From ba2892396a6a3cfae7482e7d42d0a491eb2e723a Mon Sep 17 00:00:00 2001
From: Simon McVittie <simon.mcvittie@collabora.co.uk>
Date: Wed, 29 Jun 2011 16:44:33 +0100
Subject: [PATCH] bus signal_handler: call _exit in the unlikely event that the
 pipe is full or invalid

On OSs with abstract sockets, this is close enough. On OSs without
abstract sockets, this results in failing to clean up Unix sockets
in /tmp if someone has sent us thousands of SIGHUP signals since we
last entered the main loop - I think that's acceptable.

The reload pipe should never get closed, but if it is for some reason,
we want a SIGTERM after that to cause an exit too.

Bug: https://bugs.freedesktop.org/show_bug.cgi?id=38656
Reviewed-by: Will Thompson <will.thompson@collabora.co.uk>
---
 bus/main.c | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/bus/main.c b/bus/main.c
index b35ccf6..47f38c8 100644
--- a/bus/main.c
+++ b/bus/main.c
@@ -101,13 +101,19 @@ signal_handler (int sig)
         DBusString str;
         char action[2] = { ACTION_QUIT, '\0' };
         _dbus_string_init_const (&str, action);
-        if ((reload_pipe[RELOAD_WRITE_END] > 0) &&
+        if ((reload_pipe[RELOAD_WRITE_END] < 0) ||
             !_dbus_write_socket (reload_pipe[RELOAD_WRITE_END], &str, 0, 1))
           {
+            /* If we can't write to the socket, dying seems a more
+             * important response to SIGTERM than cleaning up sockets,
+             * so we exit. We'd use exit(), but that's not async-signal-safe,
+             * so we'll have to resort to _exit(). */
             static const char message[] =
-              "Unable to write to reload pipe - buffer full?\n";
+              "Unable to write termination signal to pipe - buffer full?\n"
+              "Will exit instead.\n";
 
             write (STDERR_FILENO, message, strlen (message));
+            _exit (1);
           }
       }
       break;
-- 
2.7.4