From a0d51e8d0e866538632b16e13a5f51bc80eacf48 Mon Sep 17 00:00:00 2001 From: Erik E Brady Date: Thu, 29 Mar 2018 11:00:56 -0700 Subject: [PATCH] credential: ignore SIGPIPE when writing to credential helpers The credential subsystem can trigger SIGPIPE when writing to an external helper if that helper closes its stdin before reading the whole input. Normally this is rare, since helpers would need to read that input to make a decision about how to respond, but: 1. It's reasonable to configure a helper which only handles "get" while ignoring "store". Such a handler might not read stdin for "store", thereby rapidly closing stdin upon helper exit. 2. A broken or misbehaving helper might exit immediately. That's an error, but it's not reasonable for it to take down the parent Git process with SIGPIPE. Even with such a helper, seeing this problem should be rare. Getting SIGPIPE requires the helper racily exiting before we've written the fairly small credential output. Signed-off-by: Erik E Brady Reviewed-by: Jeff King Signed-off-by: Junio C Hamano --- credential.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/credential.c b/credential.c index 9747f47b18..62be651b03 100644 --- a/credential.c +++ b/credential.c @@ -5,6 +5,7 @@ #include "run-command.h" #include "url.h" #include "prompt.h" +#include "sigchain.h" void credential_init(struct credential *c) { @@ -227,8 +228,10 @@ static int run_credential_helper(struct credential *c, return -1; fp = xfdopen(helper.in, "w"); + sigchain_push(SIGPIPE, SIG_IGN); credential_write(c, fp); fclose(fp); + sigchain_pop(SIGPIPE); if (want_output) { int r;