From 295aca12a203e7d7644be5e52210a6784c9337af Mon Sep 17 00:00:00 2001 From: David Woodhouse Date: Fri, 4 Jan 2019 14:37:14 +0000 Subject: [PATCH] Clean up TNCC error handling As suggested by Daniel Lenski, create the oc_text_buf for the request only once the TNCC wrapper has been spawned, to make the error handling a bit saner. And remember to close the socketpair if fork() fails, too. Signed-off-by: David Woodhouse --- auth-juniper.c | 30 ++++++++++++++++-------------- 1 file changed, 16 insertions(+), 14 deletions(-) diff --git a/auth-juniper.c b/auth-juniper.c index 75dd78d3..a48df88a 100644 --- a/auth-juniper.c +++ b/auth-juniper.c @@ -360,30 +360,20 @@ static int tncc_preauth(struct openconnect_info *vpninfo) return -EINVAL; } - buf = buf_alloc(); - buf_append(buf, "start\n"); - buf_append(buf, "IC=%s\n", vpninfo->hostname); - buf_append(buf, "Cookie=%s\n", dspreauth); - buf_append(buf, "DSSIGNIN=%s\n", dssignin); - if (buf_error(buf)) { - vpn_progress(vpninfo, PRG_ERR, - _("Failed to allocate memory for communication with TNCC\n")); - return buf_free(buf); - } #ifdef SOCK_CLOEXEC if (socketpair(AF_UNIX, SOCK_STREAM | SOCK_CLOEXEC, 0, sockfd)) #endif { - if (socketpair(AF_UNIX, SOCK_STREAM, 0, sockfd)) { - buf_free(buf); + if (socketpair(AF_UNIX, SOCK_STREAM, 0, sockfd)) return -errno; - } + set_fd_cloexec(sockfd[0]); set_fd_cloexec(sockfd[1]); } pid = fork(); if (pid == -1) { - buf_free(buf); + close(sockfd[0]); + close(sockfd[1]); return -errno; } @@ -411,6 +401,18 @@ static int tncc_preauth(struct openconnect_info *vpninfo) waitpid(pid, NULL, 0); close(sockfd[0]); + buf = buf_alloc(); + buf_append(buf, "start\n"); + buf_append(buf, "IC=%s\n", vpninfo->hostname); + buf_append(buf, "Cookie=%s\n", dspreauth); + buf_append(buf, "DSSIGNIN=%s\n", dssignin); + if (buf_error(buf)) { + vpn_progress(vpninfo, PRG_ERR, + _("Failed to allocate memory for communication with TNCC\n")); + close(sockfd[1]); + return buf_free(buf); + } + if (cancellable_send(vpninfo, sockfd[1], buf->data, buf->pos) != buf->pos) { vpn_progress(vpninfo, PRG_ERR, _("Failed to send start command to TNCC\n")); -- 2.50.1