diff options
author | David Sommerseth <dazo@users.sourceforge.net> | 2009-10-06 17:54:59 +0200 |
---|---|---|
committer | David Sommerseth <dazo@users.sourceforge.net> | 2009-10-06 17:54:59 +0200 |
commit | 3a2290433a654a8b5f07a1db1f8142ec01ca57a7 (patch) | |
tree | cb7126cc4acb9fc4ed7da6f9504b293aafb353d4 /plugin/firewall/eurephiafw.c | |
parent | 08cbabbfb79d8e618c2fd0c9e0398d8ffee4a6c3 (diff) | |
download | eurephia-3a2290433a654a8b5f07a1db1f8142ec01ca57a7.tar.gz eurephia-3a2290433a654a8b5f07a1db1f8142ec01ca57a7.tar.xz eurephia-3a2290433a654a8b5f07a1db1f8142ec01ca57a7.zip |
Fixed memory leak in the firewall implementation and added mlock() usage
The memory leak was caused by not freeing the shadow context the firewall
child process uses for logging. In addition this child process had a
connection to the database open as well, which was not needed. This
connection is now disconnected immediately after the child process has
started.
Added also usage of mlock() to protect sensitive information from being
swapped out to disk.
Diffstat (limited to 'plugin/firewall/eurephiafw.c')
-rw-r--r-- | plugin/firewall/eurephiafw.c | 9 |
1 files changed, 8 insertions, 1 deletions
diff --git a/plugin/firewall/eurephiafw.c b/plugin/firewall/eurephiafw.c index deec3db..471e6e8 100644 --- a/plugin/firewall/eurephiafw.c +++ b/plugin/firewall/eurephiafw.c @@ -145,6 +145,10 @@ void eFW_StartFirewall(eurephiaCTX *ctx) { // Create a fake eurephia context, just for logging shadowctx = (eurephiaCTX *) malloc_nullsafe(ctx, sizeof(eurephiaCTX)+2); assert( shadowctx != NULL ); + if( mlock(shadowctx, sizeof(eurephiaCTX)+2) < 0 ) { + eurephia_log(ctx, LOG_CRITICAL, 0, "Could not mlock() firewall context: %s", + strerror(errno)); + }; shadowctx->context_type = ECTX_NO_PRIVILEGES; shadowctx->log = ctx->log; (*ctx->fwcfg).thrdata.ctx = shadowctx; @@ -214,6 +218,7 @@ void eFW_StartFirewall(eurephiaCTX *ctx) { } switch( ctx->fwcfg->fwproc_pid ) { case 0: // Child process + eDBdisconnect(ctx); eFW_RunFirewall(&(*ctx->fwcfg).thrdata); exit(-1); // If our child process exits abnormally. @@ -252,7 +257,7 @@ void eFW_StartFirewall(eurephiaCTX *ctx) { sem_wait(ctx->fwcfg->thrdata.semp_worker); eurephia_log(ctx, LOG_INFO, 2, "eFW interface initialised."); - // Initialise the chain + // Initialise the chain memset(&buf, 0, 1026); snprintf(buf, 1024, "I %s", fwdest); if( mq_send((*ctx->fwcfg).thrdata.msgq, buf, strlen(buf)+1, 1) == -1 ) { @@ -348,6 +353,8 @@ void eFW_StopFirewall(eurephiaCTX *ctx) { sem_post(ctx->fwcfg->thrdata.semp_master); // Clean up and exit + munlock(ctx->fwcfg->thrdata.ctx, sizeof(eurephiaCTX)+2); + free_nullsafe(ctx, ctx->fwcfg->thrdata.ctx); free_nullsafe(ctx, ctx->fwcfg->fwblacklist_sendto); eFree_values(ctx, ctx->fwcfg->blacklisted); free_nullsafe(ctx, (*ctx->fwcfg).thrdata.fw_command); |