned int i;
 
 	if (fd < 0)
 		return -1;
@@ -75,28 +76,27 @@
 	data1_size = strlen(data1) + 1;
 	data2_size = strlen(data2) + 1;
 
-	req_hdr[0].iov_base = &function;
-	req_hdr[0].iov_len = sizeof(function);
-	req_hdr[1].iov_base = &data1_size;
-	req_hdr[1].iov_len = sizeof(data1_size);
-	req_hdr[2].iov_base = &data2_size;
-	req_hdr[2].iov_len = sizeof(data2_size);
+	iov[0].iov_base = &function;
+	iov[0].iov_len = sizeof(function);
+	iov[1].iov_base = &data1_size;
+	iov[1].iov_len = sizeof(data1_size);
+	iov[2].iov_base = &data2_size;
+	iov[2].iov_len = sizeof(data2_size);
+	iov[3].iov_base = (char *)data1;
+	iov[3].iov_len = data1_size;
+	iov[4].iov_base = (char *)data2;
+	iov[4].iov_len = data2_size;
+	memset(&msgh, 0, sizeof(msgh));
+	msgh.msg_iov = iov;
+	msgh.msg_iovlen = sizeof(iov)/sizeof(iov[0]);
 
-	while (((count = writev(fd, req_hdr, 3)) < 0) && (errno == EINTR)) ;
-	if (count != (sizeof(function) + sizeof(data1_size) +
-		      sizeof(data2_size))) {
-		return -1;
-	}
+	expected = 0;
+	for (i = 0; i < sizeof(iov)/sizeof(iov[0]); i++)
+		expected += iov[i].iov_len;
 
-	req_data[0].iov_base = (char *)data1;
-	req_data[0].iov_len = data1_size;
-	req_data[1].iov_base = (char *)data2;
-	req_data[1].iov_len = data2_size;
-
-	while (((count = writev(fd, req_data, 2)) < 0) && (errno == EINTR)) ;
-	if (count < 0 || (uint32_t) count != (data1_size + data2_size)) {
+	while (((count = sendmsg(fd, &msgh, MSG_NOSIGNAL)) < 0) && (errno == EINTR)) ;
+	if (count < 0 || count != expected)
 		return -1;
-	}
 
 	return 0;
 }


This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.