|
|
88aca9 |
From 985d17d57cfd5a36bfdecc891e9331210ea38ee4 Mon Sep 17 00:00:00 2001
|
|
|
88aca9 |
From: Rob Crittenden <rcritten@redhat.com>
|
|
|
88aca9 |
Date: Mon, 8 Aug 2016 10:12:01 -0400
|
|
|
88aca9 |
Subject: [PATCH] Fix semaphore leak in nss_pcache
|
|
|
88aca9 |
|
|
|
88aca9 |
On shutdown Apache was sending a SIGTERM which caused the helper
|
|
|
88aca9 |
to be killed rather than shutting down gracefully, resulting in
|
|
|
88aca9 |
a leak of the semaphone lock in nss_pcache.
|
|
|
88aca9 |
|
|
|
88aca9 |
Catch that signal and shut down gracefully instead.
|
|
|
88aca9 |
|
|
|
88aca9 |
Resolves: #1364560
|
|
|
88aca9 |
|
|
|
88aca9 |
---
|
|
|
88aca9 |
nss_pcache.c | 43 +++++++++++++++++++++++++++++++++----------
|
|
|
88aca9 |
1 file changed, 33 insertions(+), 10 deletions(-)
|
|
|
88aca9 |
|
|
|
88aca9 |
diff --git a/nss_pcache.c b/nss_pcache.c
|
|
|
88aca9 |
index a8b15f7..5e98adb 100644
|
|
|
88aca9 |
--- a/nss_pcache.c
|
|
|
88aca9 |
+++ b/nss_pcache.c
|
|
|
88aca9 |
@@ -95,6 +95,37 @@ struct Node
|
|
|
88aca9 |
|
|
|
88aca9 |
/* global variables */
|
|
|
88aca9 |
Node *pinList = NULL;
|
|
|
88aca9 |
+int semid = 0;
|
|
|
88aca9 |
+PRFileDesc *in = NULL;
|
|
|
88aca9 |
+PRFileDesc *out = NULL;
|
|
|
88aca9 |
+
|
|
|
88aca9 |
+void cleanup() {
|
|
|
88aca9 |
+ union semun semarg;
|
|
|
88aca9 |
+
|
|
|
88aca9 |
+ freeList(pinList);
|
|
|
88aca9 |
+ pinList = NULL;
|
|
|
88aca9 |
+
|
|
|
88aca9 |
+ if (in) {
|
|
|
88aca9 |
+ PR_Close(in);
|
|
|
88aca9 |
+ in = NULL;
|
|
|
88aca9 |
+ }
|
|
|
88aca9 |
+
|
|
|
88aca9 |
+ if (NSS_IsInitialized()) {
|
|
|
88aca9 |
+ NSS_Shutdown();
|
|
|
88aca9 |
+ }
|
|
|
88aca9 |
+
|
|
|
88aca9 |
+ /* Remove the semaphore used for locking here. This is because this
|
|
|
88aca9 |
+ * program only goes away when Apache shuts down so we don't have to
|
|
|
88aca9 |
+ * worry about reloads.
|
|
|
88aca9 |
+ */
|
|
|
88aca9 |
+ semctl(semid, 0, IPC_RMID, semarg);
|
|
|
88aca9 |
+}
|
|
|
88aca9 |
+
|
|
|
88aca9 |
+void signalhandler(int signo) {
|
|
|
88aca9 |
+ if (signo == SIGTERM) {
|
|
|
88aca9 |
+ cleanup();
|
|
|
88aca9 |
+ }
|
|
|
88aca9 |
+}
|
|
|
88aca9 |
|
|
|
88aca9 |
/*
|
|
|
88aca9 |
* CreatePk11PinStore
|
|
|
88aca9 |
@@ -308,8 +339,6 @@ Pk11StoreGetPin(char **out, Pk11PinStore *store)
|
|
|
88aca9 |
int main(int argc, char ** argv)
|
|
|
88aca9 |
{
|
|
|
88aca9 |
SECStatus rv;
|
|
|
88aca9 |
- PRFileDesc *in;
|
|
|
88aca9 |
- PRFileDesc *out;
|
|
|
88aca9 |
PRPollDesc pd;
|
|
|
88aca9 |
PRIntervalTime timeout = PR_INTERVAL_NO_TIMEOUT;
|
|
|
88aca9 |
char buf[1024];
|
|
|
88aca9 |
@@ -318,7 +347,6 @@ int main(int argc, char ** argv)
|
|
|
88aca9 |
char * tokenName;
|
|
|
88aca9 |
char * tokenpw;
|
|
|
88aca9 |
int fipsmode = 0;
|
|
|
88aca9 |
- int semid = 0;
|
|
|
88aca9 |
union semun semarg;
|
|
|
88aca9 |
|
|
|
88aca9 |
if (argc < 4 || argc > 5) {
|
|
|
88aca9 |
@@ -327,6 +355,7 @@ int main(int argc, char ** argv)
|
|
|
88aca9 |
}
|
|
|
88aca9 |
|
|
|
88aca9 |
signal(SIGHUP, SIG_IGN);
|
|
|
88aca9 |
+ signal(SIGTERM, signalhandler);
|
|
|
88aca9 |
|
|
|
88aca9 |
semid = strtol(argv[1], NULL, 10);
|
|
|
88aca9 |
|
|
|
88aca9 |
@@ -459,13 +488,7 @@ int main(int argc, char ** argv)
|
|
|
88aca9 |
}
|
|
|
88aca9 |
}
|
|
|
88aca9 |
}
|
|
|
88aca9 |
- freeList(pinList);
|
|
|
88aca9 |
- PR_Close(in);
|
|
|
88aca9 |
- /* Remove the semaphore used for locking here. This is because this
|
|
|
88aca9 |
- * program only goes away when Apache shuts down so we don't have to
|
|
|
88aca9 |
- * worry about reloads.
|
|
|
88aca9 |
- */
|
|
|
88aca9 |
- semctl(semid, 0, IPC_RMID, semarg);
|
|
|
88aca9 |
+ cleanup();
|
|
|
88aca9 |
return 0;
|
|
|
88aca9 |
}
|
|
|
88aca9 |
|
|
|
88aca9 |
--
|
|
|
88aca9 |
1.8.3.1
|
|
|
88aca9 |
|