mhenr18
commented
10 years ago Plans for indicating errors to the user (as there's no point in checking return values if we can't do anything to fail gracefully):
- Pre-injection, errors in the injector side simply get logged to stderr and the injector terminates.
- Once the bootstrap payload's injected and before comms are established, any errors get written to the signal file - a non-empty file indicates an error that needs printing to the injector's stderr and the injector should terminate.
- After comms (i.e stdin/out/err) are established, we handle payload errors (i.e failure to load the .dylib/no entry point) by writing to stderr and closing it all of the comms files (which will cause the injector to terminate).
- Once the payload's entry point is called, the bootstrap payload has no more code executed (so nothing can go wrong there), and the injector acts as a dumb pipe - any errors there just result in a stderr message and termination of the injector. At this point termination of the injector could be intended, so there's no special error case in the payload.
This leaves only two errors that can't be signalled easily to the user.
- Failure to find the signal file. We solve this by using a timeout in the injector.
- Failure to open the comms FIFO files in the payload (as the signal file has been written but we have no comms at this stage). Again, we solve this by using a timeout in the injector.
(A complete crash in the target process due to a segfault or some other fatal error would be resolved by the timeout being hit and us noticing that the target process has terminated)
I'm looking at a 10 second default timeout - this should be fairly lenient considering that the bootstrap payload runs as a new thread and so can't be blocked. If this becomes an issue I can add a flag to alter this behaviour.
An implementation of the timeouts to catch the last few errors also solves #7.
Title basically states the issue at hand. There's many API calls being made that might fail (read/write are excellent culprits) and there's zero checking/error handling happening for quite a few of them.