From: Sergey Matveev Date: Thu, 10 Nov 2022 11:58:20 +0000 (+0300) Subject: Some hardening and code simplification with BSD helpers X-Git-Url: http://www.git.stargrave.org/?p=dht-bootstrap.git;a=commitdiff_plain;h=edafb8f875c64908ed78077330375e97869d2892 Some hardening and code simplification with BSD helpers --- diff --git a/CHANGES b/CHANGES index 1af4ef3..d54f227 100644 --- a/CHANGES +++ b/CHANGES @@ -3,6 +3,7 @@ * Ability to explicitly specify IP addresses to bind to * select() replaced with poll() * arc4random instead of /dev/urandom reading + * Some simple hardening 20 November 2011: dht-bootstrap-0.2 diff --git a/dht-bootstrap.c b/dht-bootstrap.c index eef8b06..e8c0b2c 100644 --- a/dht-bootstrap.c +++ b/dht-bootstrap.c @@ -20,6 +20,7 @@ OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. */ +#include #include #include #include @@ -29,6 +30,7 @@ THE SOFTWARE. #include #include #include +#include #include #include #include @@ -139,16 +141,14 @@ static int token_bucket_tokens; static FILE *dht_debug = NULL; -#ifdef __GNUC__ -__attribute__((format(printf, 1, 2))) -#endif static void debugf(const char *format, ...) { + if (dht_debug == NULL) + return; va_list args; va_start(args, format); - if (dht_debug) - vfprintf(dht_debug, format, args); + vfprintf(dht_debug, format, args); va_end(args); fflush(dht_debug); } @@ -369,34 +369,35 @@ newSock(const char *host, const char *port) hints.ai_family = AF_UNSPEC; hints.ai_socktype = SOCK_DGRAM; struct addrinfo *res = NULL; - int err = getaddrinfo(host, port, &hints, &res); - if (err != 0) { - fprintf(stderr, "getaddrinfo: %s\n", gai_strerror(err)); - exit(1); - } + int rc = getaddrinfo(host, port, &hints, &res); + if (rc != 0) + err(EXIT_FAILURE, "getaddrinfo: %s\n", gai_strerror(rc)); int sock = socket(res->ai_family, res->ai_socktype, res->ai_protocol); - if (sock == -1) { - perror("socket"); - exit(1); - } - if (bind(sock, res->ai_addr, res->ai_addrlen) != 0) { - perror("bind"); - exit(1); - } - int rc = fcntl(sock, F_GETFL, 0); - if (rc < 0) { - perror("F_GETFL"); - exit(1); - } + if (sock == -1) + err(EXIT_FAILURE, "socket()"); + if (bind(sock, res->ai_addr, res->ai_addrlen) != 0) + err(EXIT_FAILURE, "bind()"); + rc = fcntl(sock, F_GETFL, 0); + if (rc < 0) + err(EXIT_FAILURE, "F_GETFL"); rc = fcntl(sock, F_SETFL, (rc | O_NONBLOCK)); - if (rc < 0) { - perror("F_SETFL"); - exit(1); - } + if (rc < 0) + err(EXIT_FAILURE, "F_SETFL"); freeaddrinfo(res); return sock; } +static void +rlimited(int res) +{ + struct rlimit r; + r.rlim_cur = 0; + r.rlim_max = 0; + if (setrlimit(res, &r) == -1) { + err(EXIT_FAILURE, "can not setrlimit()"); + } +} + int main(int argc, char **argv) { @@ -460,10 +461,8 @@ main(int argc, char **argv) else if (dht_socket6 < 0) hints.ai_family |= AF_INET; rc = getaddrinfo(argv[i], argv[i + 1], &hints, &info); - if (rc != 0) { - fprintf(stderr, "getaddrinfo: %s\n", gai_strerror(rc)); - exit(1); - } + if (rc != 0) + err(EXIT_FAILURE, "getaddrinfo: %s\n", gai_strerror(rc)); i++; if (i >= argc) @@ -490,6 +489,15 @@ main(int argc, char **argv) fds[1].fd = dht_socket6; fds[1].events = POLLIN; + close(STDIN_FILENO); + if (quiet) + close(STDOUT_FILENO); + rlimited(RLIMIT_NPROC); + rlimited(RLIMIT_FSIZE); +#if __FreeBSD__ + rlimited(RLIMIT_NOFILE); +#endif // __FreeBSD__ + while (1) { int tv_sec = 0; if ((dht_socket >= 0 && list_elements(&v4_confirmed) <= 16) || @@ -696,7 +704,7 @@ main(int argc, char **argv) usage: fprintf(stderr, "dht-bootstrap [-q] [-4 ADDR4] [-6 ADDR6] port [node port...]\n"); - exit(1); + exit(EXIT_FAILURE); } /* We could use a proper bencoding printer and parser, but the format of