clear all fds and mem prior to exec

src/main-script.c

@@ -74,6 +74,10 @@ int ret;
 			if (getnameinfo((void*)&proc->lease->rip6, proc->lease->rip6_len, remote, sizeof(remote), NULL, 0, NI_NUMERICHOST) != 0)
 				exit(1);
 		}
+		
+		/* FIXME: using close on exec should be more efficient
+		 * than that */
+		clear_lists(s);
 
 		ret = execlp(s->config->disconnect_script, s->config->disconnect_script,
 			proc->username, proc->lease->name, real, local, remote, NULL);
@@ -120,6 +124,8 @@ int ret, status;
 				exit(1);
 		}
 
+		clear_lists(s);
+
 		ret = execlp(s->config->connect_script, s->config->connect_script,
 			proc->username, proc->lease->name, real, local, remote, NULL);
 		if (ret == -1)

src/main.c

@@ -47,11 +47,6 @@ static unsigned int terminate = 0;
 static unsigned int need_maintainance = 0;
 static unsigned int need_children_cleanup = 0;
 
-struct listen_list_st {
-	struct list_head list;
-	int fd;
-};
-
 static void tls_log_func(int level, const char *str)
 {
 	syslog(LOG_DEBUG, "Debug[<%d>]: %s", level, str);
@@ -285,26 +280,21 @@ static void drop_privileges(struct cfg_st *config)
 	}
 }
 
-static void clear_listen_list(struct listen_list_st* llist)
+/* clears the server llist and clist. To be used after fork() */
+void clear_lists(main_server_st *s)
 {
 	struct list_head *cq;
 	struct list_head *pos;
 	struct listen_list_st *ltmp;
+	struct proc_list_st *ctmp;
 
-	list_for_each_safe(pos, cq, &llist->list) {
+	list_for_each_safe(pos, cq, &s->llist->list) {
 		ltmp = list_entry(pos, struct listen_list_st, list);
 		close(ltmp->fd);
 		list_del(&ltmp->list);
 	}
-}
 
-static void clear_proc_list(struct proc_list_st* clist)
-{
-	struct list_head *cq;
-	struct list_head *pos;
-	struct proc_list_st *ctmp;
-
-	list_for_each_safe(pos, cq, &clist->list) {
+	list_for_each_safe(pos, cq, &s->clist->list) {
 		ctmp = list_entry(pos, struct proc_list_st, list);
 		if (ctmp->fd >= 0)
 			close(ctmp->fd);
@@ -390,6 +380,8 @@ int main(int argc, char** argv)
 	s.config = &config;
 	s.tun = &tun;
 	s.tls_db = tls_db;
+	s.llist = &llist;
+	s.clist = &clist;
 	
 	/* Listen to network ports */
 	ret = listen_ports(&config, &llist, config.name, config.port, SOCK_STREAM);
@@ -542,8 +534,7 @@ int main(int argc, char** argv)
 					 * running the server
 					 */
 					close(cmd_fd[0]);
-					clear_listen_list(&llist);
-					clear_proc_list(&clist);
+					clear_lists(&s);
 					
 					ws.config = &config;
 					ws.cmd_fd = cmd_fd[1];
@@ -599,8 +590,7 @@ fork_failed:
 			pid = fork();
 			if (pid == 0) {	/* child */
 				syslog(LOG_INFO, "Performing maintainance");
-				clear_listen_list(&llist);
-				clear_proc_list(&clist);
+				clear_lists(&s);
 
 				expire_cookies(&config);
 				expire_tls_sessions(&s);

src/main.h

@@ -11,6 +11,11 @@
 
 int cmd_parser (int argc, char **argv, struct cfg_st* config);
 
+struct listen_list_st {
+	struct list_head list;
+	int fd;
+};
+
 struct proc_list_st {
 	struct list_head list;
 	int fd;
@@ -29,8 +34,13 @@ typedef struct main_server_st {
 	struct cfg_st *config;
 	struct tun_st *tun;
 	tls_cache_db_st *tls_db;
+	
+	struct listen_list_st* llist;
+	struct proc_list_st* clist;
 } main_server_st;
 
+void clear_lists(main_server_st *s);
+
 int handle_commands(main_server_st *s, struct proc_list_st* cur);
 
 int call_connect_script(main_server_st *s, struct proc_list_st* cur);