changeset 1866:adfcdfb161a4

Fix missing NULL terminator for re-exec Also fixes fallback, sockets were not kept open
author Matt Johnston <matt@ucc.asn.au>
date Mon, 31 Jan 2022 11:12:58 +0800
parents d940f8007a45
children 66a3fabe4870
files svr-main.c
diffstat 1 files changed, 9 insertions(+), 4 deletions(-) [+]
line wrap: on
line diff
--- a/svr-main.c	Sun Jan 30 13:46:52 2022 +0800
+++ b/svr-main.c	Mon Jan 31 11:12:58 2022 +0800
@@ -339,20 +339,25 @@
 				if (execfd >= 0) {
 #if DROPBEAR_DO_REEXEC
 					/* Add "-2" to the args and re-execute ourself */
-					char **new_argv = m_malloc(sizeof(char*) * (argc+1));
+					char **new_argv = m_malloc(sizeof(char*) * (argc+2));
 					memcpy(new_argv, argv, sizeof(char*) * argc);
 					new_argv[argc] = "-2";
+					new_argv[argc+1] = NULL;
 
 					if ((dup2(childsock, STDIN_FILENO) < 0)) {
 						dropbear_exit("dup2 failed: %s", strerror(errno));
 					}
-					m_close(childsock);
+					if (fcntl(childsock, F_SETFD, FD_CLOEXEC) < 0) {
+						TRACE(("cloexec for childsock %d failed: %s", childsock, strerror(errno)))
+					}
 					/* Re-execute ourself */
 					fexecve(execfd, new_argv, environ);
 					/* Not reached on success */
 
-					/* Fall back on plain fork otherwise */
-					TRACE(("fexecve failed, disabling re-exec: %s", strerror(errno)))
+					/* Fall back on plain fork otherwise.
+					 * To be removed in future once re-exec has been well tested */
+					dropbear_log(LOG_WARNING, "fexecve failed, disabling re-exec: %s", strerror(errno));
+					m_close(STDIN_FILENO);
 					m_free(new_argv);
 #endif /* DROPBEAR_DO_REEXEC */
 				}