diff options
author | Pablo Neira Ayuso <pablo@netfilter.org> | 2009-06-11 19:27:44 +0200 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2009-06-11 19:27:44 +0200 |
commit | 0121fd74b805a6490f005c835b3994fa06487395 (patch) | |
tree | d00c3ddb3f465d74d73bb8642410189a2797be62 | |
parent | 6cd381e590bf28c180c089b47667defe4b6ff3eb (diff) | |
download | conntrack-tools-0121fd74b805a6490f005c835b3994fa06487395.tar.gz conntrack-tools-0121fd74b805a6490f005c835b3994fa06487395.zip |
conntrackd: block signals during the access to the process list
A child process may finish while we are walking on the process list.
This fixes possible concurrency problems.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
-rw-r--r-- | src/process.c | 10 |
1 files changed, 9 insertions, 1 deletions
diff --git a/src/process.c b/src/process.c index 70972fe..31e6e6f 100644 --- a/src/process.c +++ b/src/process.c @@ -16,6 +16,7 @@ * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. */ +#include <signal.h> #include "conntrackd.h" #include "process.h" @@ -26,9 +27,14 @@ int fork_process_new(void (*cb)(void *data), void *data) struct child_process *c; int pid; + /* block SIGCHLD to avoid the access of the list concurrently */ + sigprocmask(SIG_BLOCK, &STATE(block), NULL); + c = calloc(sizeof(struct child_process), 1); - if (c == NULL) + if (c == NULL) { + sigprocmask(SIG_UNBLOCK, &STATE(block), NULL); return -1; + } c->cb = cb; c->data = data; @@ -37,6 +43,8 @@ int fork_process_new(void (*cb)(void *data), void *data) if (c->pid > 0) list_add(&c->head, &process_list); + sigprocmask(SIG_UNBLOCK, &STATE(block), NULL); + return pid; } |