GitLab/ocserv
1
0
Fork 0
mirror of https://gitlab.com/openconnect/ocserv.git synced 2026-02-10 08:46:58 +08:00
Code Issues Packages Projects Releases Wiki Activity

Setup an alternative stack for signals on heap.

Browse Source
This commit is contained in:
Nikos Mavrogiannopoulos
2014-04-19 12:03:40 +02:00
parent 2577f8bfa7
commit 03f6e7cc16
5 changed files with 39 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
configure.ac
View File

@@ -190,7 +190,7 @@ AC_CHECK_MEMBER([struct sockaddr.sa_len],
AC_CHECK_HEADERS([net/if_tun.h linux/if_tun.h netinet/in_systm.h], [], [], []) AC_CHECK_HEADERS([net/if_tun.h linux/if_tun.h netinet/in_systm.h], [], [], [])
AC_CHECK_FUNCS([setproctitle clock_gettime isatty pselect getpeereid]) AC_CHECK_FUNCS([setproctitle clock_gettime isatty pselect getpeereid sigaltstack])
if [ test -z "$LIBWRAP" ];then if [ test -z "$LIBWRAP" ];then
libwrap_enabled="no" libwrap_enabled="no"

3
src/system.c
View File

@@ -23,6 +23,8 @@
# include <sys/prctl.h> # include <sys/prctl.h>
#endif #endif
#include <signal.h>
void kill_on_parent_kill(int sig) void kill_on_parent_kill(int sig)
{ {
#ifdef __linux__ #ifdef __linux__
@@ -30,6 +32,7 @@ void kill_on_parent_kill(int sig)
#endif #endif
} }
SIGHANDLER_T ocsignal(int signum, SIGHANDLER_T handler) SIGHANDLER_T ocsignal(int signum, SIGHANDLER_T handler)
{ {
struct sigaction new_action, old_action; struct sigaction new_action, old_action;

32
src/worker-misc.c
View File

@@ -43,6 +43,11 @@
#include <cookies.h> #include <cookies.h>
#include <tlslib.h> #include <tlslib.h>
#ifdef HAVE_SIGALTSTACK
# include <signal.h>
# include <sys/mman.h>
#endif
int handle_worker_commands(struct worker_st *ws) int handle_worker_commands(struct worker_st *ws)
{ {
struct iovec iov[3]; struct iovec iov[3];
@@ -217,3 +222,30 @@ int complete_vpn_info(worker_st * ws, struct vpn_st *vinfo)
return 0; return 0;
} }
void ocsigaltstack(struct worker_st *ws)
{
#ifdef HAVE_SIGALTSTACK
stack_t ss;
int e;
/* setup the stack for signal handlers */
if (posix_memalign(&ss.ss_sp, getpagesize(), SIGSTKSZ) < 0) {
oclog(ws, LOG_ERR,
"could not allocate memory for signal stack");
exit(1);
}
if (mprotect(ss.ss_sp, SIGSTKSZ, PROT_EXEC) == -1) {
e = errno;
oclog(ws, LOG_ERR, "mprotect: %s\n", strerror(e));
exit(1);
}
ss.ss_size = SIGSTKSZ;
ss.ss_flags = 0;
if (sigaltstack(&ss, NULL) == -1) {
e = errno;
oclog(ws, LOG_ERR, "sigaltstack: %s\n", strerror(e));
exit(1);
}
#endif
}

2
src/worker-vpn.c
View File

@@ -642,6 +642,8 @@ void vpn_server(struct worker_st *ws)
url_handler_fn fn; url_handler_fn fn;
int requests_left = MAX_HTTP_REQUESTS; int requests_left = MAX_HTTP_REQUESTS;
ocsigaltstack(ws);
ocsignal(SIGTERM, handle_term); ocsignal(SIGTERM, handle_term);
ocsignal(SIGINT, handle_term); ocsignal(SIGINT, handle_term);
ocsignal(SIGHUP, SIG_IGN); ocsignal(SIGHUP, SIG_IGN);

1
src/worker.h
View File

@@ -247,6 +247,7 @@ int complete_vpn_info(worker_st * ws,
int send_tun_mtu(worker_st *ws, unsigned int mtu); int send_tun_mtu(worker_st *ws, unsigned int mtu);
int handle_worker_commands(struct worker_st *ws); int handle_worker_commands(struct worker_st *ws);
int disable_system_calls(struct worker_st *ws); int disable_system_calls(struct worker_st *ws);
void ocsigaltstack(struct worker_st *ws);
inline static inline static
int send_msg_to_main(worker_st *ws, uint8_t cmd, int send_msg_to_main(worker_st *ws, uint8_t cmd,