util: add new safe_close_above_stdio() wrapper

At various places we only want to close fds if they are not
stdin/stdout/stderr, i.e. fds 0, 1, 2. Let's add a unified helper call
for that, and port everything over.

diff --git a/coccinelle/close-above-stdio.cocci b/coccinelle/close-above-stdio.cocci
new file mode 100644 (file)
index 0000000..44b3b1c
--- /dev/null
+++ b/coccinelle/close-above-stdio.cocci
@@ -0,0 +1,36 @@
+@@
+expression fd;
+@@
+- if (fd > 2)
+- safe_close(fd);
++ safe_close_above_stdio(fd);
+@@
+expression fd;
+@@
+- if (fd > 2)
+- fd = safe_close(fd);
++ fd = safe_close_above_stdio(fd);
+@@
+expression fd;
+@@
+- if (fd >= 3)
+- safe_close(fd);
++ safe_close_above_stdio(fd);
+@@
+expression fd;
+@@
+- if (fd >= 3)
+- fd = safe_close(fd);
++ fd = safe_close_above_stdio(fd);
+@@
+expression fd;
+@@
+- if (fd > STDERR_FILENO)
+- safe_close(fd);
++ safe_close_above_stdio(fd);
+@@
+expression fd;
+@@
+- if (fd > STDERR_FILENO)
+- fd = safe_close(fd);
++ fd = safe_close_above_stdio(fd);

diff --git a/src/basic/fd-util.h b/src/basic/fd-util.h
index 284856ae6defa0c403d94738ca6094dd3f992cdb..4e8d9bc40a1e76ffbe979729b6c8c38e0feef8cd 100644 (file)
--- a/src/basic/fd-util.h
+++ b/src/basic/fd-util.h
@@ -35,6 +35,13 @@ int close_nointr(int fd);
 int safe_close(int fd);
 void safe_close_pair(int p[]);
 
+static inline int safe_close_above_stdio(int fd) {
+        if (fd < 3) /* Don't close stdin/stdout/stderr, but still invalidate the fd by returning -1 */
+                return -1;
+
+        return safe_close(fd);
+}
+
 void close_many(const int fds[], unsigned n_fd);
 
 int fclose_nointr(FILE *f);

diff --git a/src/basic/log.c b/src/basic/log.c
index 72b60da6c68febf9675fb52773c83c51af7340bb..7a7f2cbec13ec654120b191a30a98780e209a3f7 100644 (file)
--- a/src/basic/log.c
+++ b/src/basic/log.c
@@ -94,14 +94,7 @@ static char *log_abort_msg = NULL;
         } while (false)
 
 static void log_close_console(void) {
-
-        if (console_fd < 0)
-                return;
-
-        if (console_fd >= 3)
-                safe_close(console_fd);
-
-        console_fd = -1;
+        console_fd = safe_close_above_stdio(console_fd);
 }
 
 static int log_open_console(void) {

diff --git a/src/basic/process-util.c b/src/basic/process-util.c
index aa41b3b686e5e9ea84d082f8dae62d8d6a62dafc..66a7557fba3be71d9199fd768cba706bf2afec67 100644 (file)
--- a/src/basic/process-util.c
+++ b/src/basic/process-util.c
@@ -1428,8 +1428,7 @@ int fork_agent(const char *name, const int except[], unsigned n_except, pid_t *r
                         _exit(EXIT_FAILURE);
                 }
 
-                if (fd > STDERR_FILENO)
-                        close(fd);
+                safe_close_above_stdio(fd);
         }
 
         /* Count arguments */

diff --git a/src/basic/terminal-util.c b/src/basic/terminal-util.c
index cddbb461bdc0f4deb4b36b23d5c814f698f13ffa..cdad4cb621341e009826569a64f342ffc347d4a9 100644 (file)
--- a/src/basic/terminal-util.c
+++ b/src/basic/terminal-util.c
@@ -917,8 +917,7 @@ int make_stdio(int fd) {
         if (dup2(fd, STDERR_FILENO) < 0 && r >= 0)
                 r = -errno;
 
-        if (fd >= 3)
-                safe_close(fd);
+        safe_close_above_stdio(fd);
 
         /* Explicitly unset O_CLOEXEC, since if fd was < 3, then dup2() was a NOP and the bit hence possibly set. */
         stdio_unset_cloexec();

diff --git a/src/journal/cat.c b/src/journal/cat.c
index b2f9ed50108a9f0f52f7e48a62104bfa3032e89b..c87a149a4c9ba45063db5fc72a0a8f8c33afe3eb 100644 (file)
--- a/src/journal/cat.c
+++ b/src/journal/cat.c
@@ -141,9 +141,7 @@ int main(int argc, char *argv[]) {
                 goto finish;
         }
 
-        if (fd >= 3)
-                safe_close(fd);
-        fd = -1;
+        fd = safe_close_above_stdio(fd);
 
         if (argc <= optind)
                 (void) execl("/bin/cat", "/bin/cat", NULL);

diff --git a/src/nspawn/nspawn-setuid.c b/src/nspawn/nspawn-setuid.c
index 8f2359ad91273cab43014ffb90a7e90384c89ba9..c4ad172512296eb6449da65adcb558d4ac86c106 100644 (file)
--- a/src/nspawn/nspawn-setuid.c
+++ b/src/nspawn/nspawn-setuid.c
@@ -57,10 +57,8 @@ static int spawn_getent(const char *database, const char *key, pid_t *rpid) {
                 if (dup3(pipe_fds[1], STDOUT_FILENO, 0) < 0)
                         _exit(EXIT_FAILURE);
 
-                if (pipe_fds[0] > 2)
-                        safe_close(pipe_fds[0]);
-                if (pipe_fds[1] > 2)
-                        safe_close(pipe_fds[1]);
+                safe_close_above_stdio(pipe_fds[0]);
+                safe_close_above_stdio(pipe_fds[1]);
 
                 nullfd = open("/dev/null", O_RDWR);
                 if (nullfd < 0)
@@ -72,8 +70,7 @@ static int spawn_getent(const char *database, const char *key, pid_t *rpid) {
                 if (dup3(nullfd, STDERR_FILENO, 0) < 0)
                         _exit(EXIT_FAILURE);
 
-                if (nullfd > 2)
-                        safe_close(nullfd);
+                safe_close_above_stdio(nullfd);
 
                 close_all_fds(NULL, 0);