From 0121fd74b805a6490f005c835b3994fa06487395 Mon Sep 17 00:00:00 2001
From: Pablo Neira Ayuso <pablo@netfilter.org>
Date: Thu, 11 Jun 2009 19:27:44 +0200
Subject: conntrackd: block signals during the access to the process list

A child process may finish while we are walking on the process list.
This fixes possible concurrency problems.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
 src/process.c | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/src/process.c b/src/process.c
index 70972fe..31e6e6f 100644
--- a/src/process.c
+++ b/src/process.c
@@ -16,6 +16,7 @@
  * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
  */
 
+#include <signal.h>
 #include "conntrackd.h"
 #include "process.h"
 
@@ -26,9 +27,14 @@ int fork_process_new(void (*cb)(void *data), void *data)
 	struct child_process *c;
 	int pid;
 
+	/* block SIGCHLD to avoid the access of the list concurrently */
+	sigprocmask(SIG_BLOCK, &STATE(block), NULL);
+
 	c = calloc(sizeof(struct child_process), 1);
-	if (c == NULL)
+	if (c == NULL) {
+		sigprocmask(SIG_UNBLOCK, &STATE(block), NULL);
 		return -1;
+	}
 
 	c->cb = cb;
 	c->data = data;
@@ -37,6 +43,8 @@ int fork_process_new(void (*cb)(void *data), void *data)
 	if (c->pid > 0)
 		list_add(&c->head, &process_list);
 
+	sigprocmask(SIG_UNBLOCK, &STATE(block), NULL);
+
 	return pid;
 }
 
-- 
cgit v1.2.3