--------------------- PatchSet 5861 Date: 2003/08/09 17:44:47 Author: serassio Branch: nt-2_5 Tag: (none) Log: Make sure that child processes don't inherit open files from parent, fixed some wrong debug infos Members: port/win32/squid.dsw:1.1.2.22->1.1.2.23 port/win32/include/squid-mswin.h:1.1.2.16->1.1.2.17 src/cachemgr.c:1.6.14.8->1.6.14.9 src/ipc.c:1.7.10.9->1.7.10.10 src/pinger.c:1.4.74.6->1.4.74.7 Index: squid/port/win32/squid.dsw =================================================================== RCS file: /cvsroot/squid-sf//squid/port/win32/Attic/squid.dsw,v retrieving revision 1.1.2.22 retrieving revision 1.1.2.23 diff -u -r1.1.2.22 -r1.1.2.23 --- squid/port/win32/squid.dsw 1 Dec 2002 09:33:30 -0000 1.1.2.22 +++ squid/port/win32/squid.dsw 9 Aug 2003 17:44:47 -0000 1.1.2.23 @@ -162,9 +162,6 @@ Project_Dep_Name fake_auth End Project Dependency Begin Project Dependency - Project_Dep_Name LDAP_auth - End Project Dependency - Begin Project Dependency Project_Dep_Name NCSA_auth End Project Dependency Begin Project Dependency @@ -192,9 +189,6 @@ Project_Dep_Name icons End Project Dependency Begin Project Dependency - Project_Dep_Name LDAP_group - End Project Dependency - Begin Project Dependency Project_Dep_Name ip_user_check End Project Dependency }}} Index: squid/port/win32/include/squid-mswin.h =================================================================== RCS file: /cvsroot/squid-sf//squid/port/win32/include/Attic/squid-mswin.h,v retrieving revision 1.1.2.16 retrieving revision 1.1.2.17 diff -u -r1.1.2.16 -r1.1.2.17 --- squid/port/win32/include/squid-mswin.h 2 May 2003 14:52:00 -0000 1.1.2.16 +++ squid/port/win32/include/squid-mswin.h 9 Aug 2003 17:44:47 -0000 1.1.2.17 @@ -1,5 +1,5 @@ /* - * $Id: squid-mswin.h,v 1.1.2.16 2003/05/02 14:52:00 serassio Exp $ + * $Id: squid-mswin.h,v 1.1.2.17 2003/08/09 17:44:47 serassio Exp $ * * AUTHOR: Guido Serassio & Andrey Shorin * @@ -276,16 +276,20 @@ (errno = WSAGetLastError()), -1 : ws32_result) #define recv(s,b,l,f) \ (SOCKET_ERROR == (ws32_result = recv(_get_osfhandle(s),b,l,f)) ? \ - (errno = WSAGetLastError()), -1 : ws32_result) + (errno = WSAGetLastError()), (((errno == WSAESHUTDOWN) || (errno == WSAECONNABORTED) \ + || (errno == WSAECONNRESET)) ? 0 : -1) : ws32_result) #define recvfrom(s,b,l,f,fr,frl) \ (SOCKET_ERROR == (ws32_result = recvfrom(_get_osfhandle(s),b,l,f,fr,frl)) ? \ - (errno = WSAGetLastError()), -1 : ws32_result) + (errno = WSAGetLastError()), (((errno == WSAESHUTDOWN) || (errno == WSAECONNABORTED) \ + || (errno == WSAECONNRESET)) ? 0 : -1) : ws32_result) #define send(s,b,l,f) \ (SOCKET_ERROR == (ws32_result = send(_get_osfhandle(s),b,l,f)) ? \ - (errno = WSAGetLastError()), -1 : ws32_result) + (errno = WSAGetLastError()), (((errno == WSAESHUTDOWN) || (errno == WSAECONNABORTED) \ + || (errno == WSAECONNRESET)) ? 0 : -1) : ws32_result) #define sendto(s,b,l,f,t,tl) \ (SOCKET_ERROR == (ws32_result = sendto(_get_osfhandle(s),b,l,f,t,tl)) ? \ - (errno = WSAGetLastError()), -1 : ws32_result) + (errno = WSAGetLastError()), (((errno == WSAESHUTDOWN) || (errno == WSAECONNABORTED) \ + || (errno == WSAECONNRESET)) ? 0 : -1) : ws32_result) #define getsockname(s,n,l) \ (SOCKET_ERROR == getsockname(_get_osfhandle(s),n,l) ? \ (errno = WSAGetLastError()), -1 : 0) Index: squid/src/cachemgr.c =================================================================== RCS file: /cvsroot/squid-sf//squid/src/Attic/cachemgr.c,v retrieving revision 1.6.14.8 retrieving revision 1.6.14.9 diff -u -r1.6.14.8 -r1.6.14.9 --- squid/src/cachemgr.c 14 Jun 2003 10:39:51 -0000 1.6.14.8 +++ squid/src/cachemgr.c 9 Aug 2003 17:44:47 -0000 1.6.14.9 @@ -1,6 +1,6 @@ /* - * $Id: cachemgr.c,v 1.6.14.8 2003/06/14 10:39:51 serassio Exp $ + * $Id: cachemgr.c,v 1.6.14.9 2003/08/09 17:44:47 serassio Exp $ * * DEBUG: section 0 CGI Cache Manager * AUTHOR: Duane Wessels @@ -622,7 +622,7 @@ req->action, make_auth_header(req)); #ifdef _SQUID_MSWIN_ - send(s, buf, l,0); + send(s, buf, l, 0); #else write(s, buf, l); #endif Index: squid/src/ipc.c =================================================================== RCS file: /cvsroot/squid-sf//squid/src/ipc.c,v retrieving revision 1.7.10.9 retrieving revision 1.7.10.10 diff -u -r1.7.10.9 -r1.7.10.10 --- squid/src/ipc.c 27 Oct 2002 10:46:15 -0000 1.7.10.9 +++ squid/src/ipc.c 9 Aug 2003 17:44:47 -0000 1.7.10.10 @@ -1,6 +1,6 @@ /* - * $Id: ipc.c,v 1.7.10.9 2002/10/27 10:46:15 serassio Exp $ + * $Id: ipc.c,v 1.7.10.10 2003/08/09 17:44:47 serassio Exp $ * * DEBUG: section 54 Interprocess Communication * AUTHOR: Duane Wessels @@ -164,11 +164,11 @@ int p2c[2]; int c2p[2]; if (pipe(p2c) < 0) { - debug(50, 0) ("ipcCreate: pipe: %s\n", xstrerror()); + debug(54, 0) ("ipcCreate: pipe: %s\n", xstrerror()); return -1; } if (pipe(c2p) < 0) { - debug(50, 0) ("ipcCreate: pipe: %s\n", xstrerror()); + debug(54, 0) ("ipcCreate: pipe: %s\n", xstrerror()); return -1; } fd_open(prfd = p2c[0], FD_PIPE, "IPC FIFO Parent Read"); @@ -196,7 +196,7 @@ len = sizeof(PS); memset(&PS, '\0', len); if (getsockname(pwfd, (struct sockaddr *) &PS, &len) < 0) { - debug(50, 0) ("ipcCreate: getsockname: %s\n", xstrerror()); + debug(54, 0) ("ipcCreate: getsockname: %s\n", xstrerror()); return ipcCloseAllFD(prfd, pwfd, crfd, cwfd); } debug(54, 3) ("ipcCreate: FD %d sockaddr %s:%d\n", @@ -230,10 +230,10 @@ thread = _beginthreadex(NULL, 0, ipc_thread_1, ¶ms, 0, NULL); if (thread == 0) { - debug(50, 1) ("ipcCreate: _beginthread: %s\n", xstrerror()); + debug(54, 1) ("ipcCreate: _beginthread: %s\n", xstrerror()); #else if ((pid = fork()) < 0) { - debug(50, 1) ("ipcCreate: fork: %s\n", xstrerror()); + debug(54, 1) ("ipcCreate: fork: %s\n", xstrerror()); #endif return ipcCloseAllFD(prfd, pwfd, crfd, cwfd); } @@ -246,13 +246,18 @@ cwfd = crfd = -1; if (type == IPC_TCP_SOCKET || type == IPC_UDP_SOCKET) { #else -#undef ipcCloseAllFD -#define ipcCloseAllFD(w,x,y,z) (CloseHandle((HANDLE)thread), ipcCloseAllFD((w),(x),-1,-1)) { { #endif if (comm_connect_addr(pwfd, &CS) == COMM_ERROR) +#ifdef _SQUID_MSWIN_ + { + CloseHandle((HANDLE)thread); + return ipcCloseAllFD(prfd, pwfd, -1, -1); + } +#else return ipcCloseAllFD(prfd, pwfd, crfd, cwfd); +#endif } memset(hello_buf, '\0', HELLO_BUF_SZ); #ifdef _SQUID_MSWIN_ @@ -264,33 +269,46 @@ x = read(prfd, hello_buf, HELLO_BUF_SZ - 1); #endif if (x < 0) { - debug(50, 0) ("ipcCreate: PARENT: hello read test failed\n"); - debug(50, 0) ("--> read: %s\n", xstrerror()); + debug(54, 0) ("ipcCreate: PARENT: hello read test failed\n"); + debug(54, 0) ("--> read: %s\n", xstrerror()); +#ifdef _SQUID_MSWIN_ + CloseHandle((HANDLE)thread); + return ipcCloseAllFD(prfd, pwfd, -1, -1); +#else return ipcCloseAllFD(prfd, pwfd, crfd, cwfd); +#endif } else if (strcmp(hello_buf, hello_string)) { debug(54, 0) ("ipcCreate: PARENT: hello read test failed\n"); debug(54, 0) ("--> read returned %d\n", x); debug(54, 0) ("--> got '%s'\n", rfc1738_escape(hello_buf)); +#ifdef _SQUID_MSWIN_ + CloseHandle((HANDLE)thread); + return ipcCloseAllFD(prfd, pwfd, -1, -1); +#else return ipcCloseAllFD(prfd, pwfd, crfd, cwfd); +#endif } #ifdef _SQUID_MSWIN_ x = send(pwfd, ok_string, strlen(ok_string), 0); if (x < 0) { - debug(50, 0) ("ipcCreate: PARENT: OK write test failed\n"); - debug(50, 0) ("--> read: %s\n", xstrerror()); - return ipcCloseAllFD(prfd, pwfd, crfd, cwfd); + debug(54, 0) ("ipcCreate: PARENT: OK write test failed\n"); + debug(54, 0) ("--> read: %s\n", xstrerror()); + CloseHandle((HANDLE)thread); + return ipcCloseAllFD(prfd, pwfd, -1, -1); } memset(hello_buf, '\0', HELLO_BUF_SZ); x = recv(prfd, hello_buf, HELLO_BUF_SZ - 1, 0); if (x < 0) { - debug(50, 0) ("ipcCreate: PARENT: OK read test failed\n"); - debug(50, 0) ("--> read: %s\n", xstrerror()); - return ipcCloseAllFD(prfd, pwfd, crfd, cwfd); + debug(54, 0) ("ipcCreate: PARENT: OK read test failed\n"); + debug(54, 0) ("--> read: %s\n", xstrerror()); + CloseHandle((HANDLE)thread); + return ipcCloseAllFD(prfd, pwfd, -1, -1); } else if (!strcmp(hello_buf, err_string)) { debug(54, 0) ("ipcCreate: PARENT: OK read test failed\n"); debug(54, 0) ("--> read returned %d\n", x); debug(54, 0) ("--> got '%s'\n", rfc1738_escape(hello_buf)); - return ipcCloseAllFD(prfd, pwfd, crfd, cwfd); + CloseHandle((HANDLE)thread); + return ipcCloseAllFD(prfd, pwfd, -1, -1); } hello_buf[x] = '\0'; pid = atol(hello_buf); @@ -315,8 +333,10 @@ if (ppid) *ppid = pid; return pwfd; - } else - return ipcCloseAllFD(prfd, pwfd, crfd, cwfd); + } else { + CloseHandle((HANDLE)thread); + return ipcCloseAllFD(prfd, pwfd, -1, -1); + } } #else fd_table[prfd].flags.ipc = 1; @@ -333,7 +353,6 @@ } #ifdef _SQUID_MSWIN_ } -#undef ipcCloseAllFD static int ipcSend(int cwfd, const char *buf, int len) @@ -342,8 +361,8 @@ x = send(cwfd, buf, len, 0); if (x < 0) { - debug(50, 0) ("sendto FD %d: %s\n", cwfd, xstrerror()); - debug(50, 0) ("ipcCreate: CHILD: hello write test failed\n"); + debug(54, 0) ("sendto FD %d: %s\n", cwfd, xstrerror()); + debug(54, 0) ("ipcCreate: CHILD: hello write test failed\n"); } return x; } @@ -397,7 +416,7 @@ if (type == IPC_TCP_SOCKET) { debug(54, 3) ("ipcCreate: calling accept on FD %d\n", crfd); if ((fd = accept(crfd, NULL, NULL)) < 0) { - debug(50, 0) ("ipcCreate: FD %d accept: %s\n", crfd, xstrerror()); + debug(54, 0) ("ipcCreate: FD %d accept: %s\n", crfd, xstrerror()); #ifdef _SQUID_MSWIN_ goto cleanup; #else @@ -423,14 +442,13 @@ #endif } #ifndef _SQUID_MSWIN_ - if (type == IPC_UDP_SOCKET) { -#else - { + if (type == IPC_UDP_SOCKET) #endif + { x = send(cwfd, hello_string, strlen(hello_string) + 1, 0); if (x < 0) { - debug(50, 0) ("sendto FD %d: %s\n", cwfd, xstrerror()); - debug(50, 0) ("ipcCreate: CHILD: hello write test failed\n"); + debug(54, 0) ("sendto FD %d: %s\n", cwfd, xstrerror()); + debug(54, 0) ("ipcCreate: CHILD: hello write test failed\n"); #ifdef _SQUID_MSWIN_ goto cleanup; } @@ -440,8 +458,8 @@ } } else { if (write(cwfd, hello_string, strlen(hello_string) + 1) < 0) { - debug(50, 0) ("write FD %d: %s\n", cwfd, xstrerror()); - debug(50, 0) ("ipcCreate: CHILD: hello write test failed\n"); + debug(54, 0) ("write FD %d: %s\n", cwfd, xstrerror()); + debug(54, 0) ("ipcCreate: CHILD: hello write test failed\n"); _exit(1); } } @@ -489,8 +507,8 @@ memset(buf1, '\0', sizeof(buf1)); x = recv(crfd, buf1, 8191, 0); if (x < 0) { - debug(50, 0) ("ipcCreate: CHILD: OK read test failed\n"); - debug(50, 0) ("--> read: %s\n", xstrerror()); + debug(54, 0) ("ipcCreate: CHILD: OK read test failed\n"); + debug(54, 0) ("--> read: %s\n", xstrerror()); goto cleanup; } else if (strcmp(buf1, ok_string)) { debug(54, 0) ("ipcCreate: CHILD: OK read test failed\n"); @@ -500,12 +518,12 @@ } /* assign file descriptors to child process */ if (_pipe(p2c, 1024, _O_BINARY | _O_NOINHERIT) < 0) { - debug(50, 0) ("ipcCreate: CHILD: pipe: %s\n", xstrerror()); + debug(54, 0) ("ipcCreate: CHILD: pipe: %s\n", xstrerror()); ipcSend(cwfd, err_string, strlen(err_string)); goto cleanup; } if (_pipe(c2p, 1024, _O_BINARY | _O_NOINHERIT) < 0) { - debug(50, 0) ("ipcCreate: CHILD: pipe: %s\n", xstrerror()); + debug(54, 0) ("ipcCreate: CHILD: pipe: %s\n", xstrerror()); ipcSend(cwfd, err_string, strlen(err_string)); goto cleanup; } @@ -515,8 +533,7 @@ crfd_ipc = cwfd_ipc = comm_open(SOCK_DGRAM, IPPROTO_UDP, local_addr, 0, 0, buf1); if (crfd_ipc < 0) { - debug(54, - 0) ("ipcCreate: CHILD: Failed to create child FD for %s.\n", + debug(54, 0) ("ipcCreate: CHILD: Failed to create child FD for %s.\n", prog); ipcSend(cwfd, err_string, strlen(err_string)); goto cleanup; @@ -525,8 +542,7 @@ snprintf(buf1, 8192, "%s(%ld) <-> ipc PARENT socket", prog, -1L); prfd_ipc = pwfd_ipc = comm_open(SOCK_DGRAM, IPPROTO_UDP, local_addr, 0, 0, buf1); if (pwfd_ipc < 0) { - debug(54, - 0) ("ipcCreate: CHILD: Failed to create server FD for %s.\n", + debug(54, 0) ("ipcCreate: CHILD: Failed to create server FD for %s.\n", prog); ipcSend(cwfd, err_string, strlen(err_string)); goto cleanup; @@ -535,7 +551,7 @@ tmp_s = sizeof(PS_ipc); memset(&PS_ipc, '\0', tmp_s); if (getsockname(pwfd_ipc, (struct sockaddr *) &PS_ipc, &tmp_s) < 0) { - debug(50, 0) ("ipcCreate: getsockname: %s\n", xstrerror()); + debug(54, 0) ("ipcCreate: getsockname: %s\n", xstrerror()); ipcSend(cwfd, err_string, strlen(err_string)); goto cleanup; } @@ -544,7 +560,7 @@ tmp_s = sizeof(CS_ipc); memset(&CS_ipc, '\0', tmp_s); if (getsockname(crfd_ipc, (struct sockaddr *) &CS_ipc, &tmp_s) < 0) { - debug(50, 0) ("ipcCreate: getsockname: %s\n", xstrerror()); + debug(54, 0) ("ipcCreate: getsockname: %s\n", xstrerror()); ipcSend(cwfd, err_string, strlen(err_string)); goto cleanup; } @@ -577,6 +593,7 @@ { STARTUPINFO si; PROCESS_INFORMATION pi; + fde *F; memset(&si, 0, sizeof(STARTUPINFO)); si.cb = sizeof(STARTUPINFO); @@ -585,7 +602,17 @@ si.hStdError = (HANDLE) _get_osfhandle(2); si.dwFlags = STARTF_USESTDHANDLES; - *buf1 = '\0'; + /* Make sure all other handles are not inerithable */ + for (x = 3; x < SQUID_MAXFD; x++) { + F = &fd_table[x]; + if (!F->flags.open) + continue; + if (x == fileno(debug_log)) + continue; + SetHandleInformation((HANDLE) _get_osfhandle(x), HANDLE_FLAG_INHERIT, 0); + } + + *buf1 = '\0'; strcpy(buf1 + 4096, params->prog); str = strtok(buf1 + 4096, w_space); do { @@ -617,7 +644,7 @@ if (pid == -1) { errno = x; - debug(50, 0) ("ipcCreate: CHILD: %s: %s\n", params->prog, xstrerror()); + debug(54, 0) ("ipcCreate: CHILD: %s: %s\n", params->prog, xstrerror()); ipcSend(cwfd, err_string, strlen(err_string)); goto cleanup; } @@ -627,14 +654,14 @@ memset(&wpi, 0, sizeof(wpi)); if (SOCKET_ERROR == WSADuplicateSocket(crfd_ipc, pid, &wpi)) { - debug(50, 0) ("ipcCreate: CHILD: WSADuplicateSocket: %s\n", + debug(54, 0) ("ipcCreate: CHILD: WSADuplicateSocket: %s\n", xstrerror()); ipcSend(cwfd, err_string, strlen(err_string)); goto cleanup; } x = write(c2p[1], (const char *) &wpi, sizeof(wpi)); if (x < sizeof(wpi)) { - debug(50, 0) ("ipcCreate: CHILD: write FD %d: %s\n", c2p[1], + debug(54, 0) ("ipcCreate: CHILD: write FD %d: %s\n", c2p[1], xstrerror()); debug(54, 0) ("ipcCreate: CHILD: %s: socket exchange failed\n", prog); @@ -643,7 +670,7 @@ } x = read(p2c[0], buf1, 8192); if (x < 0) { - debug(50, 0) ("ipcCreate: CHILD: read FD %d: %s\n", p2c[0], + debug(54, 0) ("ipcCreate: CHILD: read FD %d: %s\n", p2c[0], xstrerror()); debug(54, 0) ("ipcCreate: CHILD: %s: socket exchange failed\n", prog); @@ -660,7 +687,7 @@ } x = write(c2p[1], (const char *) &PS_ipc, sizeof(PS_ipc)); if (x < sizeof(PS_ipc)) { - debug(50, 0) ("ipcCreate: CHILD: write FD %d: %s\n", c2p[1], + debug(54, 0) ("ipcCreate: CHILD: write FD %d: %s\n", c2p[1], xstrerror()); debug(54, 0) ("ipcCreate: CHILD: %s: socket exchange failed\n", prog); @@ -669,7 +696,7 @@ } x = read(p2c[0], buf1, 8192); if (x < 0) { - debug(50, 0) ("ipcCreate: CHILD: read FD %d: %s\n", p2c[0], + debug(54, 0) ("ipcCreate: CHILD: read FD %d: %s\n", p2c[0], xstrerror()); debug(54, 0) ("ipcCreate: CHILD: %s: socket exchange failed\n", prog); @@ -711,7 +738,7 @@ thread = (HANDLE) _beginthreadex(NULL, 0, ipc_thread_2, &thread_params, 0, NULL); if (!thread) { - debug(50, 0) ("ipcCreate: CHILD: _beginthreadex: %s\n", xstrerror()); + debug(54, 0) ("ipcCreate: CHILD: _beginthreadex: %s\n", xstrerror()); ipcSend(cwfd, err_string, strlen(err_string)); goto cleanup; } Index: squid/src/pinger.c =================================================================== RCS file: /cvsroot/squid-sf//squid/src/pinger.c,v retrieving revision 1.4.74.6 retrieving revision 1.4.74.7 diff -u -r1.4.74.6 -r1.4.74.7 --- squid/src/pinger.c 23 Nov 2002 08:41:58 -0000 1.4.74.6 +++ squid/src/pinger.c 9 Aug 2003 17:44:47 -0000 1.4.74.7 @@ -1,6 +1,6 @@ /* - * $Id: pinger.c,v 1.4.74.6 2002/11/23 08:41:58 serassio Exp $ + * $Id: pinger.c,v 1.4.74.7 2003/08/09 17:44:47 serassio Exp $ * * DEBUG: section 42 ICMP Pinger program * AUTHOR: Duane Wessels @@ -236,7 +236,7 @@ } icmp_sock = socket(PF_INET, SOCK_RAW, proto->p_proto); if (icmp_sock < 0) { - debug(50, 0) ("pingerOpen: icmp_sock: %s\n", xstrerror()); + debug(42, 0) ("pingerOpen: icmp_sock: %s\n", xstrerror()); exit(1); } icmp_ident = getpid() & 0xffff; @@ -480,7 +480,7 @@ { int len = sizeof(pingerReplyData) - MAX_PKT_SZ + preply->psize; if (send(socket_to_squid, (char *) preply, len, 0) < 0) { - debug(50, 0) ("pinger: send: %s\n", xstrerror()); + debug(42, 0) ("pinger: send: %s\n", xstrerror()); pingerClose(); exit(1); }