isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Ignore SIGPIPE for the duration of sudo and not just in a few select

Browse Source 
places.  We have no control over what nss, PAM modules or sudo
plugins might do so ignoring SIGPIPE is safest.
This commit is contained in:
Todd C. Miller
2016-04-22 16:36:36 -06:00
parent 70cf5674b5
commit b4309d4aea
8 changed files with 29 additions and 37 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
plugins/sudoers/ldap.c
View File

@@ -2975,17 +2975,10 @@ sudo_ldap_open(struct sudo_nss *nss)
{
LDAP *ld;
int rc = -1;
sigaction_t sa, saved_sa_pipe;
bool ldapnoinit = false;
struct sudo_ldap_handle *handle;
debug_decl(sudo_ldap_open, SUDOERS_DEBUG_LDAP)
/* Ignore SIGPIPE if we cannot bind to the server. */
memset(&sa, 0, sizeof(sa));
sigemptyset(&sa.sa_mask);
sa.sa_handler = SIG_IGN;
(void) sigaction(SIGPIPE, &sa, &saved_sa_pipe);
if (!sudo_ldap_read_config())
goto done;
@@ -3071,7 +3064,6 @@ sudo_ldap_open(struct sudo_nss *nss)
nss->handle = handle;
done:
(void) sigaction(SIGPIPE, &saved_sa_pipe, NULL);
debug_return_int(rc == LDAP_SUCCESS ? 0 : -1);
}