From dad208a0d5acc3381b954210ff6666db9af1f4ee Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Marek=20Marczykowski-G=C3=B3recki?=
 <marmarek@invisiblethingslab.com>
Date: Mon, 13 Mar 2017 03:10:39 +0100
Subject: [PATCH] qrexec: fix pending requests cleanup code

There was a logic error in pending requests cleanup code, causing
policy_pending_max being set to 0, even if there were more pending
requests. This effectively limited maximum pending requests to 1, after
some system uptime, because policy_pending_max set to 0 makes the code
looks only at the first pending request slot.

While at it, remove outdated FIXME comment, actually this bug is in the
code implementing this FIXME.

Fixes QubesOS/qubes-issues#2699
---
 qrexec/qrexec-daemon.c | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/qrexec/qrexec-daemon.c b/qrexec/qrexec-daemon.c
index c53bac2..41cb7a4 100644
--- a/qrexec/qrexec-daemon.c
+++ b/qrexec/qrexec-daemon.c
@@ -590,8 +590,6 @@ static void reap_children()
 
     pid_t pid;
     while ((pid=waitpid(-1, &status, WNOHANG)) > 0) {
-        /* FIXME: perhaps keep max(policy_pending) somewhere to optimize this
-         * search */
         for (i = 0; i <= policy_pending_max; i++) {
             if (policy_pending[i].pid == pid) {
                 status = WEXITSTATUS(status);
@@ -602,7 +600,7 @@ static void reap_children()
                  * MSG_SERVICE_CONNECT from client handler */
                 policy_pending[i].pid = 0;
                 while (policy_pending_max > 0 &&
-                        policy_pending[policy_pending_max].pid > 0)
+                        policy_pending[policy_pending_max].pid == 0)
                     policy_pending_max--;
                 break;
             }