summaryrefslogtreecommitdiffstats
path: root/libxtables
diff options
context:
space:
mode:
authorPhil Sutter <phil@nwl.cc>2018-09-19 15:17:05 +0200
committerFlorian Westphal <fw@strlen.de>2018-09-24 11:49:58 +0200
commitd95c1e8b65c4ec66b8fcd2f7ede257853a888750 (patch)
treecc4b6b527c3b413931ab02b68c94517f1428d06b /libxtables
parent7e50ebabbf9c3a5eeb9511d9f32c6104b56da5cd (diff)
libxtables: Use posix_spawn() instead of vfork()
According to covscan, vfork() may lead to a deadlock in the parent process. It suggests to use posix_spawn() instead. Since the latter combines vfork() and exec() calls, use it for xtables_insmod(). Signed-off-by: Phil Sutter <phil@nwl.cc> Signed-off-by: Florian Westphal <fw@strlen.de>
Diffstat (limited to 'libxtables')
-rw-r--r--libxtables/xtables.c15
1 files changed, 5 insertions, 10 deletions
diff --git a/libxtables/xtables.c b/libxtables/xtables.c
index ffd8fbcf..6dd0b152 100644
--- a/libxtables/xtables.c
+++ b/libxtables/xtables.c
@@ -21,6 +21,7 @@
#include <fcntl.h>
#include <inttypes.h>
#include <netdb.h>
+#include <spawn.h>
#include <stdarg.h>
#include <stdbool.h>
#include <stdio.h>
@@ -362,6 +363,7 @@ int xtables_insmod(const char *modname, const char *modprobe, bool quiet)
char *buf = NULL;
char *argv[4];
int status;
+ pid_t pid;
/* If they don't explicitly set it, read out of kernel */
if (!modprobe) {
@@ -382,18 +384,11 @@ int xtables_insmod(const char *modname, const char *modprobe, bool quiet)
*/
fflush(stdout);
- switch (vfork()) {
- case 0:
- execv(argv[0], argv);
-
- /* not usually reached */
- _exit(1);
- case -1:
+ if (posix_spawn(&pid, argv[0], NULL, NULL, argv, NULL)) {
free(buf);
return -1;
-
- default: /* parent */
- wait(&status);
+ } else {
+ waitpid(pid, &status, 0);
}
free(buf);