Commit 58e1192e authored by Leigh B Stoller's avatar Leigh B Stoller

Watch for a bogus handshake; I saw this happen on one of the FEs, we did

a handshake even though capserver was not running. But the uid/gid
values were totally bogus. So sanity check them, and if they look
whacky, abort the handshake until the next time we wake up, to do it

I go no good theories as to how this happened. A bad theory is that
maybe some transient startup process bound that socket for a while, but
that seems incredibly unlikely.
parent d5b143b6
......@@ -1019,9 +1019,9 @@ capture(void)
sigset_t omask;
char buf[BUFSIZE];
struct timeval timeout;
int nretries;
* XXX for now we make both directions non-blocking. This is a
* quick hack to achieve the goal that capture never block
......@@ -2945,6 +2945,27 @@ handshake(void)
tipuid = tipown.uid;
tipgid = tipown.gid;
* Watch for bogus values, I have seen this happen and it throws
* everything out of whack. I have a theory, but its too sketchy
* to even mention.
if ((int)tipuid < 0 || (int)tipuid > 0x1000 * 128) {
warning("Whacky value for Owner: %d", tipuid);
tipuid = tipgid = 0;
err = -1;
goto done;
if ((int)tipgid < 0 || (int)tipgid > 0x1000 * 128) {
warning("Whacky value for Group: %d", tipgid);
tipuid = tipgid = 0;
err = -1;
goto done;
if (runfile && chown(Runname, tipuid, tipgid) < 0)
die("%s: chown: %s", Runname, geterr(errno));
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment