commit 3cf2e4b4f1912d18772a0fa476d4671c25ca2ea4

Author: coolo <coolo@283d02a7-25f6-0310-bc7c-ecb5cbfe19da>

Date:   Mon Mar 2 09:47:26 2009 +0000

    more fixes from Michal Schmidt:

    - don't leak file descriptor to create-env

    - don't use the shell to call simple commands

    git-svn-id: svn://anonsvn.kde.org/home/kde/trunk/icecream@934044 283d02a7-25f6-0310-bc7c-ecb5cbfe19da

diff --git a/daemon/environment.cpp b/daemon/environment.cpp

index fd38f8e..9dc2831 100644

--- a/daemon/environment.cpp

+++ b/daemon/environment.cpp

@@ -142,40 +142,48 @@ static void list_target_dirs( const string &current_target, const string &target

     closedir( envdir );

 }

-bool cleanup_cache( const string &basedir )

+/* Returns true if the child exited with success */

+static bool exec_and_wait( const char *const argv[] )

 {

-    flush_debug();

     pid_t pid = fork();

-    if ( pid )

-    {

-        int status = 0;

+    if ( pid == -1 ) {

+        log_perror("fork");

+        return false;

+    }

+    if ( pid ) {

+        // parent

+        int status;

         while ( waitpid( pid, &status, 0 ) < 0 && errno == EINTR )

             ;

+        return WIFEXITED(status) && WEXITSTATUS(status) == 0;

+    }

+    // child

+    _exit(execv(argv[0], const_cast<char *const *>(argv)));

+}

-        if ( mkdir( basedir.c_str(), 0755 ) && errno != EEXIST ) {

-            if ( errno == EPERM )

-                log_error() << "permission denied on mkdir " << basedir << endl;

-            else

-                log_perror( "mkdir in cleanup_cache() failed" );

-            return false;

-        }

-        chown( basedir.c_str(), 0, 0 );

-        chmod( basedir.c_str(), 0755 );

+bool cleanup_cache( const string &basedir )

+{

+    flush_debug();

-        return WIFEXITED(status);

-    }

-    // else

-    char **argv;

-    argv = new char*[5];

-    argv[0] = strdup( "/bin/rm" );

-    argv[1] = strdup( "-rf" );

-    argv[2] = strdup( "--" );

     // make sure it ends with '/' to not fall into symlink traps

     string bdir = basedir + '/';

-    argv[3] = strdup( bdir.c_str()  );

-    argv[4] = NULL;

+    const char *const argv[] = {

+        "/bin/rm", "-rf", "--", bdir.c_str(), NULL

+    };

-    _exit(execv(argv[0], argv));

+    bool ret = exec_and_wait( argv );

+

+    if ( mkdir( basedir.c_str(), 0755 ) && errno != EEXIST ) {

+        if ( errno == EPERM )

+            log_error() << "permission denied on mkdir " << basedir << endl;

+        else

+            log_perror( "mkdir in cleanup_cache() failed" );

+        return false;

+    }

+    chown( basedir.c_str(), 0, 0 );

+    chmod( basedir.c_str(), 0755 );

+

+    return ret;

 }

 Environments available_environmnents(const string &basedir)

@@ -259,7 +267,10 @@ size_t setup_env_cache(const string &basedir, string &native_environment, uid_t

          _exit(1);

     }

-    if ( system( BINDIR "/icecc --build-native" ) ) {

+    const char *const argv[] = {

+        BINDIR "/icecc", "--build-native", NULL

+    };

+    if ( !exec_and_wait( argv ) ) {

         log_error() << BINDIR "/icecc --build-native failed\n";

         _exit(1);

     }

diff --git a/services/comm.cpp b/services/comm.cpp

index 47e7304..5ffb790 100644

--- a/services/comm.cpp

+++ b/services/comm.cpp

@@ -987,6 +987,12 @@ open_send_broadcast (void)

       return -1;

     }

+  if (fcntl (ask_fd, F_SETFD, FD_CLOEXEC) < 0)

+    {

+      log_perror("open_send_broadcast fcntl");

+      close (ask_fd);

+      return -1;

+    }

   int optval = 1;

   if (setsockopt (ask_fd, SOL_SOCKET, SO_BROADCAST, &optval, sizeof(optval)) < 0)

     {