From d3ba64756dca58f15d0ff0c3750c5711dd30aaf6 Mon Sep 17 00:00:00 2001
From: Robert Swiecki <robert@swiecki.net>
Date: Sun, 30 Aug 2020 23:22:22 +0200
Subject: [PATCH] nsjail: don't add connections to the proxy map if launching a
 new process failed

---
 nsjail.cc | 21 +++++++++++++++------
 1 file changed, 15 insertions(+), 6 deletions(-)

diff --git a/nsjail.cc b/nsjail.cc
index 52f85f6..be8b604 100644
--- a/nsjail.cc
+++ b/nsjail.cc
@@ -240,16 +240,25 @@ static int listenMode(nsjconf_t* nsjconf) {
 					PLOG_E("pipe");
 					continue;
 				}
+
 				pid_t pid =
 				    subproc::runChild(nsjconf, connfd, in[0], out[1], out[1]);
-				nsjconf->pipes.push_back({
-				    .sock_fd = connfd,
-				    .pipe_in = in[1],
-				    .pipe_out = out[0],
-				    .pid = pid,
-				});
+
 				close(in[0]);
 				close(out[1]);
+
+				if (pid <= 0) {
+					close(in[1]);
+					close(out[0]);
+					close(connfd);
+				} else {
+					nsjconf->pipes.push_back({
+					    .sock_fd = connfd,
+					    .pipe_in = in[1],
+					    .pipe_out = out[0],
+					    .pid = pid,
+					});
+				}
 			}
 		}
 		subproc::reapProc(nsjconf);
-- 
2.34.1