diff options
-rw-r--r-- | ChangeLog.txt | 1 | ||||
-rw-r--r-- | guts/__xmknodat.c | 3 | ||||
-rw-r--r-- | guts/setgroups.c | 3 | ||||
-rw-r--r-- | guts/tempnam.c | 3 | ||||
-rw-r--r-- | guts/tmpnam.c | 2 | ||||
-rwxr-xr-x | makewrappers | 10 | ||||
-rw-r--r-- | pseudo.1 | 2 | ||||
-rw-r--r-- | pseudo_db.c | 15 | ||||
-rw-r--r-- | pseudo_util.c | 8 |
9 files changed, 31 insertions, 16 deletions
diff --git a/ChangeLog.txt b/ChangeLog.txt index 09f3a33..c42d3c0 100644 --- a/ChangeLog.txt +++ b/ChangeLog.txt @@ -1,5 +1,6 @@ 2010-04-30: * (seebs) rework pdb_history + * (seebs) small cleanups and bulletproofing. 2010-04-27: * (seebs) fix -P in pseudolog diff --git a/guts/__xmknodat.c b/guts/__xmknodat.c index 7281d33..7b4fc4b 100644 --- a/guts/__xmknodat.c +++ b/guts/__xmknodat.c @@ -9,6 +9,9 @@ pseudo_msg_t *msg; struct stat64 buf; + /* we don't use underlying call, so _ver is irrelevant to us */ + (void) ver; + #ifdef PSEUDO_NO_REAL_AT_FUNCTIONS if (dirfd != AT_FDCWD) { errno = ENOSYS; diff --git a/guts/setgroups.c b/guts/setgroups.c index 51058c0..31b2b57 100644 --- a/guts/setgroups.c +++ b/guts/setgroups.c @@ -7,6 +7,9 @@ * int rc = -1; */ + /* let gcc know we're ignoring these */ + (void) size; + (void) list; /* you always have all group privileges. we're like magic! */ rc = 0; diff --git a/guts/tempnam.c b/guts/tempnam.c index b2c1990..9b0257f 100644 --- a/guts/tempnam.c +++ b/guts/tempnam.c @@ -6,6 +6,9 @@ * wrap_tempnam(const char *template, const char *pfx) { * char * rc = NULL; */ + /* let gcc know we ignored these on purpose */ + (void) template; + (void) pfx; pseudo_diag("tempnam() is so ludicrously insecure as to defy implementation."); errno = ENOMEM; rc = NULL; diff --git a/guts/tmpnam.c b/guts/tmpnam.c index 0df04b0..3fece57 100644 --- a/guts/tmpnam.c +++ b/guts/tmpnam.c @@ -7,6 +7,8 @@ * char * rc = NULL; */ + /* let gcc know we're ignoring this */ + (void) s; pseudo_diag("tmpnam() is so ludicrously insecure as to defy implementation."); errno = ENOMEM; rc = NULL; diff --git a/makewrappers b/makewrappers index b0462fe..c094a55 100755 --- a/makewrappers +++ b/makewrappers @@ -278,10 +278,12 @@ EOF * by pseudo and could result in a deadlock. */ sigemptyset(&blocked); - sigaddset(&blocked, SIGCHLD); - sigaddset(&blocked, SIGALRM); - sigaddset(&blocked, SIGUSR1); - sigaddset(&blocked, SIGUSR2); + sigaddset(&blocked, SIGALRM); /* every-N-seconds tasks */ + sigaddset(&blocked, SIGCHLD); /* reaping child processes */ + sigaddset(&blocked, SIGHUP); /* idiomatically, reloading config */ + sigaddset(&blocked, SIGTERM); /* shutdown/teardown operations */ + sigaddset(&blocked, SIGUSR1); /* reopening log files, sometimes */ + sigaddset(&blocked, SIGUSR2); /* who knows what people do */ sigprocmask(SIG_BLOCK, &blocked, &saved); if (pseudo_getlock()) { errno = EBUSY; @@ -80,7 +80,7 @@ The option causes .I pseudo to scan its database, comparing against the filesystem, and reporting likely -errors. +errors. This may be unreliable when the server is actively running. .TP 8 .B \-h The diff --git a/pseudo_db.c b/pseudo_db.c index 3839581..9d310c9 100644 --- a/pseudo_db.c +++ b/pseudo_db.c @@ -1402,7 +1402,7 @@ pdb_update_file_path(pseudo_msg_t *msg) { int pdb_unlink_file(pseudo_msg_t *msg) { static sqlite3_stmt *delete_exact, *delete_sub; - int rc; + int rc, exact, sub; char *sql_delete_exact = "DELETE FROM files WHERE path = ?;"; char *sql_delete_sub = "DELETE FROM files WHERE " "(path > (? || '/') AND path < (? || '0'));"; @@ -1440,14 +1440,13 @@ pdb_unlink_file(pseudo_msg_t *msg) { if (rc != SQLITE_DONE) { dberr(file_db, "delete exact by path may have failed"); } - rc = sqlite3_changes(file_db); - pseudo_debug(2, "(exact %d, ", rc); + exact = sqlite3_changes(file_db); rc = sqlite3_step(delete_sub); if (rc != SQLITE_DONE) { dberr(file_db, "delete sub by path may have failed"); } - rc = sqlite3_changes(file_db); - pseudo_debug(2, "sub %d) ", rc); + sub = sqlite3_changes(file_db); + pseudo_debug(3, "(exact %d, sub %d) ", exact, sub); sqlite3_reset(delete_exact); sqlite3_reset(delete_sub); sqlite3_clear_bindings(delete_exact); @@ -1555,7 +1554,11 @@ pdb_update_inode(pseudo_msg_t *msg) { sqlite3_bind_int(update, 2, msg->ino); rc = sqlite3_bind_text(update, 3, msg->path, -1, SQLITE_STATIC); if (rc) { - dberr(file_db, "error binding %s to select", msg->pathlen ? msg->path : "<nil>"); + /* msg->path can never be null, and if msg didn't + * have a non-zero pathlen, we'd already have exited + * above + */ + dberr(file_db, "error binding %s to select", msg->path); } rc = sqlite3_step(update); diff --git a/pseudo_util.c b/pseudo_util.c index 388ff50..9bbd756 100644 --- a/pseudo_util.c +++ b/pseudo_util.c @@ -367,14 +367,11 @@ pseudo_fix_path(const char *base, const char *path, size_t rootlen, size_t basel char ** pseudo_dropenv(char * const *environ) { char **new_environ; - int env_count = 0, found_preload = 0; + int env_count = 0; int i, j; - for (i = 0; environ[i]; ++i) { - if (!memcmp(environ[i], "LD_PRELOAD=", 11)) - found_preload = 1; + for (i = 0; environ[i]; ++i) ++env_count; - } new_environ = malloc((env_count + 1) * sizeof(*new_environ)); if (!new_environ) { pseudo_diag("fatal: can't allocate new environment.\n"); @@ -387,6 +384,7 @@ pseudo_dropenv(char * const *environ) { char *p; if (!strcmp(s, libpseudo_name)) { /* drop it completely */ + continue; } else if ((p = strstr(s, libpseudo_name)) != NULL) { char *without = strdup(environ[i]); if (!without) { |