[ipfire-2.x.git] / src / patches / ppp / ppp-2.5.0-1-we-don-t-want-to-accidentally-leak-fds.patch

diff -Naur pppd.orig/auth.c pppd/auth.c
--- pppd.orig/auth.c	2023-03-25 05:38:30.000000000 +0100
+++ pppd/auth.c	2023-06-30 12:38:13.748482796 +0200
@@ -518,7 +518,7 @@
         free(fname);
 	return 0;
     }
-    ufile = fopen(fname, "r");
+    ufile = fopen(fname, "re");
     if (seteuid(euid) == -1)
 	fatal("unable to regain privileges: %m");
     if (ufile == NULL) {
@@ -1535,7 +1535,7 @@
     filename = PPP_PATH_UPAPFILE;
     addrs = opts = NULL;
     ret = UPAP_AUTHNAK;
-    f = fopen(filename, "r");
+    f = fopen(filename, "re");
     if (f == NULL) {
 	error("Can't open PAP password file %s: %m", filename);
 
@@ -1635,7 +1635,7 @@
     if (ret <= 0) {
 	filename = PPP_PATH_UPAPFILE;
 	addrs = NULL;
-	f = fopen(filename, "r");
+	f = fopen(filename, "re");
 	if (f == NULL)
 	    return 0;
 	check_access(f, filename);
@@ -1681,7 +1681,7 @@
     }
 
     filename = PPP_PATH_UPAPFILE;
-    f = fopen(filename, "r");
+    f = fopen(filename, "re");
     if (f == NULL)
 	return 0;
     check_access(f, filename);
@@ -1718,7 +1718,7 @@
     }
 
     filename = PPP_PATH_UPAPFILE;
-    f = fopen(filename, "r");
+    f = fopen(filename, "re");
     if (f == NULL)
 	return 0;
 
@@ -1760,7 +1760,7 @@
     }
 
     filename = PPP_PATH_CHAPFILE;
-    f = fopen(filename, "r");
+    f = fopen(filename, "re");
     if (f == NULL)
 	return 0;
 
@@ -1798,7 +1798,7 @@
     struct wordlist *addrs;
 
     filename = PPP_PATH_SRPFILE;
-    f = fopen(filename, "r");
+    f = fopen(filename, "re");
     if (f == NULL)
 	return 0;
 
@@ -1849,7 +1849,7 @@
 	addrs = NULL;
 	secbuf[0] = 0;
 
-	f = fopen(filename, "r");
+	f = fopen(filename, "re");
 	if (f == NULL) {
 	    error("Can't open chap secret file %s: %m", filename);
 	    return 0;
@@ -1902,7 +1902,7 @@
 	filename = PPP_PATH_SRPFILE;
 	addrs = NULL;
 
-	fp = fopen(filename, "r");
+	fp = fopen(filename, "re");
 	if (fp == NULL) {
 	    error("Can't open srp secret file %s: %m", filename);
 	    return 0;
@@ -2291,7 +2291,7 @@
 	     */
 	    if (word[0] == '@' && word[1] == '/') {
 		strlcpy(atfile, word+1, sizeof(atfile));
-		if ((sf = fopen(atfile, "r")) == NULL) {
+		if ((sf = fopen(atfile, "re")) == NULL) {
 		    warn("can't open indirect secret file %s", atfile);
 		    continue;
 		}
@@ -2461,7 +2461,7 @@
     char pkfile[MAXWORDLEN];
 
     filename = PPP_PATH_EAPTLSSERVFILE;
-    f = fopen(filename, "r");
+    f = fopen(filename, "re");
     if (f == NULL)
 		return 0;
 
@@ -2518,7 +2518,7 @@
 		return 1;
 
     filename = PPP_PATH_EAPTLSCLIFILE;
-    f = fopen(filename, "r");
+    f = fopen(filename, "re");
     if (f == NULL)
 		return 0;
 
@@ -2738,7 +2738,7 @@
 		filename = (am_server ? PPP_PATH_EAPTLSSERVFILE : PPP_PATH_EAPTLSCLIFILE);
 		addrs = NULL;
 
-		fp = fopen(filename, "r");
+		fp = fopen(filename, "re");
 		if (fp == NULL)
 		{
 			error("Can't open eap-tls secret file %s: %m", filename);
diff -Naur pppd.orig/options.c pppd/options.c
--- pppd.orig/options.c	2023-03-25 05:38:30.000000000 +0100
+++ pppd/options.c	2023-06-30 12:42:19.262593140 +0200
@@ -555,7 +555,7 @@
 	ppp_option_error("unable to drop privileges to open %s: %m", filename);
 	return 0;
     }
-    f = fopen(filename, "r");
+    f = fopen(filename, "re");
     err = errno;
     if (check_prot && seteuid(euid) == -1)
 	fatal("unable to regain privileges");
diff -Naur pppd.orig/sys-linux.c pppd/sys-linux.c
--- pppd.orig/sys-linux.c	2023-03-10 02:50:41.000000000 +0100
+++ pppd/sys-linux.c	2023-06-30 12:43:20.634453475 +0200
@@ -1978,7 +1978,7 @@
 	/* Default the mount location of /proc */
 	strlcpy (proc_path, "/proc", sizeof(proc_path));
 	proc_path_len = 5;
-	fp = fopen(MOUNTED, "r");
+	fp = fopen(MOUNTED, "re");
 	if (fp != NULL) {
 	    while ((mntent = getmntent(fp)) != NULL) {
 		if (strcmp(mntent->mnt_type, MNTTYPE_IGNORE) == 0)
@@ -2038,7 +2038,7 @@
     close_route_table();
 
     path = path_to_procfs("/net/route");
-    route_fd = fopen (path, "r");
+    route_fd = fopen (path, "re");
     if (route_fd == NULL) {
 	error("can't open routing table %s: %m", path);
 	return 0;
@@ -2322,7 +2322,7 @@
     close_route_table();
 
     path = path_to_procfs("/net/ipv6_route");
-    route_fd = fopen (path, "r");
+    route_fd = fopen (path, "re");
     if (route_fd == NULL) {
 	error("can't open routing table %s: %m", path);
 	return 0;
Commit	Line	Data
27a3ef98 AB	1	diff -Naur pppd.orig/auth.c pppd/auth.c
	2	--- pppd.orig/auth.c 2023-03-25 05:38:30.000000000 +0100
	3	+++ pppd/auth.c 2023-06-30 12:38:13.748482796 +0200
	4	@@ -518,7 +518,7 @@
	5	free(fname);
172c1f72 MT	6	return 0;
	7	}
	8	- ufile = fopen(fname, "r");
	9	+ ufile = fopen(fname, "re");
	10	if (seteuid(euid) == -1)
	11	fatal("unable to regain privileges: %m");
	12	if (ufile == NULL) {
27a3ef98 AB	13	@@ -1535,7 +1535,7 @@
27a3ef98 AB	14	filename = PPP_PATH_UPAPFILE;
172c1f72 MT	15	addrs = opts = NULL;
	16	ret = UPAP_AUTHNAK;
	17	- f = fopen(filename, "r");
	18	+ f = fopen(filename, "re");
	19	if (f == NULL) {
	20	error("Can't open PAP password file %s: %m", filename);
	21
27a3ef98	22	@@ -1635,7 +1635,7 @@
172c1f72	23	if (ret <= 0) {
27a3ef98	24	filename = PPP_PATH_UPAPFILE;
172c1f72 MT	25	addrs = NULL;
	26	- f = fopen(filename, "r");
	27	+ f = fopen(filename, "re");
	28	if (f == NULL)
	29	return 0;
	30	check_access(f, filename);
27a3ef98	31	@@ -1681,7 +1681,7 @@
172c1f72 MT	32	}
172c1f72 MT	33
27a3ef98	34	filename = PPP_PATH_UPAPFILE;
172c1f72 MT	35	- f = fopen(filename, "r");
	36	+ f = fopen(filename, "re");
	37	if (f == NULL)
	38	return 0;
	39	check_access(f, filename);
27a3ef98	40	@@ -1718,7 +1718,7 @@
172c1f72 MT	41	}
172c1f72 MT	42
27a3ef98	43	filename = PPP_PATH_UPAPFILE;
172c1f72 MT	44	- f = fopen(filename, "r");
	45	+ f = fopen(filename, "re");
	46	if (f == NULL)
	47	return 0;
	48
27a3ef98	49	@@ -1760,7 +1760,7 @@
172c1f72 MT	50	}
172c1f72 MT	51
27a3ef98	52	filename = PPP_PATH_CHAPFILE;
172c1f72 MT	53	- f = fopen(filename, "r");
	54	+ f = fopen(filename, "re");
	55	if (f == NULL)
	56	return 0;
	57
27a3ef98	58	@@ -1798,7 +1798,7 @@
172c1f72 MT	59	struct wordlist *addrs;
172c1f72 MT	60
27a3ef98	61	filename = PPP_PATH_SRPFILE;
172c1f72 MT	62	- f = fopen(filename, "r");
	63	+ f = fopen(filename, "re");
	64	if (f == NULL)
	65	return 0;
	66
27a3ef98	67	@@ -1849,7 +1849,7 @@
172c1f72 MT	68	addrs = NULL;
	69	secbuf[0] = 0;
	70
	71	- f = fopen(filename, "r");
	72	+ f = fopen(filename, "re");
	73	if (f == NULL) {
	74	error("Can't open chap secret file %s: %m", filename);
	75	return 0;
27a3ef98 AB	76	@@ -1902,7 +1902,7 @@
27a3ef98 AB	77	filename = PPP_PATH_SRPFILE;
172c1f72 MT	78	addrs = NULL;
	79
	80	- fp = fopen(filename, "r");
	81	+ fp = fopen(filename, "re");
	82	if (fp == NULL) {
	83	error("Can't open srp secret file %s: %m", filename);
	84	return 0;
27a3ef98	85	@@ -2291,7 +2291,7 @@
172c1f72 MT	86	*/
	87	if (word[0] == '@' && word[1] == '/') {
	88	strlcpy(atfile, word+1, sizeof(atfile));
	89	- if ((sf = fopen(atfile, "r")) == NULL) {
	90	+ if ((sf = fopen(atfile, "re")) == NULL) {
	91	warn("can't open indirect secret file %s", atfile);
	92	continue;
	93	}
27a3ef98 AB	94	@@ -2461,7 +2461,7 @@
	95	char pkfile[MAXWORDLEN];
	96
	97	filename = PPP_PATH_EAPTLSSERVFILE;
	98	- f = fopen(filename, "r");
	99	+ f = fopen(filename, "re");
	100	if (f == NULL)
	101	return 0;
	102
	103	@@ -2518,7 +2518,7 @@
	104	return 1;
	105
	106	filename = PPP_PATH_EAPTLSCLIFILE;
	107	- f = fopen(filename, "r");
	108	+ f = fopen(filename, "re");
	109	if (f == NULL)
	110	return 0;
	111
	112	@@ -2738,7 +2738,7 @@
	113	filename = (am_server ? PPP_PATH_EAPTLSSERVFILE : PPP_PATH_EAPTLSCLIFILE);
	114	addrs = NULL;
	115
	116	- fp = fopen(filename, "r");
	117	+ fp = fopen(filename, "re");
	118	if (fp == NULL)
	119	{
	120	error("Can't open eap-tls secret file %s: %m", filename);
	121	diff -Naur pppd.orig/options.c pppd/options.c
	122	--- pppd.orig/options.c 2023-03-25 05:38:30.000000000 +0100
	123	+++ pppd/options.c 2023-06-30 12:42:19.262593140 +0200
	124	@@ -555,7 +555,7 @@
	125	ppp_option_error("unable to drop privileges to open %s: %m", filename);
172c1f72 MT	126	return 0;
	127	}
	128	- f = fopen(filename, "r");
	129	+ f = fopen(filename, "re");
	130	err = errno;
	131	if (check_prot && seteuid(euid) == -1)
	132	fatal("unable to regain privileges");
27a3ef98 AB	133	diff -Naur pppd.orig/sys-linux.c pppd/sys-linux.c
	134	--- pppd.orig/sys-linux.c 2023-03-10 02:50:41.000000000 +0100
	135	+++ pppd/sys-linux.c 2023-06-30 12:43:20.634453475 +0200
	136	@@ -1978,7 +1978,7 @@
172c1f72 MT	137	/* Default the mount location of /proc */
	138	strlcpy (proc_path, "/proc", sizeof(proc_path));
	139	proc_path_len = 5;
	140	- fp = fopen(MOUNTED, "r");
	141	+ fp = fopen(MOUNTED, "re");
	142	if (fp != NULL) {
	143	while ((mntent = getmntent(fp)) != NULL) {
	144	if (strcmp(mntent->mnt_type, MNTTYPE_IGNORE) == 0)
27a3ef98	145	@@ -2038,7 +2038,7 @@
172c1f72 MT	146	close_route_table();
	147
	148	path = path_to_procfs("/net/route");
	149	- route_fd = fopen (path, "r");
	150	+ route_fd = fopen (path, "re");
	151	if (route_fd == NULL) {
	152	error("can't open routing table %s: %m", path);
	153	return 0;
27a3ef98 AB	154	@@ -2322,7 +2322,7 @@
	155	close_route_table();
	156
	157	path = path_to_procfs("/net/ipv6_route");
	158	- route_fd = fopen (path, "r");
	159	+ route_fd = fopen (path, "re");
	160	if (route_fd == NULL) {
	161	error("can't open routing table %s: %m", path);
	162	return 0;