[server] call exit() upon execvpe() error, fixes #235

ChangeLog

@@ -2,6 +2,10 @@ fwknop-2.6.10 (11//2016):
     - [server] Add MAX_FW_TIMEOUT to access.conf stanzas to allow a maximum
       number of seconds for client-specified timeouts in SPA packets. This
       fixes issue #226 which was spotted by Jeremiah Rothschild.
+    - [server] Bug fix in CMD_EXEC mode to make sure to call exit() upon any
+      error from execvpe(). Without this fix, additional fwknopd processes
+      would be started upon a user specifying a command without the necessary
+      permissions. This bug was reported by Stephen Isard.
 
 fwknop-2.6.9 (06/08/2016):
     - (Jonathan Bennett) Added support for the SHA3 "Keccak" algorithm

server/extcmd.c

@@ -126,6 +126,7 @@ _run_extcmd(uid_t uid, gid_t gid, const char *cmd, char *so_buf,
     FILE   *output;
     int     retval = EXTCMD_SUCCESS_ALL_OUTPUT;
     int     line_ctr = 0, found_str = 0, do_break = 0;
+    int     es = 0;
 
     char   *argv_new[MAX_CMDLINE_ARGS]; /* for validation and/or execvpe() */
     int     argc_new=0;
@@ -203,7 +204,16 @@ _run_extcmd(uid_t uid, gid_t gid, const char *cmd, char *so_buf,
 
         /* don't use env
         */
-        execvpe(argv_new[0], argv_new, (char * const *)NULL);
+        es = execvpe(argv_new[0], argv_new, (char * const *)NULL);
+
+        if(es == -1)
+            log_msg(LOG_ERR, "run_extcmd(): execvpe() failed: %s", strerror(errno));
+
+        /* We only make it here if there was a problem with execvpe(),
+         * so exit() here either way to not leave another fwknopd process
+         * running after fork().
+        */
+        exit(es);
     }
     else if(pid == -1)
     {