app.c: make sure that no non-async-signal-safe syscalls are used after

fork before exec Posix does only allow async-signal-safe syscalls after fork before exec. As asterisk ignores this, functions like TrySystem or System sometimes end up in a deadlocked child process. The patch prevents the use of non-async-signal-safe syscalls. ASTERISK-28776 Change-Id: Idc76365c0592ee3f3b3bd72a4f48f7a098978e8e
2025-09-03 11:25:35 +00:00 · 2020-04-14 18:02:19 +02:00
parent 7fbfbe7da0
commit 6b2d945174
3 changed files with 75 additions and 58 deletions
--- a/main/app.c
+++ b/main/app.c
@@ -81,6 +81,9 @@ struct zombie {

 static AST_LIST_HEAD_STATIC(zombies, zombie);

+#ifdef HAVE_CAP
+static cap_t child_cap;
+#endif
 /*
 * @{ \brief Define \ref stasis topic objects
 */
@@ -3003,12 +3006,7 @@ int ast_safe_fork(int stop_reaper)
 	} else {
 		/* Child */
 #ifdef HAVE_CAP
-		cap_t cap = cap_from_text("cap_net_admin-eip");
-
-		if (cap_set_proc(cap)) {
-			ast_log(LOG_WARNING, "Unable to remove capabilities.\n");
-		}
-		cap_free(cap);
+		cap_set_proc(child_cap);
 #endif

 		/* Before we unblock our signals, return our trapped signals back to the defaults */
@@ -3118,6 +3116,9 @@ struct stasis_topic *ast_queue_topic(const char *queuename)

 static void app_cleanup(void)
 {
+#ifdef HAS_CAP
+	cap_free(child_cap);
+#endif
 	ao2_cleanup(queue_topic_pool);
 	queue_topic_pool = NULL;
 	ao2_cleanup(queue_topic_all);
@@ -3127,7 +3128,9 @@ static void app_cleanup(void)
 int app_init(void)
 {
 	ast_register_cleanup(app_cleanup);
-
+#ifdef HAVE_CAP
+	child_cap = cap_from_text("cap_net_admin-eip");
+#endif
 	queue_topic_all = stasis_topic_create("queue:all");
 	if (!queue_topic_all) {
 		return -1;