[ipfire-2.x.git] / src / patches / ppp / 0012-pppd-we-don-t-want-to-accidentally-leak-fds.patch

From 82cd789df0f022eb6f3d28646e7a61d1d0715805 Mon Sep 17 00:00:00 2001
From: Michal Sekletar <msekleta@redhat.com>
Date: Mon, 7 Apr 2014 12:23:36 +0200
Subject: [PATCH 12/25] pppd: we don't want to accidentally leak fds

---
 pppd/auth.c      | 20 ++++++++++----------
 pppd/options.c   |  2 +-
 pppd/sys-linux.c |  4 ++--
 3 files changed, 13 insertions(+), 13 deletions(-)

diff --git a/pppd/auth.c b/pppd/auth.c
index 4271af6..9e957fa 100644
--- a/pppd/auth.c
+++ b/pppd/auth.c
@@ -428,7 +428,7 @@ setupapfile(argv)
 	option_error("unable to reset uid before opening %s: %m", fname);
 	return 0;
     }
-    ufile = fopen(fname, "r");
+    ufile = fopen(fname, "re");
     if (seteuid(euid) == -1)
 	fatal("unable to regain privileges: %m");
     if (ufile == NULL) {
@@ -1413,7 +1413,7 @@ check_passwd(unit, auser, userlen, apasswd, passwdlen, msg)
     filename = _PATH_UPAPFILE;
     addrs = opts = NULL;
     ret = UPAP_AUTHNAK;
-    f = fopen(filename, "r");
+    f = fopen(filename, "re");
     if (f == NULL) {
 	error("Can't open PAP password file %s: %m", filename);
 
@@ -1512,7 +1512,7 @@ null_login(unit)
     if (ret <= 0) {
 	filename = _PATH_UPAPFILE;
 	addrs = NULL;
-	f = fopen(filename, "r");
+	f = fopen(filename, "re");
 	if (f == NULL)
 	    return 0;
 	check_access(f, filename);
@@ -1559,7 +1559,7 @@ get_pap_passwd(passwd)
     }
 
     filename = _PATH_UPAPFILE;
-    f = fopen(filename, "r");
+    f = fopen(filename, "re");
     if (f == NULL)
 	return 0;
     check_access(f, filename);
@@ -1597,7 +1597,7 @@ have_pap_secret(lacks_ipp)
     }
 
     filename = _PATH_UPAPFILE;
-    f = fopen(filename, "r");
+    f = fopen(filename, "re");
     if (f == NULL)
 	return 0;
 
@@ -1642,7 +1642,7 @@ have_chap_secret(client, server, need_ip, lacks_ipp)
     }
 
     filename = _PATH_CHAPFILE;
-    f = fopen(filename, "r");
+    f = fopen(filename, "re");
     if (f == NULL)
 	return 0;
 
@@ -1684,7 +1684,7 @@ have_srp_secret(client, server, need_ip, lacks_ipp)
     struct wordlist *addrs;
 
     filename = _PATH_SRPFILE;
-    f = fopen(filename, "r");
+    f = fopen(filename, "re");
     if (f == NULL)
 	return 0;
 
@@ -1740,7 +1740,7 @@ get_secret(unit, client, server, secret, secret_len, am_server)
 	addrs = NULL;
 	secbuf[0] = 0;
 
-	f = fopen(filename, "r");
+	f = fopen(filename, "re");
 	if (f == NULL) {
 	    error("Can't open chap secret file %s: %m", filename);
 	    return 0;
@@ -1797,7 +1797,7 @@ get_srp_secret(unit, client, server, secret, am_server)
 	filename = _PATH_SRPFILE;
 	addrs = NULL;
 
-	fp = fopen(filename, "r");
+	fp = fopen(filename, "re");
 	if (fp == NULL) {
 	    error("Can't open srp secret file %s: %m", filename);
 	    return 0;
@@ -2203,7 +2203,7 @@ scan_authfile(f, client, server, secret, addrs, opts, filename, flags)
 	     */
 	    if (word[0] == '@' && word[1] == '/') {
 		strlcpy(atfile, word+1, sizeof(atfile));
-		if ((sf = fopen(atfile, "r")) == NULL) {
+		if ((sf = fopen(atfile, "re")) == NULL) {
 		    warn("can't open indirect secret file %s", atfile);
 		    continue;
 		}
diff --git a/pppd/options.c b/pppd/options.c
index 45fa742..1d754ae 100644
--- a/pppd/options.c
+++ b/pppd/options.c
@@ -427,7 +427,7 @@ options_from_file(filename, must_exist, check_prot, priv)
 	option_error("unable to drop privileges to open %s: %m", filename);
 	return 0;
     }
-    f = fopen(filename, "r");
+    f = fopen(filename, "re");
     err = errno;
     if (check_prot && seteuid(euid) == -1)
 	fatal("unable to regain privileges");
diff --git a/pppd/sys-linux.c b/pppd/sys-linux.c
index 72a7727..8a12fa0 100644
--- a/pppd/sys-linux.c
+++ b/pppd/sys-linux.c
@@ -1412,7 +1412,7 @@ static char *path_to_procfs(const char *tail)
 	/* Default the mount location of /proc */
 	strlcpy (proc_path, "/proc", sizeof(proc_path));
 	proc_path_len = 5;
-	fp = fopen(MOUNTED, "r");
+	fp = fopen(MOUNTED, "re");
 	if (fp != NULL) {
 	    while ((mntent = getmntent(fp)) != NULL) {
 		if (strcmp(mntent->mnt_type, MNTTYPE_IGNORE) == 0)
@@ -1472,7 +1472,7 @@ static int open_route_table (void)
     close_route_table();
 
     path = path_to_procfs("/net/route");
-    route_fd = fopen (path, "r");
+    route_fd = fopen (path, "re");
     if (route_fd == NULL) {
 	error("can't open routing table %s: %m", path);
 	return 0;
-- 
1.8.3.1
Commit	Line	Data
172c1f72 MT	1	From 82cd789df0f022eb6f3d28646e7a61d1d0715805 Mon Sep 17 00:00:00 2001
	2	From: Michal Sekletar <msekleta@redhat.com>
	3	Date: Mon, 7 Apr 2014 12:23:36 +0200
	4	Subject: [PATCH 12/25] pppd: we don't want to accidentally leak fds
	5
	6	---
	7	pppd/auth.c \| 20 ++++++++++----------
	8	pppd/options.c \| 2 +-
	9	pppd/sys-linux.c \| 4 ++--
	10	3 files changed, 13 insertions(+), 13 deletions(-)
	11
	12	diff --git a/pppd/auth.c b/pppd/auth.c
	13	index 4271af6..9e957fa 100644
	14	--- a/pppd/auth.c
	15	+++ b/pppd/auth.c
	16	@@ -428,7 +428,7 @@ setupapfile(argv)
	17	option_error("unable to reset uid before opening %s: %m", fname);
	18	return 0;
	19	}
	20	- ufile = fopen(fname, "r");
	21	+ ufile = fopen(fname, "re");
	22	if (seteuid(euid) == -1)
	23	fatal("unable to regain privileges: %m");
	24	if (ufile == NULL) {
	25	@@ -1413,7 +1413,7 @@ check_passwd(unit, auser, userlen, apasswd, passwdlen, msg)
	26	filename = _PATH_UPAPFILE;
	27	addrs = opts = NULL;
	28	ret = UPAP_AUTHNAK;
	29	- f = fopen(filename, "r");
	30	+ f = fopen(filename, "re");
	31	if (f == NULL) {
	32	error("Can't open PAP password file %s: %m", filename);
	33
	34	@@ -1512,7 +1512,7 @@ null_login(unit)
	35	if (ret <= 0) {
	36	filename = _PATH_UPAPFILE;
	37	addrs = NULL;
	38	- f = fopen(filename, "r");
	39	+ f = fopen(filename, "re");
	40	if (f == NULL)
	41	return 0;
	42	check_access(f, filename);
	43	@@ -1559,7 +1559,7 @@ get_pap_passwd(passwd)
	44	}
	45
	46	filename = _PATH_UPAPFILE;
	47	- f = fopen(filename, "r");
	48	+ f = fopen(filename, "re");
	49	if (f == NULL)
	50	return 0;
	51	check_access(f, filename);
	52	@@ -1597,7 +1597,7 @@ have_pap_secret(lacks_ipp)
	53	}
	54
	55	filename = _PATH_UPAPFILE;
	56	- f = fopen(filename, "r");
	57	+ f = fopen(filename, "re");
	58	if (f == NULL)
	59	return 0;
	60
	61	@@ -1642,7 +1642,7 @@ have_chap_secret(client, server, need_ip, lacks_ipp)
	62	}
	63
	64	filename = _PATH_CHAPFILE;
65	- f = fopen(filename, "r");
66	+ f = fopen(filename, "re");
67	if (f == NULL)
68	return 0;
69
70	@@ -1684,7 +1684,7 @@ have_srp_secret(client, server, need_ip, lacks_ipp)
71	struct wordlist *addrs;
72
73	filename = _PATH_SRPFILE;
74	- f = fopen(filename, "r");
75	+ f = fopen(filename, "re");
76	if (f == NULL)
77	return 0;
78
79	@@ -1740,7 +1740,7 @@ get_secret(unit, client, server, secret, secret_len, am_server)
80	addrs = NULL;
81	secbuf[0] = 0;
82
83	- f = fopen(filename, "r");
84	+ f = fopen(filename, "re");
85	if (f == NULL) {
86	error("Can't open chap secret file %s: %m", filename);
87	return 0;
88	@@ -1797,7 +1797,7 @@ get_srp_secret(unit, client, server, secret, am_server)
89	filename = _PATH_SRPFILE;
90	addrs = NULL;
91
92	- fp = fopen(filename, "r");
93	+ fp = fopen(filename, "re");
94	if (fp == NULL) {
95	error("Can't open srp secret file %s: %m", filename);
96	return 0;
97	@@ -2203,7 +2203,7 @@ scan_authfile(f, client, server, secret, addrs, opts, filename, flags)
98	*/
99	if (word[0] == '@' && word[1] == '/') {
100	strlcpy(atfile, word+1, sizeof(atfile));
101	- if ((sf = fopen(atfile, "r")) == NULL) {
102	+ if ((sf = fopen(atfile, "re")) == NULL) {
103	warn("can't open indirect secret file %s", atfile);
104	continue;
105	}
106	diff --git a/pppd/options.c b/pppd/options.c
107	index 45fa742..1d754ae 100644
108	--- a/pppd/options.c
109	+++ b/pppd/options.c
110	@@ -427,7 +427,7 @@ options_from_file(filename, must_exist, check_prot, priv)
111	option_error("unable to drop privileges to open %s: %m", filename);
112	return 0;
113	}
114	- f = fopen(filename, "r");
115	+ f = fopen(filename, "re");
116	err = errno;
117	if (check_prot && seteuid(euid) == -1)
118	fatal("unable to regain privileges");
119	diff --git a/pppd/sys-linux.c b/pppd/sys-linux.c
120	index 72a7727..8a12fa0 100644
121	--- a/pppd/sys-linux.c
122	+++ b/pppd/sys-linux.c
123	@@ -1412,7 +1412,7 @@ static char path_to_procfs(const char tail)
124	/* Default the mount location of /proc */
125	strlcpy (proc_path, "/proc", sizeof(proc_path));
126	proc_path_len = 5;
127	- fp = fopen(MOUNTED, "r");
128	+ fp = fopen(MOUNTED, "re");
129	if (fp != NULL) {
130	while ((mntent = getmntent(fp)) != NULL) {
131	if (strcmp(mntent->mnt_type, MNTTYPE_IGNORE) == 0)
132	@@ -1472,7 +1472,7 @@ static int open_route_table (void)
133	close_route_table();
134
135	path = path_to_procfs("/net/route");
136	- route_fd = fopen (path, "r");
137	+ route_fd = fopen (path, "re");
138	if (route_fd == NULL) {
139	error("can't open routing table %s: %m", path);
140	return 0;
141	--
142	1.8.3.1
143