* License along with this library; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
*/
+#include "config.h"
+
+#include <stdio.h>
+#include <stdlib.h>
#include <stddef.h>
#include <string.h>
#include <unistd.h>
#include <fcntl.h>
#include <errno.h>
-#define __USE_GNU
#include <sys/socket.h>
-#undef __USE_GNU
#include <sys/un.h>
#include "log.h"
size_t len;
struct sockaddr_un addr;
- if (flags & O_TRUNC)
- unlink(path);
-
fd = socket(PF_UNIX, type, 0);
if (fd < 0)
return -1;
addr.sun_family = AF_UNIX;
- len = strlen(&path[1]) + 1;
- if (len >= sizeof(addr.sun_path) - 1) {
+ len = strlen(&path[1]);
+ /* do not enforce \0-termination */
+ if (len >= sizeof(addr.sun_path)) {
close(fd);
errno = ENAMETOOLONG;
return -1;
/* addr.sun_path[0] has already been set to 0 by memset() */
strncpy(&addr.sun_path[1], &path[1], strlen(&path[1]));
- if (bind(fd, (struct sockaddr *)&addr, offsetof(struct sockaddr_un, sun_path) + len)) {
+ if (bind(fd, (struct sockaddr *)&addr, offsetof(struct sockaddr_un, sun_path) + len + 1)) {
int tmp = errno;
close(fd);
errno = tmp;
int lxc_abstract_unix_close(int fd)
{
- struct sockaddr_un addr;
- socklen_t addrlen = sizeof(addr);
-
- if (!getsockname(fd, (struct sockaddr *)&addr, &addrlen) &&
- addr.sun_path[0])
- unlink(addr.sun_path);
-
close(fd);
return 0;
addr.sun_family = AF_UNIX;
- len = strlen(&path[1]) + 1;
- if (len >= sizeof(addr.sun_path) - 1) {
+ len = strlen(&path[1]);
+ /* do not enforce \0-termination */
+ if (len >= sizeof(addr.sun_path)) {
close(fd);
errno = ENAMETOOLONG;
return -1;
/* addr.sun_path[0] has already been set to 0 by memset() */
strncpy(&addr.sun_path[1], &path[1], strlen(&path[1]));
- if (connect(fd, (struct sockaddr *)&addr, offsetof(struct sockaddr_un, sun_path) + len)) {
+ if (connect(fd, (struct sockaddr *)&addr, offsetof(struct sockaddr_un, sun_path) + len + 1)) {
int tmp = errno;
/* special case to connect to older containers */
if (connect(fd, (struct sockaddr *)&addr, sizeof(addr)) == 0)
return fd;
}
-int lxc_abstract_unix_send_fd(int fd, int sendfd, void *data, size_t size)
+int lxc_abstract_unix_send_fds(int fd, int *sendfds, int num_sendfds,
+ void *data, size_t size)
{
- struct msghdr msg = { 0 };
- struct iovec iov;
- struct cmsghdr *cmsg;
- char cmsgbuf[CMSG_SPACE(sizeof(int))];
- char buf[1];
- int *val;
-
- msg.msg_control = cmsgbuf;
- msg.msg_controllen = sizeof(cmsgbuf);
-
- cmsg = CMSG_FIRSTHDR(&msg);
- cmsg->cmsg_len = CMSG_LEN(sizeof(int));
- cmsg->cmsg_level = SOL_SOCKET;
- cmsg->cmsg_type = SCM_RIGHTS;
- val = (int *)(CMSG_DATA(cmsg));
- *val = sendfd;
-
- msg.msg_name = NULL;
- msg.msg_namelen = 0;
-
- iov.iov_base = data ? data : buf;
- iov.iov_len = data ? size : sizeof(buf);
- msg.msg_iov = &iov;
- msg.msg_iovlen = 1;
-
- return sendmsg(fd, &msg, 0);
+ int ret;
+ struct msghdr msg;
+ struct iovec iov;
+ struct cmsghdr *cmsg = NULL;
+ char buf[1] = {0};
+ char *cmsgbuf;
+ size_t cmsgbufsize = CMSG_SPACE(num_sendfds * sizeof(int));
+
+ memset(&msg, 0, sizeof(msg));
+ memset(&iov, 0, sizeof(iov));
+
+ cmsgbuf = malloc(cmsgbufsize);
+ if (!cmsgbuf)
+ return -1;
+
+ msg.msg_control = cmsgbuf;
+ msg.msg_controllen = cmsgbufsize;
+
+ cmsg = CMSG_FIRSTHDR(&msg);
+ cmsg->cmsg_level = SOL_SOCKET;
+ cmsg->cmsg_type = SCM_RIGHTS;
+ cmsg->cmsg_len = CMSG_LEN(num_sendfds * sizeof(int));
+
+ msg.msg_controllen = cmsg->cmsg_len;
+
+ memcpy(CMSG_DATA(cmsg), sendfds, num_sendfds * sizeof(int));
+
+ iov.iov_base = data ? data : buf;
+ iov.iov_len = data ? size : sizeof(buf);
+ msg.msg_iov = &iov;
+ msg.msg_iovlen = 1;
+
+ ret = sendmsg(fd, &msg, MSG_NOSIGNAL);
+ free(cmsgbuf);
+ return ret;
}
-int lxc_abstract_unix_recv_fd(int fd, int *recvfd, void *data, size_t size)
+int lxc_abstract_unix_recv_fds(int fd, int *recvfds, int num_recvfds,
+ void *data, size_t size)
{
- struct msghdr msg = { 0 };
- struct iovec iov;
- struct cmsghdr *cmsg;
- char cmsgbuf[CMSG_SPACE(sizeof(int))];
- char buf[1];
- int ret, *val;
-
- msg.msg_name = NULL;
- msg.msg_namelen = 0;
- msg.msg_control = cmsgbuf;
- msg.msg_controllen = sizeof(cmsgbuf);
-
- iov.iov_base = data ? data : buf;
- iov.iov_len = data ? size : sizeof(buf);
- msg.msg_iov = &iov;
- msg.msg_iovlen = 1;
+ int ret;
+ struct msghdr msg;
+ struct iovec iov;
+ struct cmsghdr *cmsg = NULL;
+ char buf[1] = {0};
+ char *cmsgbuf;
+ size_t cmsgbufsize = CMSG_SPACE(num_recvfds * sizeof(int));
+
+ memset(&msg, 0, sizeof(msg));
+ memset(&iov, 0, sizeof(iov));
+
+ cmsgbuf = malloc(cmsgbufsize);
+ if (!cmsgbuf)
+ return -1;
+
+ msg.msg_control = cmsgbuf;
+ msg.msg_controllen = cmsgbufsize;
+
+ iov.iov_base = data ? data : buf;
+ iov.iov_len = data ? size : sizeof(buf);
+ msg.msg_iov = &iov;
+ msg.msg_iovlen = 1;
ret = recvmsg(fd, &msg, 0);
if (ret <= 0)
goto out;
- cmsg = CMSG_FIRSTHDR(&msg);
+ cmsg = CMSG_FIRSTHDR(&msg);
- /* if the message is wrong the variable will not be
- * filled and the peer will notified about a problem */
- *recvfd = -1;
+ memset(recvfds, -1, num_recvfds * sizeof(int));
+ if (cmsg && cmsg->cmsg_len == CMSG_LEN(num_recvfds * sizeof(int)) &&
+ cmsg->cmsg_level == SOL_SOCKET && cmsg->cmsg_type == SCM_RIGHTS) {
+ memcpy(recvfds, CMSG_DATA(cmsg), num_recvfds * sizeof(int));
+ }
- if (cmsg && cmsg->cmsg_len == CMSG_LEN(sizeof(int)) &&
- cmsg->cmsg_level == SOL_SOCKET &&
- cmsg->cmsg_type == SCM_RIGHTS) {
- val = (int *) CMSG_DATA(cmsg);
- *recvfd = *val;
- }
out:
- return ret;
+ free(cmsgbuf);
+ return ret;
}
int lxc_abstract_unix_send_credential(int fd, void *data, size_t size)
{
- struct msghdr msg = { 0 };
- struct iovec iov;
- struct cmsghdr *cmsg;
+ struct msghdr msg = { 0 };
+ struct iovec iov;
+ struct cmsghdr *cmsg;
struct ucred cred = {
.pid = getpid(),
.uid = getuid(),
.gid = getgid(),
};
- char cmsgbuf[CMSG_SPACE(sizeof(cred))];
- char buf[1];
+ char cmsgbuf[CMSG_SPACE(sizeof(cred))] = {0};
+ char buf[1] = {0};
- msg.msg_control = cmsgbuf;
- msg.msg_controllen = sizeof(cmsgbuf);
+ msg.msg_control = cmsgbuf;
+ msg.msg_controllen = sizeof(cmsgbuf);
- cmsg = CMSG_FIRSTHDR(&msg);
- cmsg->cmsg_len = CMSG_LEN(sizeof(struct ucred));
- cmsg->cmsg_level = SOL_SOCKET;
- cmsg->cmsg_type = SCM_CREDENTIALS;
+ cmsg = CMSG_FIRSTHDR(&msg);
+ cmsg->cmsg_len = CMSG_LEN(sizeof(struct ucred));
+ cmsg->cmsg_level = SOL_SOCKET;
+ cmsg->cmsg_type = SCM_CREDENTIALS;
memcpy(CMSG_DATA(cmsg), &cred, sizeof(cred));
- msg.msg_name = NULL;
- msg.msg_namelen = 0;
+ msg.msg_name = NULL;
+ msg.msg_namelen = 0;
- iov.iov_base = data ? data : buf;
- iov.iov_len = data ? size : sizeof(buf);
- msg.msg_iov = &iov;
- msg.msg_iovlen = 1;
+ iov.iov_base = data ? data : buf;
+ iov.iov_len = data ? size : sizeof(buf);
+ msg.msg_iov = &iov;
+ msg.msg_iovlen = 1;
- return sendmsg(fd, &msg, 0);
+ return sendmsg(fd, &msg, MSG_NOSIGNAL);
}
int lxc_abstract_unix_rcv_credential(int fd, void *data, size_t size)
{
- struct msghdr msg = { 0 };
- struct iovec iov;
- struct cmsghdr *cmsg;
+ struct msghdr msg = { 0 };
+ struct iovec iov;
+ struct cmsghdr *cmsg;
struct ucred cred;
- char cmsgbuf[CMSG_SPACE(sizeof(cred))];
- char buf[1];
int ret;
+ char cmsgbuf[CMSG_SPACE(sizeof(cred))] = {0};
+ char buf[1] = {0};
- msg.msg_name = NULL;
- msg.msg_namelen = 0;
- msg.msg_control = cmsgbuf;
- msg.msg_controllen = sizeof(cmsgbuf);
+ msg.msg_name = NULL;
+ msg.msg_namelen = 0;
+ msg.msg_control = cmsgbuf;
+ msg.msg_controllen = sizeof(cmsgbuf);
- iov.iov_base = data ? data : buf;
- iov.iov_len = data ? size : sizeof(buf);
- msg.msg_iov = &iov;
- msg.msg_iovlen = 1;
+ iov.iov_base = data ? data : buf;
+ iov.iov_len = data ? size : sizeof(buf);
+ msg.msg_iov = &iov;
+ msg.msg_iovlen = 1;
ret = recvmsg(fd, &msg, 0);
if (ret <= 0)
goto out;
- cmsg = CMSG_FIRSTHDR(&msg);
+ cmsg = CMSG_FIRSTHDR(&msg);
- if (cmsg && cmsg->cmsg_len == CMSG_LEN(sizeof(struct ucred)) &&
- cmsg->cmsg_level == SOL_SOCKET &&
- cmsg->cmsg_type == SCM_CREDENTIALS) {
+ if (cmsg && cmsg->cmsg_len == CMSG_LEN(sizeof(struct ucred)) &&
+ cmsg->cmsg_level == SOL_SOCKET &&
+ cmsg->cmsg_type == SCM_CREDENTIALS) {
memcpy(&cred, CMSG_DATA(cmsg), sizeof(cred));
if (cred.uid && (cred.uid != getuid() || cred.gid != getgid())) {
INFO("message denied for '%d/%d'", cred.uid, cred.gid);
return -EACCES;
}
- }
+ }
out:
- return ret;
+ return ret;
}