From: Michael Tremer <michael.tremer@ipfire.org>
Date: Thu, 4 Aug 2022 15:41:04 +0000 (+0000)
Subject: jail: Close the original fds for stdin/stdout after copying
X-Git-Tag: 0.9.28~585
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=195fe45587dd604a7f03644a74c1643203a73969;p=pakfire.git

jail: Close the original fds for stdin/stdout after copying

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
---

diff --git a/src/libpakfire/jail.c b/src/libpakfire/jail.c
index 2d1778d31..078bb7f56 100644
--- a/src/libpakfire/jail.c
+++ b/src/libpakfire/jail.c
@@ -482,6 +482,22 @@ static int pakfire_jail_handle_log(struct pakfire_jail* jail,
 	return 0;
 }
 
+static int pakfire_jail_setup_pipe(struct pakfire_jail* jail, int (*fds)[2], const int flags) {
+	int r = pipe2(*fds, flags);
+	if (r < 0) {
+		ERROR(jail->pakfire, "Could not setup pipe: %m\n");
+		return 1;
+	}
+
+	return 0;
+}
+
+static void pakfire_jail_close_pipe(struct pakfire_jail* jail, int fds[2]) {
+	for (unsigned int i = 0; i < 2; i++)
+		if (fds[i])
+			close(fds[i]);
+}
+
 /*
 	This is a convenience function to fetch the reading end of a pipe and
 	closes the write end.
@@ -1157,9 +1173,9 @@ static int pakfire_jail_child(struct pakfire_jail* jail, struct pakfire_jail_exe
 			return 1;
 		}
 
-		// Close the reading sides of the pipe
-		close(ctx->pipes.stdout[0]);
-		close(ctx->pipes.stderr[0]);
+		// Close the pipe (as we have moved the original file descriptors)
+		pakfire_jail_close_pipe(jail, ctx->pipes.stdout);
+		pakfire_jail_close_pipe(jail, ctx->pipes.stderr);
 	}
 
 	// Reset open file limit (http://0pointer.net/blog/file-descriptor-limits.html)
@@ -1196,22 +1212,6 @@ static int pakfire_jail_child(struct pakfire_jail* jail, struct pakfire_jail_exe
 	return r;
 }
 
-static int pakfire_jail_setup_pipe(struct pakfire_jail* jail, int (*fds)[2], const int flags) {
-	int r = pipe2(*fds, flags);
-	if (r < 0) {
-		ERROR(jail->pakfire, "Could not setup pipe: %m\n");
-		return 1;
-	}
-
-	return 0;
-}
-
-static void pakfire_jail_close_pipe(struct pakfire_jail* jail, int fds[2]) {
-	for (unsigned int i = 0; i < 2; i++)
-		if (fds[i])
-			close(fds[i]);
-}
-
 // Run a command in the jail
 static int __pakfire_jail_exec(struct pakfire_jail* jail, const char* argv[]) {
 	int exit = -1;