r4995 - trunk/varnish-cache/bin/varnishd

Sat Jul 3 11:04:57 CEST 2010

Author: phk
Date: 2010-07-03 11:04:57 +0200 (Sat, 03 Jul 2010)
New Revision: 4995

Modified:
   trunk/varnish-cache/bin/varnishd/mgt_vcc.c
Log:
Move the dlopen/dlsym/dlclose check of newly compiled VCL code to
a sub process, to make contamination of the MGR process impossible.



Modified: trunk/varnish-cache/bin/varnishd/mgt_vcc.c
===================================================================

--- trunk/varnish-cache/bin/varnishd/mgt_vcc.c	2010-06-30 12:55:57 UTC (rev 4994)
+++ trunk/varnish-cache/bin/varnishd/mgt_vcc.c	2010-07-03 09:04:57 UTC (rev 4995)
@@ -55,6 +55,7 @@
 #include "mgt_cli.h"
 #include "heritage.h"
 
+#include "vcl.h"
 #include "vss.h"
 
 struct vclprog {
@@ -124,16 +125,6 @@
 }
 
 /*--------------------------------------------------------------------
- * Invoke system C compiler in a sub-process
- */
-
-static void
-run_cc(void *priv)
-{
-	(void)execl("/bin/sh", "/bin/sh", "-c", priv, NULL);
-}
-
-/*--------------------------------------------------------------------
  * Invoke system VCC compiler in a sub-process
  */
 
@@ -168,7 +159,6 @@
 		fprintf(stderr, "Cannot open %s", vp->sf);
 		exit (1);
 	}
-	mgt_got_fd(fd);
 	l = strlen(csrc);
 	i = write(fd, csrc, l);
 	if (i != l) {
@@ -181,6 +171,57 @@
 }
 
 /*--------------------------------------------------------------------
+ * Invoke system C compiler in a sub-process
+ */
+
+static void
+run_cc(void *priv)
+{
+	(void)execl("/bin/sh", "/bin/sh", "-c", priv, NULL);
+}
+
+/*--------------------------------------------------------------------
+ * Attempt to open compiled VCL in a sub-process
+ */
+
+static void
+run_dlopen(void *priv)
+{
+	const char *of;
+	void *dlh;
+	struct VCL_conf const *cnf;
+
+	of = priv;
+
+	/* Try to load the object into the management process */
+	if ((dlh = dlopen(of, RTLD_NOW | RTLD_LOCAL)) == NULL) {
+		fprintf(stderr,
+		    "Compiled VCL program failed to load:\n  %s\n",
+		    dlerror());
+		exit(1);
+	}
+
+	cnf = dlsym(dlh, "VCL_conf");
+	if (cnf == NULL) {
+		fprintf(stderr, "Compiled VCL program, metadata not found\n");
+		exit(1);
+	}
+
+	if (cnf->magic != VCL_CONF_MAGIC) {
+		fprintf(stderr, "Compiled VCL program, mangled metadata\n");
+		exit(1);
+	}
+
+	if (dlclose(dlh)) {
+		fprintf(stderr,
+		    "Compiled VCL program failed to unload:\n  %s\n",
+		    dlerror());
+		exit(1);
+	}
+	exit(0);
+}
+
+/*--------------------------------------------------------------------
  * Compile a VCL program, return shared object, errors in sb.
  */
 
@@ -193,7 +234,6 @@
 	char of[sizeof sf + 1];
 	char *retval;
 	int sfd, i;
-	void *dlh;
 	struct vcc_priv vp;
 
 	/* Create temporary C source file */
@@ -235,25 +275,14 @@
 	(void)unlink(sf);
 	vsb_delete(cmdsb);
 
+	if (!i) 
+		i = SUB_run(sb, run_dlopen, of, "dlopen", 10);
+
 	if (i) {
 		(void)unlink(of);
 		return (NULL);
 	}
 
-	/* Try to load the object into the management process */
-	if ((dlh = dlopen(of, RTLD_NOW | RTLD_LOCAL)) == NULL) {
-		vsb_printf(sb,
-		    "Compiled VCL program failed to load:\n  %s", dlerror());
-		(void)unlink(of);
-		return (NULL);
-	}
-
-	/*
-	 * XXX: we should look up and check the handle in the loaded
-	 * object
-	 */
-
-	AZ(dlclose(dlh));
 	retval = strdup(of);
 	XXXAN(retval);
 	return (retval);


