ignore sigchld to avoid leaving behind zombies. fix from jschauma. se…

…tting global signal handlers in the plugin isnt ideal, but doesnt appear to interfere with normal openvpn operation.
duosecurity · Sep 24, 2012 · 3b890e6 · 3b890e6
1 parent 0b4a0af
commit 3b890e6
Showing 1 changed file with 18 additions and 15 deletions.
diff --git a/duo_openvpn.c b/duo_openvpn.c
@@ -57,28 +57,31 @@ auth_user_pass_verify(struct context *ctx, const char *args[], const char *envp[
 		return OPENVPN_PLUGIN_FUNC_ERROR;
 	}
 
+	/* prevent leaving behind zombies */
+	signal(SIGCHLD, SIG_IGN);
+
 	pid = fork();
 	if (pid < 0) {
 		return OPENVPN_PLUGIN_FUNC_ERROR;
 	}
-
-	if (pid == 0) {
-		if (ctx->ikey && ctx->skey && ctx->host) {
-			setenv("ikey", ctx->ikey, 1);
-			setenv("skey", ctx->skey, 1);
-			setenv("host", ctx->host, 1);
-		}
-
-		setenv("control", control, 1);
-		setenv("username", username, 1);
-		setenv("password", password, 1);
-		setenv("ipaddr", ipaddr, 1);
 
-		execvp(argv[0], argv);
-		exit(1);
+	if (pid > 0) {
+		return OPENVPN_PLUGIN_FUNC_DEFERRED;
 	}
+
+	if (ctx->ikey && ctx->skey && ctx->host) {
+		setenv("ikey", ctx->ikey, 1);
+		setenv("skey", ctx->skey, 1);
+		setenv("host", ctx->host, 1);
+	}
+
+	setenv("control", control, 1);
+	setenv("username", username, 1);
+	setenv("password", password, 1);
+	setenv("ipaddr", ipaddr, 1);
 
-	return OPENVPN_PLUGIN_FUNC_DEFERRED;
+	execvp(argv[0], argv);
+	exit(1);
 }
 
 OPENVPN_EXPORT int