]> git.ipfire.org Git - people/pmueller/ipfire-2.x.git/blob - src/patches/ppp/0013-everywhere-O_CLOEXEC-harder.patch
projects / people / pmueller / ipfire-2.x.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
ppp: Update to 2.4.8
[people/pmueller/ipfire-2.x.git] / src / patches / ppp / 0013-everywhere-O_CLOEXEC-harder.patch
1 From 302c1b736cb656c7885a0cba270fd953a672d8a8 Mon Sep 17 00:00:00 2001
2 From: Michal Sekletar <msekleta@redhat.com>
3 Date: Mon, 7 Apr 2014 13:56:34 +0200
4 Subject: [PATCH 13/25] everywhere: O_CLOEXEC harder
5
6 ---
7 pppd/eap.c | 2 +-
8 pppd/main.c | 4 ++--
9 pppd/options.c | 4 ++--
10 pppd/sys-linux.c | 22 +++++++++++-----------
11 pppd/tdb.c | 4 ++--
12 pppd/tty.c | 4 ++--
13 pppd/utils.c | 6 +++---
14 7 files changed, 23 insertions(+), 23 deletions(-)
15
16 diff --git a/pppd/eap.c b/pppd/eap.c
17 index 6ea6c1f..faced53 100644
18 --- a/pppd/eap.c
19 +++ b/pppd/eap.c
20 @@ -1226,7 +1226,7 @@ mode_t modebits;
21
22 if ((path = name_of_pn_file()) == NULL)
23 return (-1);
24 - fd = open(path, modebits, S_IRUSR | S_IWUSR);
25 + fd = open(path, modebits, S_IRUSR | S_IWUSR | O_CLOEXEC);
26 err = errno;
27 free(path);
28 errno = err;
29 diff --git a/pppd/main.c b/pppd/main.c
30 index 6d50d1b..4880377 100644
31 --- a/pppd/main.c
32 +++ b/pppd/main.c
33 @@ -420,7 +420,7 @@ main(argc, argv)
34 die(0);
35
36 /* Make sure fds 0, 1, 2 are open to somewhere. */
37 - fd_devnull = open(_PATH_DEVNULL, O_RDWR);
38 + fd_devnull = open(_PATH_DEVNULL, O_RDWR | O_CLOEXEC);
39 if (fd_devnull < 0)
40 fatal("Couldn't open %s: %m", _PATH_DEVNULL);
41 while (fd_devnull <= 2) {
42 @@ -1679,7 +1679,7 @@ device_script(program, in, out, dont_wait)
43 if (log_to_fd >= 0)
44 errfd = log_to_fd;
45 else
46 - errfd = open(_PATH_CONNERRS, O_WRONLY | O_APPEND | O_CREAT, 0600);
47 + errfd = open(_PATH_CONNERRS, O_WRONLY | O_APPEND | O_CREAT | O_CLOEXEC, 0600);
48
49 ++conn_running;
50 pid = safe_fork(in, out, errfd);
51 diff --git a/pppd/options.c b/pppd/options.c
52 index 1d754ae..8e62635 100644
53 --- a/pppd/options.c
54 +++ b/pppd/options.c
55 @@ -1544,9 +1544,9 @@ setlogfile(argv)
56 option_error("unable to drop permissions to open %s: %m", *argv);
57 return 0;
58 }
59 - fd = open(*argv, O_WRONLY | O_APPEND | O_CREAT | O_EXCL, 0644);
60 + fd = open(*argv, O_WRONLY | O_APPEND | O_CREAT | O_EXCL | O_CLOEXEC, 0644);
61 if (fd < 0 && errno == EEXIST)
62 - fd = open(*argv, O_WRONLY | O_APPEND);
63 + fd = open(*argv, O_WRONLY | O_APPEND | O_CLOEXEC);
64 err = errno;
65 if (!privileged_option && seteuid(euid) == -1)
66 fatal("unable to regain privileges: %m");
67 diff --git a/pppd/sys-linux.c b/pppd/sys-linux.c
68 index 8a12fa0..00a2cf5 100644
69 --- a/pppd/sys-linux.c
70 +++ b/pppd/sys-linux.c
71 @@ -459,7 +459,7 @@ int generic_establish_ppp (int fd)
72 goto err;
73 }
74 dbglog("using channel %d", chindex);
75 - fd = open("/dev/ppp", O_RDWR);
76 + fd = open("/dev/ppp", O_RDWR | O_CLOEXEC);
77 if (fd < 0) {
78 error("Couldn't reopen /dev/ppp: %m");
79 goto err;
80 @@ -619,7 +619,7 @@ static int make_ppp_unit()
81 dbglog("in make_ppp_unit, already had /dev/ppp open?");
82 close(ppp_dev_fd);
83 }
84 - ppp_dev_fd = open("/dev/ppp", O_RDWR);
85 + ppp_dev_fd = open("/dev/ppp", O_RDWR | O_CLOEXEC);
86 if (ppp_dev_fd < 0)
87 fatal("Couldn't open /dev/ppp: %m");
88 flags = fcntl(ppp_dev_fd, F_GETFL);
89 @@ -693,7 +693,7 @@ int bundle_attach(int ifnum)
90 if (!new_style_driver)
91 return -1;
92
93 - master_fd = open("/dev/ppp", O_RDWR);
94 + master_fd = open("/dev/ppp", O_RDWR | O_CLOEXEC);
95 if (master_fd < 0)
96 fatal("Couldn't open /dev/ppp: %m");
97 if (ioctl(master_fd, PPPIOCATTACH, &ifnum) < 0) {
98 @@ -1715,7 +1715,7 @@ int sifproxyarp (int unit, u_int32_t his_adr)
99 if (tune_kernel) {
100 forw_path = path_to_procfs("/sys/net/ipv4/ip_forward");
101 if (forw_path != 0) {
102 - int fd = open(forw_path, O_WRONLY);
103 + int fd = open(forw_path, O_WRONLY | O_CLOEXEC);
104 if (fd >= 0) {
105 if (write(fd, "1", 1) != 1)
106 error("Couldn't enable IP forwarding: %m");
107 @@ -2030,7 +2030,7 @@ int ppp_available(void)
108 sscanf(utsname.release, "%d.%d.%d", &osmaj, &osmin, &ospatch);
109 kernel_version = KVERSION(osmaj, osmin, ospatch);
110
111 - fd = open("/dev/ppp", O_RDWR);
112 + fd = open("/dev/ppp", O_RDWR | O_CLOEXEC);
113 if (fd >= 0) {
114 new_style_driver = 1;
115
116 @@ -2208,7 +2208,7 @@ void logwtmp (const char *line, const char *name, const char *host)
117 #if __GLIBC__ >= 2
118 updwtmp(_PATH_WTMP, &ut);
119 #else
120 - wtmp = open(_PATH_WTMP, O_APPEND|O_WRONLY);
121 + wtmp = open(_PATH_WTMP, O_APPEND|O_WRONLY|O_CLOEXEC);
122 if (wtmp >= 0) {
123 flock(wtmp, LOCK_EX);
124
125 @@ -2394,7 +2394,7 @@ int sifaddr (int unit, u_int32_t our_adr, u_int32_t his_adr,
126 int fd;
127
128 path = path_to_procfs("/sys/net/ipv4/ip_dynaddr");
129 - if (path != 0 && (fd = open(path, O_WRONLY)) >= 0) {
130 + if (path != 0 && (fd = open(path, O_WRONLY | O_CLOEXEC)) >= 0) {
131 if (write(fd, "1", 1) != 1)
132 error("Couldn't enable dynamic IP addressing: %m");
133 close(fd);
134 @@ -2570,7 +2570,7 @@ get_pty(master_fdp, slave_fdp, slave_name, uid)
135 /*
136 * Try the unix98 way first.
137 */
138 - mfd = open("/dev/ptmx", O_RDWR);
139 + mfd = open("/dev/ptmx", O_RDWR | O_CLOEXEC);
140 if (mfd >= 0) {
141 int ptn;
142 if (ioctl(mfd, TIOCGPTN, &ptn) >= 0) {
143 @@ -2851,7 +2851,8 @@
144 if (ioctl(mfd, TIOCSPTLCK, &ptn) < 0)
145 warn("Couldn't unlock pty slave %s: %m", pty_name);
146 #endif
147 - if ((sfd = open(pty_name, O_RDWR | O_NOCTTY)) < 0)
148 +
149 + if ((sfd = open(pty_name, O_RDWR | O_NOCTTY | O_CLOEXEC)) < 0)
150 {
151 warn("Couldn't open pty slave %s: %m", pty_name);
152 close(mfd);
153 @@ -2865,10 +2866,10 @@
154 for (i = 0; i < 64; ++i) {
155 slprintf(pty_name, sizeof(pty_name), "/dev/pty%c%x",
156 'p' + i / 16, i % 16);
157 - mfd = open(pty_name, O_RDWR, 0);
158 + mfd = open(pty_name, O_RDWR | O_CLOEXEC, 0);
159 if (mfd >= 0) {
160 pty_name[5] = 't';
161 - sfd = open(pty_name, O_RDWR | O_NOCTTY, 0);
162 + sfd = open(pty_name, O_RDWR | O_NOCTTY | O_CLOEXEC, 0);
163 if (sfd >= 0) {
164 fchown(sfd, uid, -1);
165 fchmod(sfd, S_IRUSR | S_IWUSR);
166 diff --git a/pppd/tdb.c b/pppd/tdb.c
167 index bdc5828..c7ab71c 100644
168 --- a/pppd/tdb.c
169 +++ b/pppd/tdb.c
170 @@ -1724,7 +1724,7 @@ TDB_CONTEXT *tdb_open_ex(const char *name, int hash_size, int tdb_flags,
171 goto internal;
172 }
173
174 - if ((tdb->fd = open(name, open_flags, mode)) == -1) {
175 + if ((tdb->fd = open(name, open_flags | O_CLOEXEC, mode)) == -1) {
176 TDB_LOG((tdb, 5, "tdb_open_ex: could not open file %s: %s\n",
177 name, strerror(errno)));
178 goto fail; /* errno set by open(2) */
179 @@ -1967,7 +1967,7 @@ int tdb_reopen(TDB_CONTEXT *tdb)
180 }
181 if (close(tdb->fd) != 0)
182 TDB_LOG((tdb, 0, "tdb_reopen: WARNING closing tdb->fd failed!\n"));
183 - tdb->fd = open(tdb->name, tdb->open_flags & ~(O_CREAT|O_TRUNC), 0);
184 + tdb->fd = open(tdb->name, (tdb->open_flags & ~(O_CREAT|O_TRUNC)) | O_CLOEXEC, 0);
185 if (tdb->fd == -1) {
186 TDB_LOG((tdb, 0, "tdb_reopen: open failed (%s)\n", strerror(errno)));
187 goto fail;
188 diff --git a/pppd/tty.c b/pppd/tty.c
189 index d571b11..bc96695 100644
190 --- a/pppd/tty.c
191 +++ b/pppd/tty.c
192 @@ -569,7 +569,7 @@ int connect_tty()
193 status = EXIT_OPEN_FAILED;
194 goto errret;
195 }
196 - real_ttyfd = open(devnam, O_NONBLOCK | O_RDWR, 0);
197 + real_ttyfd = open(devnam, O_NONBLOCK | O_RDWR | O_CLOEXEC, 0);
198 err = errno;
199 if (prio < OPRIO_ROOT && seteuid(0) == -1)
200 fatal("Unable to regain privileges");
201 @@ -723,7 +723,7 @@ int connect_tty()
202 if (connector == NULL && modem && devnam[0] != 0) {
203 int i;
204 for (;;) {
205 - if ((i = open(devnam, O_RDWR)) >= 0)
206 + if ((i = open(devnam, O_RDWR | O_CLOEXEC)) >= 0)
207 break;
208 if (errno != EINTR) {
209 error("Failed to reopen %s: %m", devnam);
210 diff --git a/pppd/utils.c b/pppd/utils.c
211 index 29bf970..6051b9a 100644
212 --- a/pppd/utils.c
213 +++ b/pppd/utils.c
214 @@ -918,14 +918,14 @@ lock(dev)
215 slprintf(lock_file, sizeof(lock_file), "%s/LCK..%s", LOCK_DIR, dev);
216 #endif
217
218 - while ((fd = open(lock_file, O_EXCL | O_CREAT | O_RDWR, 0644)) < 0) {
219 + while ((fd = open(lock_file, O_EXCL | O_CREAT | O_RDWR | O_CLOEXEC, 0644)) < 0) {
220 if (errno != EEXIST) {
221 error("Can't create lock file %s: %m", lock_file);
222 break;
223 }
224
225 /* Read the lock file to find out who has the device locked. */
226 - fd = open(lock_file, O_RDONLY, 0);
227 + fd = open(lock_file, O_RDONLY | O_CLOEXEC, 0);
228 if (fd < 0) {
229 if (errno == ENOENT) /* This is just a timing problem. */
230 continue;
231 @@ -1004,7 +1004,7 @@ relock(pid)
232
233 if (lock_file[0] == 0)
234 return -1;
235 - fd = open(lock_file, O_WRONLY, 0);
236 + fd = open(lock_file, O_WRONLY | O_CLOEXEC, 0);
237 if (fd < 0) {
238 error("Couldn't reopen lock file %s: %m", lock_file);
239 lock_file[0] = 0;
240 --
241 1.8.3.1
242
Peter's tree of IPFire 2.x