char *_argv[2];
if (stdout_fd >= 0) {
- r = rearrange_stdio(STDIN_FILENO, stdout_fd, STDERR_FILENO);
+ r = rearrange_stdio(STDIN_FILENO, TAKE_FD(stdout_fd), STDERR_FILENO);
if (r < 0)
_exit(EXIT_FAILURE);
}
_cleanup_hashmap_free_free_ Hashmap *pids = NULL;
_cleanup_strv_free_ char **paths = NULL;
- char **path, **e;
int r;
bool parallel_execution;
}
static int gather_environment_generate(int fd, void *arg) {
- char ***env = arg, **x, **y;
+ char ***env = ASSERT_PTR(arg);
_cleanup_fclose_ FILE *f = NULL;
_cleanup_strv_free_ char **new = NULL;
int r;
* fd is always consumed, even on error.
*/
- assert(env);
-
f = fdopen(fd, "r");
if (!f) {
safe_close(fd);
static int gather_environment_collect(int fd, void *arg) {
_cleanup_fclose_ FILE *f = NULL;
- char ***env = arg;
+ char ***env = ASSERT_PTR(arg);
int r;
/* Write out a series of env=cescape(VAR=value) assignments to fd. */
- assert(env);
-
f = fdopen(fd, "w");
if (!f) {
safe_close(fd);
static int gather_environment_consume(int fd, void *arg) {
_cleanup_fclose_ FILE *f = NULL;
- char ***env = arg;
+ char ***env = ASSERT_PTR(arg);
int r = 0;
/* Read a series of env=cescape(VAR=value) assignments from fd into env. */
- assert(env);
-
f = fdopen(fd, "r");
if (!f) {
safe_close(fd);
int exec_command_flags_from_strv(char **ex_opts, ExecCommandFlags *flags) {
ExecCommandFlags ex_flag, ret_flags = 0;
- char **opt;
assert(flags);
return 1 << idx;
}
-_noreturn_ void freeze(void) {
- log_close();
-
- /* Make sure nobody waits for us on a socket anymore */
- (void) close_all_fds_full(NULL, 0, false);
-
- sync();
-
- /* Let's not freeze right away, but keep reaping zombies. */
- for (;;) {
- int r;
- siginfo_t si = {};
-
- r = waitid(P_ALL, 0, &si, WEXITED);
- if (r < 0 && errno != EINTR)
- break;
- }
+int fexecve_or_execve(int executable_fd, const char *executable, char *const argv[], char *const envp[]) {
+ /* Refuse invalid fds, regardless if fexecve() use is enabled or not */
+ if (executable_fd < 0)
+ return -EBADF;
- /* waitid() failed with an unexpected error, things are really borked. Freeze now! */
- for (;;)
- pause();
-}
+ /* Block any attempts on exploiting Linux' liberal argv[] handling, i.e. CVE-2021-4034 and suchlike */
+ if (isempty(executable) || strv_isempty(argv))
+ return -EINVAL;
-int fexecve_or_execve(int executable_fd, const char *executable, char *const argv[], char *const envp[]) {
#if ENABLE_FEXECVE
+
execveat(executable_fd, "", argv, envp, AT_EMPTY_PATH);
if (IN_SET(errno, ENOSYS, ENOENT) || ERRNO_IS_PRIVILEGE(errno))
return -errno;
}
-int fork_agent(const char *name, int except[], size_t n_except, pid_t *ret_pid, const char *path, ...) {
+int fork_agent(const char *name, const int except[], size_t n_except, pid_t *ret_pid, const char *path, ...) {
bool stdout_is_tty, stderr_is_tty;
size_t n, i;
va_list ap;
* stdin around. */
fd = open("/dev/tty", O_WRONLY);
if (fd < 0) {
- if (errno != -ENXIO) {
+ if (errno != ENXIO) {
log_error_errno(errno, "Failed to open /dev/tty: %m");
_exit(EXIT_FAILURE);
}
projects / thirdparty / systemd.git / blobdiff