vm/qrexec: fix race between child cleanup and select call

reap_children() can close FD, which was already added to FD_SET for select. This can lead to EBADF and agent termination.
2012-08-27 00:20:25 +02:00 · 2012-08-27 00:20:25 +02:00 · 798d239c15
commit 798d239c15
parent 1c04920833
1 changed files with 3 additions and 3 deletions
--- a/qrexec/qrexec_agent.c
+++ b/qrexec/qrexec_agent.c
@ -554,14 +554,14 @@ int main()


 	for (;;) {
+		sigprocmask(SIG_BLOCK, &chld_set, NULL);
+		if (child_exited)
+			reap_children();
 		max = fill_fds_for_select(&rdset, &wrset);
 		if (buffer_space_vchan_ext() <=
 		    sizeof(struct server_header))
 			FD_ZERO(&rdset);

-		sigprocmask(SIG_BLOCK, &chld_set, NULL);
-		if (child_exited)
-			reap_children();
 		wait_for_vchan_or_argfd(max, &rdset, &wrset);
 		sigprocmask(SIG_UNBLOCK, &chld_set, NULL);