havegecmd: Fix error handling.

- bind failure should be fatal - error sending on socket should be non-fatal - return chroot error Signed-off-by: Michal Suchanek <msuchanek@suse.de>
author: Michal Suchanek <msuchanek@suse.de> 2020-11-11 13:22:54 +0100
committer: Michal Suchanek <msuchanek@suse.de> 2020-11-12 16:25:34 +0100
commit: 96d71bb1476c592fb22247699f1cd7909e821511 (patch)
tree: e3d770780d5b2782368887f4020104e30823bd13
parent: Fixed compiler warnings (diff)
download: haveged-96d71bb1476c592fb22247699f1cd7909e821511.tar.xz
haveged-96d71bb1476c592fb22247699f1cd7909e821511.zip
3 files changed, 39 insertions, 51 deletions
diff --git a/src/havegecmd.c b/src/havegecmd.c
index 18ff322..c2acbc7 100644
--- a/src/havegecmd.c
+++ b/src/havegecmd.c
@@ -51,7 +51,7 @@ struct ucred
 
 int socket_fd;
 
-static void new_root(              /* RETURN: nothing                       */
+static int new_root(               /* RETURN: status                        */
    const char *root,               /* IN: path of the new root file system  */
    const volatile char *path,      /* IN: path of the haveged executable    */
    char *const argv[],             /* IN: arguments for the haveged process */
@@ -59,35 +59,28 @@ static void new_root(              /* RETURN: nothing                       */
 {
    int ret;
 
-   fprintf(stderr, "%s: restart in new root: %s\n", params->daemon, root);
+   print_msg("%s: restart in new root: %s\n", params->daemon, root);
    ret = chdir(root);
    if (ret < 0) {
-      if (errno != ENOENT)
-         error_exit("can't change to working directory : %s", root);
-      else
-         fprintf(stderr, "%s: can't change to working directory : %s\n", params->daemon, root);
+         print_msg("%s: can't change to working directory : %s\n", params->daemon, root);
+         return ret;
       }
    ret = chroot(".");
    if (ret < 0) {
-      if (errno != ENOENT)
-         error_exit("can't change root directory");
-      else
-         fprintf(stderr, "%s: can't change root directory\n", params->daemon);
+         print_msg("%s: can't change root directory\n", params->daemon);
+         return ret;
       }
    ret = chdir("/");
    if (ret < 0) {
-      if (errno != ENOENT)
-         error_exit("can't change to working directory /");
-      else
-         fprintf(stderr, "%s: can't change to working directory /\n", params->daemon);
+         print_msg("%s: can't change to working directory /\n", params->daemon);
+         return ret;
       }
    ret = execv((const char *)path, argv);
    if (ret < 0) {
-      if (errno != ENOENT)
-         error_exit("can't restart %s", path);
-      else
-         fprintf(stderr, "%s: can't restart %s\n", params->daemon, path);
+         print_msg("%s: can't restart %s\n", params->daemon, path);
+         return ret;
       }
+   return 0;
 }
 
 /**
@@ -229,7 +222,7 @@ int socket_handler(                /* RETURN: closed file descriptor        */
 {
    struct ucred cred = {0};
    unsigned char magic[2], *ptr;
-   char *enqry;
+   int enqry;
    char *optarg = NULL;
    socklen_t clen;
    int ret = -1, len;
@@ -249,7 +242,7 @@ int socket_handler(                /* RETURN: closed file descriptor        */
 
       optarg = calloc(alen, sizeof(char));
       if (!optarg)
-          error_exit("can not allocate memory for message from UNIX socket");
+          print_msg("can not allocate memory for message from UNIX socket");
 
       ptr = (unsigned char*)optarg;
       len = alen;
@@ -259,36 +252,34 @@ int socket_handler(                /* RETURN: closed file descriptor        */
    clen = sizeof(struct ucred);
    ret = getsockopt(fd, SOL_SOCKET, SO_PEERCRED, &cred, &clen);
    if (ret < 0) {
-      fprintf(stderr, "%s: can not get credentials from UNIX socket part1\n", params->daemon);
+      print_msg("%s: can not get credentials from UNIX socket part1\n", params->daemon);
       goto out;
       }
    if (clen != sizeof(struct ucred)) {
-      fprintf(stderr, "%s: can not get credentials from UNIX socket part2\n", params->daemon);
+      print_msg("%s: can not get credentials from UNIX socket part2\n", params->daemon);
       goto out;
       }
    if (cred.uid != 0) {
-      enqry = "\x15";
+      enqry = -EPERM;
 
-      ptr = (unsigned char *)enqry;
-      len = (int)strlen(enqry)+1;
+      ptr = (unsigned char *)&enqry;
+      len = sizeof(enqry);
       safeout(fd, ptr, len);
       }
 
    switch (magic[0]) {
       case MAGIC_CHROOT:
-         enqry = "\x6";
 
-         ptr = (unsigned char *)enqry;
-         len = (int)strlen(enqry)+1;
+         enqry = new_root(optarg, path, argv, params);
+         ptr = (unsigned char *)&enqry;
+         len = sizeof(enqry);
          safeout(fd, ptr, len);
-
-         new_root(optarg, path, argv, params);
          break;
       default:
-         enqry = "\x15";
+         enqry = -EINVAL;
 
-         ptr = (unsigned char *)enqry;
-         len = (int)strlen(enqry)+1;
+         ptr = (unsigned char *)&enqry;
+         len = sizeof(enqry);
          safeout(fd, ptr, len);
          break;
       }
@@ -332,7 +323,7 @@ ssize_t safein(                    /* RETURN: read bytes                    */
             continue;
          if (errno == EAGAIN || errno == EWOULDBLOCK)
             break;
-         error_exit("Unable to read from socket: %d", socket_fd);
+         print_msg("Unable to read from socket: %d", socket_fd);
          }
       ptr = (char *) ptr + p;
       ret += p;
@@ -361,7 +352,7 @@ void safeout(                      /* RETURN: nothing                       */
                      continue;
          if (errno == EPIPE || errno == EAGAIN || errno == EWOULDBLOCK)
                      break;
-         error_exit("Unable to write to socket: %d", fd);
+         print_msg("Unable to write to socket: %d", fd);
          }
        ptr = (char *) ptr + p;
        len -= p;
diff --git a/src/haveged.c b/src/haveged.c
index 733d0da..d230c37 100644
--- a/src/haveged.c
+++ b/src/haveged.c
@@ -118,7 +118,7 @@ static void set_watermark(int level);
 static void anchor_info(H_PTR h);
 static int  get_runsize(unsigned int *bufct, unsigned int *bufrem, char *bp);
 static char *ppSize(char *buffer, double sz);
-static void print_msg(const char *format, ...);
+static void error_exit(const char *format, ...);
 
 static void run_app(H_PTR handle, H_UINT bufct, H_UINT bufres);
 static void show_meterInfo(H_UINT id, H_UINT event);
@@ -338,8 +338,9 @@ int main(int argc, char **argv)
       } while (c!=-1);
 #ifndef NO_COMMAND_MODE
    if (params->setup & CMD_MODE) {
-      int ret = 0, len;
-      char *ptr, message[PATH_MAX+5], answer[2], cmd[2];
+      int ret = 0, len, answer;
+      char message[PATH_MAX+5], cmd[2];
+      void * ptr;
       fd_set read_fd;
 
       socket_fd = cmd_connect(params);
@@ -372,8 +373,7 @@ int main(int argc, char **argv)
             ret = -1;
             break;
          }
-      answer[0] = '\0';
-      ptr = &answer[0];
+      ptr = &answer;
       len = sizeof(answer);
 
       FD_ZERO(&read_fd);
@@ -392,10 +392,7 @@ int main(int argc, char **argv)
       close(socket_fd);
       if (ret < 0)
          goto err;
-      if (answer[0] != '\x6')
-         ret = -1;
-      else
-         ret = 0;
+      ret = answer;
    err:
       return ret;
       }
@@ -406,10 +403,10 @@ int main(int argc, char **argv)
       else {
         if (socket_fd == -2) {
 	        fprintf(stderr, "%s: command socket already in use\n", params->daemon);
-	        fprintf(stderr, "%s: please check if there is another instance of haveged running\n", params->daemon);
-	        fprintf(stderr, "%s: disabling command mode for this instance\n", params->daemon);
+	        error_exit("%s: please check if there is another instance of haveged running\n", params->daemon);
         } else {
 	        fprintf(stderr, "%s: can not initialize command socket: %s\n", params->daemon, strerror(errno));
+	        fprintf(stderr, "%s: disabling command mode for this instance\n", params->daemon);
         }
       }
     }
@@ -716,7 +713,7 @@ static void anchor_info(H_PTR h)
 /**
  * Bail....
  */
-void error_exit(           /* RETURN: nothing   */
+static void error_exit(    /* RETURN: nothing   */
    const char *format,     /* IN: msg format    */
    ...)                    /* IN: varadic args  */
 {
@@ -834,7 +831,7 @@ static char *ppSize(       /* RETURN: the formatted size */
 /**
  * Execution notices - to stderr or syslog
  */
-static void print_msg(     /* RETURN: nothing   */
+void print_msg(            /* RETURN: nothing   */
    const char *format,     /* IN: format string */
    ...)                    /* IN: args          */
 {
diff --git a/src/haveged.h b/src/haveged.h
index 9b1efaf..b3a91a0 100644
--- a/src/haveged.h
+++ b/src/haveged.h
@@ -88,8 +88,8 @@ typedef struct {
 } H_METER;
 
 /**
-  * Bail....
-  */
-void error_exit(const char *, ...);
+ * Execution notices - to stderr or syslog
+ */
+void print_msg(const char *, ...);
 
 #endif
author	Michal Suchanek <msuchanek@suse.de>	2020-11-11 13:22:54 +0100
committer	Michal Suchanek <msuchanek@suse.de>	2020-11-12 16:25:34 +0100
commit	96d71bb1476c592fb22247699f1cd7909e821511 (patch)
tree	e3d770780d5b2782368887f4020104e30823bd13
parent	Fixed compiler warnings (diff)
download	haveged-96d71bb1476c592fb22247699f1cd7909e821511.tar.xz haveged-96d71bb1476c592fb22247699f1cd7909e821511.zip