conntrackd: block signals during the access to the process list

A child process may finish while we are walking on the process list. This fixes possible concurrency problems. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
author: Pablo Neira Ayuso <pablo@netfilter.org> 2009-06-11 19:27:44 +0200
committer: Pablo Neira Ayuso <pablo@netfilter.org> 2009-06-11 19:27:44 +0200
commit: 0121fd74b805a6490f005c835b3994fa06487395 (patch)
tree: d00c3ddb3f465d74d73bb8642410189a2797be62
parent: 6cd381e590bf28c180c089b47667defe4b6ff3eb (diff)
1 files changed, 9 insertions, 1 deletions
diff --git a/src/process.c b/src/process.c
index 70972fe..31e6e6f 100644
--- a/src/process.c
+++ b/src/process.c
@@ -16,6 +16,7 @@
  * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
  */
 
+#include <signal.h>
 #include "conntrackd.h"
 #include "process.h"
 
@@ -26,9 +27,14 @@ int fork_process_new(void (*cb)(void *data), void *data)
 	struct child_process *c;
 	int pid;
 
+	/* block SIGCHLD to avoid the access of the list concurrently */
+	sigprocmask(SIG_BLOCK, &STATE(block), NULL);
+
 	c = calloc(sizeof(struct child_process), 1);
-	if (c == NULL)
+	if (c == NULL) {
+		sigprocmask(SIG_UNBLOCK, &STATE(block), NULL);
 		return -1;
+	}
 
 	c->cb = cb;
 	c->data = data;
@@ -37,6 +43,8 @@ int fork_process_new(void (*cb)(void *data), void *data)
 	if (c->pid > 0)
 		list_add(&c->head, &process_list);
 
+	sigprocmask(SIG_UNBLOCK, &STATE(block), NULL);
+
 	return pid;
 }
author	Pablo Neira Ayuso <pablo@netfilter.org>	2009-06-11 19:27:44 +0200
committer	Pablo Neira Ayuso <pablo@netfilter.org>	2009-06-11 19:27:44 +0200
commit	0121fd74b805a6490f005c835b3994fa06487395 (patch)
tree	d00c3ddb3f465d74d73bb8642410189a2797be62
parent	6cd381e590bf28c180c089b47667defe4b6ff3eb (diff)