diff options
| author | Tobias Heider <tobhe@cvs.openbsd.org> | 2023-03-04 22:22:52 +0000 |
|---|---|---|
| committer | Tobias Heider <tobhe@cvs.openbsd.org> | 2023-03-04 22:22:52 +0000 |
| commit | b8ebec33fd7af82072990ab4d41728c081a8a729 (patch) | |
| tree | 233dfc146c32325ab5228978233bd9b6116103c6 /sbin/iked/ca.c | |
| parent | 098be657566b6b6560ca41583670f8f56e1096e4 (diff) | |
Sync proc.c from vmd(8) to enabled fork + exec for all processes. This gives
each process a fresh and unique address space to further improve randomization
of ASLR and stack protector.
ok bluhm@ patrick@
Diffstat (limited to 'sbin/iked/ca.c')
| -rw-r--r-- | sbin/iked/ca.c | 18 |
1 files changed, 11 insertions, 7 deletions
diff --git a/sbin/iked/ca.c b/sbin/iked/ca.c index a82fee0273b..10e5eb29ca4 100644 --- a/sbin/iked/ca.c +++ b/sbin/iked/ca.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ca.c,v 1.89 2022/11/07 22:39:52 tobhe Exp $ */ +/* $OpenBSD: ca.c,v 1.90 2023/03/04 22:22:50 tobhe Exp $ */ /* * Copyright (c) 2010-2013 Reyk Floeter <reyk@openbsd.org> @@ -98,10 +98,10 @@ struct ca_store { uint8_t ca_privkey_method; }; -pid_t +void caproc(struct privsep *ps, struct privsep_proc *p) { - return (proc_run(ps, p, procs, nitems(procs), ca_run, NULL)); + proc_run(ps, p, procs, nitems(procs), ca_run, NULL); } void @@ -129,9 +129,13 @@ ca_run(struct privsep *ps, struct privsep_proc *p, void *arg) void ca_shutdown(struct privsep_proc *p) { - struct iked *env = p->p_env; + struct iked *env; struct ca_store *store; + if (p->p_ps == NULL) + return; + + env = p->p_ps->ps_env; if (env == NULL) return; ibuf_release(env->sc_certreq); @@ -209,7 +213,7 @@ ca_reset(struct privsep *ps) int ca_dispatch_parent(int fd, struct privsep_proc *p, struct imsg *imsg) { - struct iked *env = p->p_env; + struct iked *env = p->p_ps->ps_env; unsigned int mode; switch (imsg->hdr.type) { @@ -244,7 +248,7 @@ ca_dispatch_parent(int fd, struct privsep_proc *p, struct imsg *imsg) int ca_dispatch_ikev2(int fd, struct privsep_proc *p, struct imsg *imsg) { - struct iked *env = p->p_env; + struct iked *env = p->p_ps->ps_env; switch (imsg->hdr.type) { case IMSG_CERTREQ: @@ -266,7 +270,7 @@ ca_dispatch_ikev2(int fd, struct privsep_proc *p, struct imsg *imsg) int ca_dispatch_control(int fd, struct privsep_proc *p, struct imsg *imsg) { - struct iked *env = p->p_env; + struct iked *env = p->p_ps->ps_env; struct ca_store *store = env->sc_priv; switch (imsg->hdr.type) { |