In a0b7f56b3a3c ("passt-repair: Don't use perror(), accept ECONNRESET as
termination") we altered passt-repair to avoid perror() since the glibc
version used a number of syscalls we didn't really want to add to our
seccomp filter. We replaced the perror() calls with explicit messages just
printing the errno.
However, there are a number of other places we still explicitly use
strerror(errno). As we discovered in passt, at least the glibc version is
rather more complex than you'd expect since it deals with locales. Since
passt-repair is supposed to be minimal, and might be suid we want to avoid
this.
Consistently avoid strerror() with the help of a new ie_errno() macro which
prints errno as an integer instead.
Signed-off-by: David Gibson <david(a)gibson.dropbear.id.au>
---
passt-repair.c | 27 ++++++++++++++++-----------
1 file changed, 16 insertions(+), 11 deletions(-)
diff --git a/passt-repair.c b/passt-repair.c
index d785cd16..3c358e27 100644
--- a/passt-repair.c
+++ b/passt-repair.c
@@ -24,7 +24,6 @@
#include <stddef.h>
#include <stdio.h>
#include <stdlib.h>
-#include <string.h>
#include <limits.h>
#include <unistd.h>
#include <netdb.h>
@@ -47,6 +46,14 @@
_exit(status); \
} while (0)
+#define die_errno(...) \
+ do { \
+ int err_ = errno; \
+ fprintf(stderr, __VA_ARGS__); \
+ fprintf(stderr, ": %d\n", err_); \
+ _exit(1); \
+ } while (0)
+
/**
* main() - Entry point and whole program with loop
* @argc: Argument count, must be 2
@@ -80,7 +87,7 @@ int main(int argc, char **argv)
prog.filter = filter_repair;
if (prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0) ||
prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, &prog))
- die(1, "Failed to apply seccomp filter");
+ die_errno("Failed to apply seccomp filter");
iov = (struct iovec){ &cmd, sizeof(cmd) };
msg = (struct msghdr){ .msg_name = NULL, .msg_namelen = 0,
@@ -98,12 +105,10 @@ int main(int argc, char **argv)
die(2, "Invalid socket path: %s", argv[1]);
if ((s = socket(AF_UNIX, SOCK_STREAM, 0)) < 0)
- die(1, "Failed to create AF_UNIX socket: %i", errno);
+ die_errno("Failed to create AF_UNIX socket");
- if (connect(s, (struct sockaddr *)&a, sizeof(a))) {
- die(1, "Failed to connect to %s: %s", argv[1],
- strerror(errno));
- }
+ if (connect(s, (struct sockaddr *)&a, sizeof(a)))
+ die_errno("Failed to connect to %s", argv[1]);
loop:
ret = recvmsg(s, &msg, 0);
@@ -111,7 +116,7 @@ loop:
if (errno == ECONNRESET)
ret = 0;
else
- die(1, "Failed to read message: %i", errno);
+ die_errno("Failed to read message");
}
if (!ret) /* Done */
@@ -147,8 +152,8 @@ loop:
for (i = 0; i < n; i++) {
if (setsockopt(fds[i], SOL_TCP, TCP_REPAIR, &op, sizeof(op))) {
- die(1, "Setting TCP_REPAIR to %i on socket %i: %s",
- op, fds[i], strerror(errno));
+ die_errno("Setting TCP_REPAIR to %i on socket %i",
+ op, fds[i]);
}
/* Close _our_ copy */
@@ -157,7 +162,7 @@ loop:
/* Confirm setting by echoing the command back */
if (send(s, &cmd, sizeof(cmd), 0) < 0)
- die(1, "Reply to %i: %s", op, strerror(errno));
+ die_errno("Reply to %i", op);
goto loop;
--
2.48.1