hipl-core team mailing list archive
-
hipl-core team
-
Mailing list archive
-
Message #00174
[Branch ~hipl-core/hipl/trunk] Rev 4929: Cleaned up hipfw startup.
Merge authors:
Christof Mroz (christof-mroz)
------------------------------------------------------------
revno: 4929 [merge]
committer: Christof Mroz <christof.mroz@xxxxxxxxxxxxxx>
branch nick: trunk
timestamp: Mon 2010-09-13 16:02:38 +0200
message:
Cleaned up hipfw startup.
Avoid memleaks and NULL dereference.
Remove die() since it's not used anymore.
modified:
firewall/firewall.c
--
lp:hipl
https://code.launchpad.net/~hipl-core/hipl/trunk
Your team HIPL core team is subscribed to branch lp:hipl.
To unsubscribe from this branch go to https://code.launchpad.net/~hipl-core/hipl/trunk/+edit-subscription
=== modified file 'firewall/firewall.c'
--- firewall/firewall.c 2010-09-09 00:54:32 +0000
+++ firewall/firewall.c 2010-09-09 01:39:39 +0000
@@ -666,12 +666,13 @@
HIP_DEBUG("Firewall exit\n");
- msg = hip_msg_alloc();
- if (hip_build_user_hdr(msg, HIP_MSG_FIREWALL_QUIT, 0) ||
- hip_send_recv_daemon_info(msg, 1, hip_fw_sock)) {
- HIP_DEBUG("Failed to notify hipd of firewall shutdown.\n");
+ if ((msg = hip_msg_alloc()) != NULL) {
+ if (hip_build_user_hdr(msg, HIP_MSG_FIREWALL_QUIT, 0) ||
+ hip_send_recv_daemon_info(msg, 1, hip_fw_sock)) {
+ HIP_DEBUG("Failed to notify hipd of firewall shutdown.\n");
+ }
+ free(msg);
}
- free(msg);
hip_firewall_cache_delete_hldb(1);
hip_firewall_port_cache_uninit_hldb();
@@ -704,14 +705,6 @@
exit(EXIT_SUCCESS);
}
-static void die(struct ipq_handle *h)
-{
- HIP_DEBUG("Dying by sending SIGTERM to self\n");
- ipq_perror("passer");
- ipq_destroy_handle(h);
- kill(getpid(), SIGTERM);
-}
-
/**
* Increases the netlink buffer capacity.
*
@@ -1930,7 +1923,7 @@
int main(int argc, char **argv)
{
int err = 0, highest_descriptor, i;
- int status, n, len;
+ int n, len;
struct ipq_handle *h4 = NULL, *h6 = NULL;
int ch;
char *rule_file = NULL;
@@ -2128,63 +2121,37 @@
firewall_probe_kernel_modules();
// create firewall queue handles for IPv4 traffic
- // FIXME died handle will still be used below
- // FIXME memleak - not free'd on exit
- h4 = ipq_create_handle(0, PF_INET);
-
- if (!h4) {
- die(h4);
- }
-
- HIP_DEBUG("IPv4 handle created\n");
-
- status = ipq_set_mode(h4, IPQ_COPY_PACKET, HIP_MAX_PACKET);
-
- if (status < 0) {
- die(h4);
- }
- HIP_DEBUG("IPv4 handle mode COPY_PACKET set\n");
+ HIP_IFEL(!(h4 = ipq_create_handle(0, PF_INET)), -1,
+ "ipq_create_handle(): %s\n", ipq_errstr());
+ HIP_IFEL(ipq_set_mode(h4, IPQ_COPY_PACKET, HIP_MAX_PACKET) == -1, -1,
+ "ipq_set_mode(): %s\n", ipq_errstr());
+ HIP_DEBUG("IPv4 handle created (mode COPY_PACKET)\n");
// create firewall queue handles for IPv6 traffic
- // FIXME died handle will still be used below
- // FIXME memleak - not free'd on exit
- h6 = ipq_create_handle(0, PF_INET6);
-
- if (!h6) {
- die(h6);
- }
- HIP_DEBUG("IPv6 handle created\n");
- status = ipq_set_mode(h6, IPQ_COPY_PACKET, HIP_MAX_PACKET);
-
- if (status < 0) {
- die(h6);
- }
- HIP_DEBUG("IPv6 handle mode COPY_PACKET set\n");
+ HIP_IFEL(!(h6 = ipq_create_handle(0, PF_INET6)), -1,
+ "ipq_create_handle(): %s\n", ipq_errstr());
+ HIP_IFEL(ipq_set_mode(h6, IPQ_COPY_PACKET, HIP_MAX_PACKET) == -1, -1,
+ "ipq_set_mode(): %s\n", ipq_errstr());
+ HIP_DEBUG("IPv6 handle created (mode COPY_PACKET)\n");
// set up ip(6)tables rules and firewall extensions
HIP_IFEL(firewall_init(), -1, "Firewall init failed\n");
- /* Allocate message. */
- // FIXME memleak - not free'd on exit
- msg = hip_msg_alloc();
- if (!msg) {
- err = -1;
- return err;
- }
-
if (limit_capabilities) {
- HIP_IFEL(hip_set_lowcapability(), -1, "Failed to reduce priviledges");
+ HIP_IFEL(hip_set_lowcapability(), -1, "Failed to reduce privileges\n");
}
highest_descriptor = maxof(3, hip_fw_async_sock, h4->fd, h6->fd);
+ /* Allocate message. */
+ HIP_IFEL(!(msg = hip_msg_alloc()), -1, "Insufficient memory\n");
+
hip_msg_init(msg);
HIP_IFEL(hip_build_user_hdr(msg, HIP_MSG_FIREWALL_START, 0), -1,
"build user hdr\n");
if (hip_send_recv_daemon_info(msg, 1, hip_fw_sock)) {
HIP_DEBUG("Failed to notify hipd of firewall start.\n");
}
- hip_msg_init(msg);
// let's show that the firewall is running even with debug NONE
HIP_DEBUG("firewall running. Entering select loop.\n");
@@ -2295,6 +2262,12 @@
}
out_err:
+ if(h4) {
+ ipq_destroy_handle(h4);
+ }
+ if(h6) {
+ ipq_destroy_handle(h6);
+ }
if (hip_fw_async_sock) {
close(hip_fw_async_sock);
}
@@ -2306,7 +2279,7 @@
}
firewall_exit();
- return 0;
+ return err;
}
/*----------------EXTERNALLY USED FUNCTIONS-------------------*/
Follow ups