On 2023-03-15, at 22:44:47 +0100, Florian Westphal wrote: > Jeremy Sowden <jeremy@xxxxxxxxxx> wrote: > > If ulogd2 receives a signal it will attempt to re-open the pcap output > > file. If this fails (because the permissions or ownership have changed > > for example), the FILE pointer will be null and when the next packet > > comes in, the null pointer will be passed to fwrite and ulogd will > > crash. > > > > Instead, check that the pointer is not null before using it. If it is > > null, then periodically attempt to open it again. We only return an > > error from interp_pcap on those occasions when we try and fail to open > > the output file, in order to avoid spamming the ulogd log-file every > > time a packet isn't written. > > I think its better to fix this at the source, i.e. in > signal_handler_task(). It should probably *first* try to open the file, > and only close the old one if that worked. > > Does that make sense to you? Yeah, that would be simpler. v3 to follow. J.
Attachment:
signature.asc
Description: PGP signature