Qubes/core-admin-client
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

app: close payload_stream in qubesd_call

Browse Source 
This is to prevent leaking file descriptors.

QubesOS/qubes-issues#2622
This commit is contained in:
Wojtek Porczyk 2017-05-26 19:09:29 +02:00
parent 2675d63579
commit 0a556fad8c
2 changed files with 8 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
qubesadmin/app.py
View File

@ -350,6 +350,8 @@ class QubesLocal(QubesBase):
:param payload: Payload send to the method :param payload: Payload send to the method
:param payload_stream: file-like object to read payload from :param payload_stream: file-like object to read payload from
:return: Data returned by qubesd (string) :return: Data returned by qubesd (string)
.. warning:: *payload_stream* will get closed by this function
''' '''
if payload and payload_stream: if payload and payload_stream:
raise ValueError( raise ValueError(
@ -369,6 +371,7 @@ class QubesLocal(QubesBase):
qrexec_call_env['QREXEC_REQUESTED_TARGET'] = dest qrexec_call_env['QREXEC_REQUESTED_TARGET'] = dest
proc = subprocess.Popen([method_path, arg], stdin=payload_stream, proc = subprocess.Popen([method_path, arg], stdin=payload_stream,
stdout=subprocess.PIPE, env=qrexec_call_env) stdout=subprocess.PIPE, env=qrexec_call_env)
payload_stream.close()
(return_data, _) = proc.communicate() (return_data, _) = proc.communicate()
return self._parse_qubesd_response(return_data) return self._parse_qubesd_response(return_data)
@ -455,6 +458,8 @@ class QubesRemote(QubesBase):
:param payload: Payload send to the method :param payload: Payload send to the method
:param payload_stream: file-like object to read payload from :param payload_stream: file-like object to read payload from
:return: Data returned by qubesd (string) :return: Data returned by qubesd (string)
.. warning:: *payload_stream* will get closed by this function
''' '''
if payload and payload_stream: if payload and payload_stream:
raise ValueError( raise ValueError(
@ -467,6 +472,8 @@ class QubesRemote(QubesBase):
stdin=(payload_stream or subprocess.PIPE), stdin=(payload_stream or subprocess.PIPE),
stdout=subprocess.PIPE, stdout=subprocess.PIPE,
stderr=subprocess.PIPE) stderr=subprocess.PIPE)
if payload_stream is not None:
payload_stream.close()
(stdout, stderr) = p.communicate(payload) (stdout, stderr) = p.communicate(payload)
if p.returncode != 0: if p.returncode != 0:
# TODO: use dedicated exception # TODO: use dedicated exception

3
qubesadmin/tools/qvm_template_postprocess.py
View File

@ -96,13 +96,12 @@ def import_root_img(vm, source_dir):
tar = subprocess.Popen(['tar', 'xSOf', '-'], tar = subprocess.Popen(['tar', 'xSOf', '-'],
stdin=cat.stdout, stdin=cat.stdout,
stdout=subprocess.PIPE) stdout=subprocess.PIPE)
cat.stdout.close()
vm.volumes['root'].import_data(stream=tar.stdout) vm.volumes['root'].import_data(stream=tar.stdout)
if tar.wait() != 0: if tar.wait() != 0:
raise qubesadmin.exc.QubesException('root.img extraction failed') raise qubesadmin.exc.QubesException('root.img extraction failed')
if cat.wait() != 0: if cat.wait() != 0:
raise qubesadmin.exc.QubesException('root.img extraction failed') raise qubesadmin.exc.QubesException('root.img extraction failed')
cat.stdout.close()
tar.stdout.close()
elif os.path.exists(root_path): elif os.path.exists(root_path):
if vm.app.qubesd_connection_type == 'socket': if vm.app.qubesd_connection_type == 'socket':
# check if root.img was already overwritten, i.e. if the source # check if root.img was already overwritten, i.e. if the source