Commit 58e1192e authored by Leigh Stoller's avatar Leigh Stoller

Watch for a bogus handshake; I saw this happen on one of the FEs, we did

a handshake even though capserver was not running. But the uid/gid
values were totally bogus. So sanity check them, and if they look
whacky, abort the handshake until the next time we wake up, to do it
again.

I go no good theories as to how this happened. A bad theory is that
maybe some transient startup process bound that socket for a while, but
that seems incredibly unlikely.
parent d5b143b6
...@@ -1019,9 +1019,9 @@ capture(void) ...@@ -1019,9 +1019,9 @@ capture(void)
sigset_t omask; sigset_t omask;
char buf[BUFSIZE]; char buf[BUFSIZE];
struct timeval timeout; struct timeval timeout;
#ifdef USESOCKETS
int nretries; int nretries;
#endif
/* /*
* XXX for now we make both directions non-blocking. This is a * XXX for now we make both directions non-blocking. This is a
* quick hack to achieve the goal that capture never block * quick hack to achieve the goal that capture never block
...@@ -2945,6 +2945,27 @@ handshake(void) ...@@ -2945,6 +2945,27 @@ handshake(void)
*/ */
tipuid = tipown.uid; tipuid = tipown.uid;
tipgid = tipown.gid; tipgid = tipown.gid;
/*
* Watch for bogus values, I have seen this happen and it throws
* everything out of whack. I have a theory, but its too sketchy
* to even mention.
*/
if ((int)tipuid < 0 || (int)tipuid > 0x1000 * 128) {
warning("Whacky value for Owner: %d", tipuid);
tipuid = tipgid = 0;
err = -1;
close(sock);
goto done;
}
if ((int)tipgid < 0 || (int)tipgid > 0x1000 * 128) {
warning("Whacky value for Group: %d", tipgid);
tipuid = tipgid = 0;
err = -1;
close(sock);
goto done;
}
if (runfile && chown(Runname, tipuid, tipgid) < 0) if (runfile && chown(Runname, tipuid, tipgid) < 0)
die("%s: chown: %s", Runname, geterr(errno)); die("%s: chown: %s", Runname, geterr(errno));
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment