From 0e99adc5d1b07315098e183ba986ae8f348a7340 Mon Sep 17 00:00:00 2001 From: Alex Tomlins Date: Tue, 22 Jan 2019 21:12:43 +0000 Subject: [PATCH] Fix potential deadlock condition in nft_get_handle This was susceptible to the same deadlock issue that ipt_chain_exists had and was fixed in d43db80 where if the command returned a significant amount of output, it wouldn't all be read in, resulting in the subprocess hanging waiting for the output to be read. --- sshuttle/linux.py | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/sshuttle/linux.py b/sshuttle/linux.py index f2704a3..c541a35 100644 --- a/sshuttle/linux.py +++ b/sshuttle/linux.py @@ -74,13 +74,13 @@ def nft_get_handle(expression, chain): 'PATH': os.environ['PATH'], 'LC_ALL': "C", } - p = ssubprocess.Popen(argv, stdout=ssubprocess.PIPE, env=env) - for line in p.stdout: - if (b'jump %s' % chain.encode('utf-8')) in line: - return re.sub('.*# ', '', line.decode('utf-8')) - rv = p.wait() - if rv: - raise Fatal('%r returned %d' % (argv, rv)) + try: + output = ssubprocess.check_output(argv, env=env) + for line in output.decode('utf-8').split('\n'): + if ('jump %s' % chain) in line: + return re.sub('.*# ', '', line) + except ssubprocess.CalledProcessError as e: + raise Fatal('%r returned %d' % (argv, e.returncode)) _no_ttl_module = False