Open /dev/null instead of passing non-functional stderr to CSD trojans

When the auth-dialog is invoked from gnome-shell, it *closes* the other
end of our stderr. Detect this with ferror(stderr), and open /dev/null
instead. This prevents CSD scripts from taking SIGPIPE when writing to
stderr (which we also dup to be their stdout) and aborting.

Signed-off-by: David Woodhouse <dwmw2@infradead.org>

auth.c

@@ -1175,8 +1175,19 @@ static int run_csd_script(struct openconnect_info *vpninfo, char *buf, int bufle
                                           "CSD code with root privileges\n"
                                           "\t Use command line option \"--csd-user\"\n"));
                 }
-                /* Spurious stdout output from the CSD trojan will break both
-                   the NM tool and the various cookieonly modes. */
+                /*
+		 * Spurious stdout output from the CSD trojan will break both
+		 * the NM tool and the various cookieonly modes.
+		 * Also, gnome-shell *closes* stderr so attempt to cope with that
+		 * by opening /dev/null, because otherwise some CSD scripts fail.
+		 * Actually, perhaps we should set up our own pipes, and report
+		 * the trojan's output via vpn_progress().
+		 */
+		if (ferror(stderr)) {
+			int nulfd = open("/dev/null", O_WRONLY);
+			dup2(nulfd, 2);
+			close(nulfd);
+		}
                 dup2(2, 1);
                 if (vpninfo->csd_wrapper)
                         csd_argv[i++] = openconnect_utf8_to_legacy(vpninfo,

www/changelog.xml

@@ -15,7 +15,7 @@
 <ul>
    <li><b>OpenConnect HEAD</b>
      <ul>
-       <li><i>No changelog entries yet</i></li>
+       <li>Don't give non-functioning <tt>stderr</tt> to CSD trojan scripts.</li>
      </ul><br/>
   </li>
   <li><b><a href="ftp://ftp.infradead.org/pub/openconnect/openconnect-8.07.tar.gz">OpenConnect v8.07</a></b>