search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
CVE-2019-10218 - s3: libsmb: Protect SMB2 client code from evil server returned names.
[Samba.git] / lib / tevent / tevent_signal.c
blob7ebb13d6a39c3f2cd4d6af535784db537fa34b31
1 /*
2 Unix SMB/CIFS implementation.
3
4 common events code for signal events
5
6 Copyright (C) Andrew Tridgell 2007
7
8 ** NOTE! The following LGPL license applies to the tevent
9 ** library. This does NOT imply that all of Samba is released
10 ** under the LGPL
11
12 This library is free software; you can redistribute it and/or
13 modify it under the terms of the GNU Lesser General Public
14 License as published by the Free Software Foundation; either
15 version 3 of the License, or (at your option) any later version.
16
17 This library is distributed in the hope that it will be useful,
18 but WITHOUT ANY WARRANTY; without even the implied warranty of
19 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
20 Lesser General Public License for more details.
21
22 You should have received a copy of the GNU Lesser General Public
23 License along with this library; if not, see <http://www.gnu.org/licenses/>.
24 */
25
26 #include "replace.h"
27 #include "system/filesys.h"
28 #include "system/wait.h"
29 #define TEVENT_DEPRECATED 1
30 #include "tevent.h"
31 #include "tevent_internal.h"
32 #include "tevent_util.h"
33
34 /* maximum number of SA_SIGINFO signals to hold in the queue.
35 NB. This *MUST* be a power of 2, in order for the ring buffer
36 wrap to work correctly. Thanks to Petr Vandrovec <petr@vandrovec.name>
37 for this. */
38
39 #define TEVENT_SA_INFO_QUEUE_COUNT 256
40
41 size_t tevent_num_signals(void)
42 {
43 return TEVENT_NUM_SIGNALS;
44 }
45
46 size_t tevent_sa_info_queue_count(void)
47 {
48 return TEVENT_SA_INFO_QUEUE_COUNT;
49 }
50
51 struct tevent_sigcounter {
52 uint32_t count;
53 uint32_t seen;
54 };
55
56 #if defined(HAVE___SYNC_FETCH_AND_ADD)
57 #define TEVENT_SIG_INCREMENT(s) __sync_fetch_and_add(&((s).count), 1)
58 #elif defined(HAVE_ATOMIC_ADD_32)
59 #define TEVENT_SIG_INCREMENT(s) atomic_add_32(&((s).count), 1)
60 #else
61 #define TEVENT_SIG_INCREMENT(s) (s).count++
62 #endif
63 #define TEVENT_SIG_SEEN(s, n) (s).seen += (n)
64 #define TEVENT_SIG_PENDING(s) ((s).seen != (s).count)
65
66 struct tevent_common_signal_list {
67 struct tevent_common_signal_list *prev, *next;
68 struct tevent_signal *se;
69 };
70
71 /*
72 the poor design of signals means that this table must be static global
73 */
74 static struct tevent_sig_state {
75 struct tevent_common_signal_list *sig_handlers[TEVENT_NUM_SIGNALS+1];
76 struct sigaction *oldact[TEVENT_NUM_SIGNALS+1];
77 struct tevent_sigcounter signal_count[TEVENT_NUM_SIGNALS+1];
78 struct tevent_sigcounter got_signal;
79 #ifdef SA_SIGINFO
80 /* with SA_SIGINFO we get quite a lot of info per signal */
81 siginfo_t *sig_info[TEVENT_NUM_SIGNALS+1];
82 struct tevent_sigcounter sig_blocked[TEVENT_NUM_SIGNALS+1];
83 #endif
84 } *sig_state;
85
86 /*
87 return number of sigcounter events not processed yet
88 */
89 static uint32_t tevent_sig_count(struct tevent_sigcounter s)
90 {
91 return s.count - s.seen;
92 }
93
94 /*
95 signal handler - redirects to registered signals
96 */
97 static void tevent_common_signal_handler(int signum)
98 {
99 struct tevent_common_signal_list *sl;
100 struct tevent_context *ev = NULL;
101 int saved_errno = errno;
102
103 TEVENT_SIG_INCREMENT(sig_state->signal_count[signum]);
104 TEVENT_SIG_INCREMENT(sig_state->got_signal);
105
106 /* Write to each unique event context. */
107 for (sl = sig_state->sig_handlers[signum]; sl; sl = sl->next) {
108 if (sl->se->event_ctx && sl->se->event_ctx != ev) {
109 ev = sl->se->event_ctx;
110 tevent_common_wakeup(ev);
111 }
112 }
113
114 errno = saved_errno;
115 }
116
117 #ifdef SA_SIGINFO
118 /*
119 signal handler with SA_SIGINFO - redirects to registered signals
120 */
121 static void tevent_common_signal_handler_info(int signum, siginfo_t *info,
122 void *uctx)
123 {
124 uint32_t count = tevent_sig_count(sig_state->signal_count[signum]);
125 /* sig_state->signal_count[signum].seen % TEVENT_SA_INFO_QUEUE_COUNT
126 * is the base of the unprocessed signals in the ringbuffer. */
127 uint32_t ofs = (sig_state->signal_count[signum].seen + count) %
128 TEVENT_SA_INFO_QUEUE_COUNT;
129 sig_state->sig_info[signum][ofs] = *info;
130
131 tevent_common_signal_handler(signum);
132
133 /* handle SA_SIGINFO */
134 if (count+1 == TEVENT_SA_INFO_QUEUE_COUNT) {
135 /* we've filled the info array - block this signal until
136 these ones are delivered */
137 #ifdef HAVE_UCONTEXT_T
138 /*
139 * This is the only way for this to work.
140 * By default signum is blocked inside this
141 * signal handler using a temporary mask,
142 * but what we really need to do now is
143 * block it in the callers mask, so it
144 * stays blocked when the temporary signal
145 * handler mask is replaced when we return
146 * from here. The callers mask can be found
147 * in the ucontext_t passed in as the
148 * void *uctx argument.
149 */
150 ucontext_t *ucp = (ucontext_t *)uctx;
151 sigaddset(&ucp->uc_sigmask, signum);
152 #else
153 /*
154 * WARNING !!! WARNING !!!!
155 *
156 * This code doesn't work.
157 * By default signum is blocked inside this
158 * signal handler, but calling sigprocmask
159 * modifies the temporary signal mask being
160 * used *inside* this handler, which will be
161 * replaced by the callers signal mask once
162 * we return from here. See Samba
163 * bug #9550 for details.
164 */
165 sigset_t set;
166 sigemptyset(&set);
167 sigaddset(&set, signum);
168 sigprocmask(SIG_BLOCK, &set, NULL);
169 #endif
170 TEVENT_SIG_INCREMENT(sig_state->sig_blocked[signum]);
171 }
172 }
173 #endif
174
175 static int tevent_common_signal_list_destructor(struct tevent_common_signal_list *sl)
176 {
177 if (sig_state->sig_handlers[sl->se->signum]) {
178 DLIST_REMOVE(sig_state->sig_handlers[sl->se->signum], sl);
179 }
180 return 0;
181 }
182
183 /*
184 destroy a signal event
185 */
186 static int tevent_signal_destructor(struct tevent_signal *se)
187 {
188 if (se->destroyed) {
189 tevent_common_check_double_free(se, "tevent_signal double free");
190 goto done;
191 }
192 se->destroyed = true;
193
194 TALLOC_FREE(se->additional_data);
195
196 if (se->event_ctx != NULL) {
197 DLIST_REMOVE(se->event_ctx->signal_events, se);
198 }
199
200 if (sig_state->sig_handlers[se->signum] == NULL) {
201 /* restore old handler, if any */
202 if (sig_state->oldact[se->signum]) {
203 sigaction(se->signum, sig_state->oldact[se->signum], NULL);
204 TALLOC_FREE(sig_state->oldact[se->signum]);
205 }
206 #ifdef SA_SIGINFO
207 if (se->sa_flags & SA_SIGINFO) {
208 if (sig_state->sig_info[se->signum]) {
209 TALLOC_FREE(sig_state->sig_info[se->signum]);
210 }
211 }
212 #endif
213 }
214
215 se->event_ctx = NULL;
216 done:
217 if (se->busy) {
218 return -1;
219 }
220 se->wrapper = NULL;
221
222 return 0;
223 }
224
225 /*
226 add a signal event
227 return NULL on failure (memory allocation error)
228 */
229 struct tevent_signal *tevent_common_add_signal(struct tevent_context *ev,
230 TALLOC_CTX *mem_ctx,
231 int signum,
232 int sa_flags,
233 tevent_signal_handler_t handler,
234 void *private_data,
235 const char *handler_name,
236 const char *location)
237 {
238 struct tevent_signal *se;
239 struct tevent_common_signal_list *sl;
240 sigset_t set, oldset;
241 int ret;
242
243 ret = tevent_common_wakeup_init(ev);
244 if (ret != 0) {
245 errno = ret;
246 return NULL;
247 }
248
249 if (signum >= TEVENT_NUM_SIGNALS) {
250 errno = EINVAL;
251 return NULL;
252 }
253
254 /* the sig_state needs to be on a global context as it can last across
255 multiple event contexts */
256 if (sig_state == NULL) {
257 sig_state = talloc_zero(NULL, struct tevent_sig_state);
258 if (sig_state == NULL) {
259 return NULL;
260 }
261 }
262
263 se = talloc_zero(mem_ctx?mem_ctx:ev, struct tevent_signal);
264 if (se == NULL) return NULL;
265
266 sl = talloc_zero(se, struct tevent_common_signal_list);
267 if (!sl) {
268 talloc_free(se);
269 return NULL;
270 }
271 sl->se = se;
272
273 *se = (struct tevent_signal) {
274 .event_ctx = ev,
275 .signum = signum,
276 .sa_flags = sa_flags,
277 .handler = handler,
278 .private_data = private_data,
279 .handler_name = handler_name,
280 .location = location,
281 .additional_data= sl,
282 };
283
284 /* Ensure, no matter the destruction order, that we always have a handle on the global sig_state */
285 if (!talloc_reference(se, sig_state)) {
286 talloc_free(se);
287 return NULL;
288 }
289
290 /* only install a signal handler if not already installed */
291 if (sig_state->sig_handlers[signum] == NULL) {
292 struct sigaction act;
293 ZERO_STRUCT(act);
294 act.sa_handler = tevent_common_signal_handler;
295 act.sa_flags = sa_flags;
296 #ifdef SA_SIGINFO
297 if (sa_flags & SA_SIGINFO) {
298 act.sa_handler = NULL;
299 act.sa_sigaction = tevent_common_signal_handler_info;
300 if (sig_state->sig_info[signum] == NULL) {
301 sig_state->sig_info[signum] =
302 talloc_zero_array(sig_state, siginfo_t,
303 TEVENT_SA_INFO_QUEUE_COUNT);
304 if (sig_state->sig_info[signum] == NULL) {
305 talloc_free(se);
306 return NULL;
307 }
308 }
309 }
310 #endif
311 sig_state->oldact[signum] = talloc_zero(sig_state, struct sigaction);
312 if (sig_state->oldact[signum] == NULL) {
313 talloc_free(se);
314 return NULL;
315 }
316 if (sigaction(signum, &act, sig_state->oldact[signum]) == -1) {
317 talloc_free(sig_state->oldact[signum]);
318 sig_state->oldact[signum] = NULL;
319 talloc_free(se);
320 return NULL;
321 }
322 }
323
324 DLIST_ADD(se->event_ctx->signal_events, se);
325
326 /* Make sure the signal doesn't come in while we're mangling list. */
327 sigemptyset(&set);
328 sigaddset(&set, signum);
329 sigprocmask(SIG_BLOCK, &set, &oldset);
330 DLIST_ADD(sig_state->sig_handlers[signum], sl);
331 sigprocmask(SIG_SETMASK, &oldset, NULL);
332
333 talloc_set_destructor(se, tevent_signal_destructor);
334 talloc_set_destructor(sl, tevent_common_signal_list_destructor);
335
336 return se;
337 }
338
339 int tevent_common_invoke_signal_handler(struct tevent_signal *se,
340 int signum, int count, void *siginfo,
341 bool *removed)
342 {
343 struct tevent_context *handler_ev = se->event_ctx;
344 bool remove = false;
345
346 if (removed != NULL) {
347 *removed = false;
348 }
349
350 if (se->event_ctx == NULL) {
351 return 0;
352 }
353
354 se->busy = true;
355 if (se->wrapper != NULL) {
356 handler_ev = se->wrapper->wrap_ev;
357
358 tevent_wrapper_push_use_internal(handler_ev, se->wrapper);
359 se->wrapper->ops->before_signal_handler(
360 se->wrapper->wrap_ev,
361 se->wrapper->private_state,
362 se->wrapper->main_ev,
363 se,
364 signum,
365 count,
366 siginfo,
367 se->handler_name,
368 se->location);
369 }
370 se->handler(handler_ev, se, signum, count, siginfo, se->private_data);
371 if (se->wrapper != NULL) {
372 se->wrapper->ops->after_signal_handler(
373 se->wrapper->wrap_ev,
374 se->wrapper->private_state,
375 se->wrapper->main_ev,
376 se,
377 signum,
378 count,
379 siginfo,
380 se->handler_name,
381 se->location);
382 tevent_wrapper_pop_use_internal(handler_ev, se->wrapper);
383 }
384 se->busy = false;
385
386 #ifdef SA_RESETHAND
387 if (se->sa_flags & SA_RESETHAND) {
388 remove = true;
389 }
390 #endif
391
392 if (se->destroyed) {
393 talloc_set_destructor(se, NULL);
394 remove = true;
395 }
396
397 if (remove) {
398 TALLOC_FREE(se);
399 if (removed != NULL) {
400 *removed = true;
401 }
402 }
403
404 return 0;
405 }
406
407 /*
408 check if a signal is pending
409 return != 0 if a signal was pending
410 */
411 int tevent_common_check_signal(struct tevent_context *ev)
412 {
413 int i;
414
415 if (!sig_state || !TEVENT_SIG_PENDING(sig_state->got_signal)) {
416 return 0;
417 }
418
419 for (i=0;i<TEVENT_NUM_SIGNALS+1;i++) {
420 struct tevent_common_signal_list *sl, *next;
421 struct tevent_sigcounter counter = sig_state->signal_count[i];
422 uint32_t count = tevent_sig_count(counter);
423 int ret;
424 #ifdef SA_SIGINFO
425 /* Ensure we null out any stored siginfo_t entries
426 * after processing for debugging purposes. */
427 bool clear_processed_siginfo = false;
428 #endif
429
430 if (count == 0) {
431 continue;
432 }
433 for (sl=sig_state->sig_handlers[i];sl;sl=next) {
434 struct tevent_signal *se = sl->se;
435
436 next = sl->next;
437
438 #ifdef SA_SIGINFO
439 if (se->sa_flags & SA_SIGINFO) {
440 uint32_t j;
441
442 clear_processed_siginfo = true;
443
444 for (j=0;j<count;j++) {
445 /* sig_state->signal_count[i].seen
446 * % TEVENT_SA_INFO_QUEUE_COUNT is
447 * the base position of the unprocessed
448 * signals in the ringbuffer. */
449 uint32_t ofs = (counter.seen + j)
450 % TEVENT_SA_INFO_QUEUE_COUNT;
451 bool removed = false;
452
453 ret = tevent_common_invoke_signal_handler(
454 se, i, 1,
455 (void*)&sig_state->sig_info[i][ofs],
456 &removed);
457 if (ret != 0) {
458 tevent_abort(ev, "tevent_common_invoke_signal_handler() failed");
459 }
460 if (removed) {
461 break;
462 }
463 }
464 continue;
465 }
466 #endif
467
468 ret = tevent_common_invoke_signal_handler(se, i, count,
469 NULL, NULL);
470 if (ret != 0) {
471 tevent_abort(ev, "tevent_common_invoke_signal_handler() failed");
472 }
473 }
474
475 #ifdef SA_SIGINFO
476 if (clear_processed_siginfo && sig_state->sig_info[i] != NULL) {
477 uint32_t j;
478 for (j=0;j<count;j++) {
479 uint32_t ofs = (counter.seen + j)
480 % TEVENT_SA_INFO_QUEUE_COUNT;
481 memset((void*)&sig_state->sig_info[i][ofs],
482 '\0',
483 sizeof(siginfo_t));
484 }
485 }
486 #endif
487
488 TEVENT_SIG_SEEN(sig_state->signal_count[i], count);
489 TEVENT_SIG_SEEN(sig_state->got_signal, count);
490
491 #ifdef SA_SIGINFO
492 if (TEVENT_SIG_PENDING(sig_state->sig_blocked[i])) {
493 /* We'd filled the queue, unblock the
494 signal now the queue is empty again.
495 Note we MUST do this after the
496 TEVENT_SIG_SEEN(sig_state->signal_count[i], count)
497 call to prevent a new signal running
498 out of room in the sig_state->sig_info[i][]
499 ring buffer. */
500 sigset_t set;
501 sigemptyset(&set);
502 sigaddset(&set, i);
503 TEVENT_SIG_SEEN(sig_state->sig_blocked[i],
504 tevent_sig_count(sig_state->sig_blocked[i]));
505 sigprocmask(SIG_UNBLOCK, &set, NULL);
506 }
507 #endif
508 }
509
510 return 1;
511 }
512
513 void tevent_cleanup_pending_signal_handlers(struct tevent_signal *se)
514 {
515 tevent_signal_destructor(se);
516 talloc_set_destructor(se, NULL);
517 return;
518 }
Samba GIT mirror