[Midnightbsd-cvs] [MidnightBSD/src] 756f86: prowld/prowlctl: fix JSON injection, partial send, ...

Lucas Holt noreply at github.com
Sat Apr 18 12:08:13 EDT 2026 

  Branch: refs/heads/feature/prowl
  Home:   https://github.com/MidnightBSD/src
  Commit: 756f8631146f14ffd84b5722e280d3d21d20deae
      https://github.com/MidnightBSD/src/commit/756f8631146f14ffd84b5722e280d3d21d20deae
  Author: Lucas Holt <luke at foolishgames.com>
  Date:   2026-04-18 (Sat, 18 Apr 2026)

  Changed paths:
    M sbin/prowlctl/prowlctl.c
    M sbin/prowld/ipc.c
    M sbin/prowld/prowld.h
    M sbin/prowld/supervisor.c

  Log Message:
  -----------
  prowld/prowlctl: fix JSON injection, partial send, UB, and fork safety

ipc.c:
- Add json_escape_str() that handles \, ", \n, \r, \t, and other
  control chars (\uXXXX).  Use it in job_to_json() for label,
  description, and rc_name, and in ipc_send_ok/error() for the
  client-supplied id field, preventing JSON injection via malformed
  job metadata.
- Add ipc_send_all() loop (retrying on EINTR) and use it in ipc_send()
  to guarantee full writes; a partial send previously corrupted the
  length-prefixed protocol framing.

prowlctl.c:
- Add send_all() loop (retrying on EINTR) and use it in send_request()
  for the same framing-correctness reason.
- Fix undefined behaviour in check_response(): msg[] was compared with
  strcmp() even when json_get_str() returned NULL, leaving the buffer
  uninitialised.  Gate the strcmp calls on has_msg boolean.

prowld.h / supervisor.c:
- Add PROWL_GROUPS_MAX (32) and pre-resolved privilege fields
  (run_uid, run_gid, run_groups[], run_ngroups, run_priv_set) to job_t.
- Add resolve_job_privileges() called in supervisor_start() in the
  parent before fork(): resolves user/group names via getpwnam(3),
  getgrnam(3), getgrouplist(3) — none of which are async-signal-safe.
- Rewrite drop_privileges() to use only async-signal-safe syscalls:
  setgroups(2), setgid(2), setuid(2), operating on the pre-resolved
  numeric IDs stored in the job struct.

AI-Assisted-by: Claude Sonnet 4.6
Signed-off-by: Lucas Holt <luke at foolishgames.com>



To unsubscribe from these emails, change your notification settings at https://github.com/MidnightBSD/src/settings/notifications

More information about the Midnightbsd-cvs mailing list