[Rt-commit] r7927 - rt/branches/3.7-EXPERIMENTAL-RTIR-2.4/lib/RT/Crypt

ruz at bestpractical.com ruz at bestpractical.com
Thu May 24 14:10:14 EDT 2007 

Author: ruz
Date: Thu May 24 14:10:13 2007
New Revision: 7927

Modified:
   rt/branches/3.7-EXPERIMENTAL-RTIR-2.4/lib/RT/Crypt/GnuPG.pm

Log:
* always pass all STD* handles to GnuPG interface even if we don't
  need them, just pass 'new IO::Handle' and then close it after _safe_run_child.
  we don't want to leak anything into FCGI/Apache/MP handles, this break things.
  So code should look like:
         my $handles = GnuPG::Handles->new(
             stdin  => ($handle{'input'}  = new IO::Handle),
             stdout => ($handle{'output'} = new IO::Handle),
             stderr => ($handle{'error'}  = new IO::Handle),
             ...
         );
* don't localize, change, print or read from/to STD* handles under mod_perl


Modified: rt/branches/3.7-EXPERIMENTAL-RTIR-2.4/lib/RT/Crypt/GnuPG.pm
==============================================================================
--- rt/branches/3.7-EXPERIMENTAL-RTIR-2.4/lib/RT/Crypt/GnuPG.pm	(original)
+++ rt/branches/3.7-EXPERIMENTAL-RTIR-2.4/lib/RT/Crypt/GnuPG.pm	Thu May 24 14:10:13 2007
@@ -276,7 +276,22 @@
        verbose
 );
 
+# DEV WARNING: always pass all STD* handles to GnuPG interface even if we don't
+# need them, just pass 'new IO::Handle' and then close it after _safe_run_child.
+# we don't want to leak anything into FCGI/Apache/MP handles, this break things.
+# So code should look like:
+#        my $handles = GnuPG::Handles->new(
+#            stdin  => ($handle{'input'}  = new IO::Handle),
+#            stdout => ($handle{'output'} = new IO::Handle),
+#            stderr => ($handle{'error'}  = new IO::Handle),
+#            ...
+#        );
+
 sub _safe_run_child (&) {
+    local @ENV{'LANG', 'LC_ALL'} = ('C', 'C');
+
+    return shift->() if $ENV{'MOD_PERL'};
+
     # We need to reopen stdout temporarily, because in FCGI
     # environment, stdout is tied to FCGI::Stream, and the child
     # of the run3 wouldn't be able to reopen STDOUT properly.
@@ -292,7 +307,6 @@
     $stderr->fdopen( 2, 'w' );
     local *STDERR = $stderr;
 
-    local @ENV{'LANG', 'LC_ALL'} = ('C', 'C');
     return shift->();
 }
 
@@ -1522,6 +1536,7 @@
 
     my %handle;
     my $handles = GnuPG::Handles->new(
+        stdin  => ($handle{'input'}  = new IO::Handle),
         stdout => ($handle{'output'} = new IO::Handle),
         stderr => ($handle{'error'}  = new IO::Handle),
         logger => ($handle{'logger'} = new IO::Handle),
@@ -1532,6 +1547,7 @@
         local $SIG{'CHLD'} = 'DEFAULT';
         my $method = $type eq 'private'? 'list_secret_keys': 'list_public_keys';
         my $pid = _safe_run_child { $gnupg->$method( handles => $handles, command_args => [ $email ]  ) };
+        close $handle{'input'};
         waitpid $pid, 0;
     };

More information about the Rt-commit mailing list