Bug 47705 - Using O_CLOEXEC

7 files changed, 117 insertions, 7 deletions

diff --git a/src/Makefile.am b/src/Makefile.am
index 617713f..dba4206 100644
--- a/src/Makefile.am
+++ b/src/Makefile.am
@@ -131,6 +131,7 @@ libfontconfig_la_SOURCES = \
 	fccache.c \
 	fccfg.c \
 	fccharset.c \
+	fccompat.c \
 	fcdbg.c \
 	fcdefault.c \
 	fcdir.c \
diff --git a/src/fcatomic.c b/src/fcatomic.c
index cb5b7a5..c1daed9 100644
--- a/src/fcatomic.c
+++ b/src/fcatomic.c
@@ -50,7 +50,6 @@
 #include "fcint.h"
 #include <sys/types.h>
 #include <sys/stat.h>
-#include <fcntl.h>
 #include <unistd.h>
 #include <stdlib.h>
 #include <time.h>
@@ -109,7 +108,7 @@ FcAtomicLock (FcAtomic *atomic)
 
     strcpy ((char *) atomic->tmp, (char *) atomic->file);
     strcat ((char *) atomic->tmp, TMP_NAME);
-    fd = mkstemp ((char *) atomic->tmp);
+    fd = FcMakeTempfile ((char *) atomic->tmp);
     if (fd < 0)
 	return FcFalse;
     f = fdopen (fd, "w");
diff --git a/src/fccache.c b/src/fccache.c
index 2f1104f..9a108a1 100644
--- a/src/fccache.c
+++ b/src/fccache.c
@@ -156,7 +156,7 @@ FcDirCacheOpenFile (const FcChar8 *cache_file, struct stat *file_stat)
     if (FcStat (cache_file, file_stat) < 0)
         return -1;
 #endif
-    fd = open((char *) cache_file, O_RDONLY | O_BINARY);
+    fd = FcOpen((char *) cache_file, O_RDONLY | O_BINARY);
     if (fd < 0)
 	return fd;
 #ifndef _WIN32
@@ -977,7 +977,7 @@ FcDirCacheWrite (FcCache *cache, FcConfig *config)
     if (!FcAtomicLock (atomic))
 	goto bail3;
 
-    fd = open((char *)FcAtomicNewFile (atomic), O_RDWR | O_CREAT | O_BINARY, 0666);
+    fd = FcOpen((char *)FcAtomicNewFile (atomic), O_RDWR | O_CREAT | O_BINARY, 0666);
     if (fd == -1)
 	goto bail4;
 
@@ -1455,7 +1455,7 @@ FcDirCacheCreateTagFile (const FcChar8 *cache_dir)
 	    goto bail1;
 	if (!FcAtomicLock (atomic))
 	    goto bail2;
-	fd = open((char *)FcAtomicNewFile (atomic), O_RDWR | O_CREAT, 0644);
+	fd = FcOpen((char *)FcAtomicNewFile (atomic), O_RDWR | O_CREAT, 0644);
 	if (fd == -1)
 	    goto bail3;
 	fp = fdopen(fd, "wb");
diff --git a/src/fccompat.c b/src/fccompat.c
new file mode 100644
index 0000000..b976007
--- /dev/null
+++ b/src/fccompat.c
@@ -0,0 +1,103 @@
+/*
+ * fontconfig/src/fccompat.c
+ *
+ * Copyright © 2012 Red Hat, Inc.
+ *
+ * Author(s):
+ *  Akira TAGOH
+ *
+ * Permission to use, copy, modify, distribute, and sell this software and its
+ * documentation for any purpose is hereby granted without fee, provided that
+ * the above copyright notice appear in all copies and that both that
+ * copyright notice and this permission notice appear in supporting
+ * documentation, and that the name of the author(s) not be used in
+ * advertising or publicity pertaining to distribution of the software without
+ * specific, written prior permission.  The authors make no
+ * representations about the suitability of this software for any purpose.  It
+ * is provided "as is" without express or implied warranty.
+ *
+ * THE AUTHOR(S) DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE,
+ * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO
+ * EVENT SHALL THE AUTHOR(S) BE LIABLE FOR ANY SPECIAL, INDIRECT OR
+ * CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE,
+ * DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER
+ * TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
+#include "fcint.h"
+
+#if HAVE_FCNTL_H
+#include <fcntl.h>
+#endif
+#include <stdarg.h>
+#include <stdlib.h>
+
+#ifdef O_CLOEXEC
+#define FC_O_CLOEXEC O_CLOEXEC
+#else
+#define FC_O_CLOEXEC 0
+#endif
+#ifdef O_LARGEFILE
+#define FC_O_LARGEFILE O_LARGEFILE
+#else
+#define FC_O_LARGEFILE 0
+#endif
+
+int
+FcOpen(const char *pathname, int flags, ...)
+{
+    int fd = -1;
+
+    if (flags & O_CREAT)
+    {
+	va_list ap;
+	mode_t mode;
+
+	va_start(ap, flags);
+	mode = (mode_t) va_arg(ap, int);
+	va_end(ap);
+
+	fd = open(pathname, flags | FC_O_CLOEXEC | FC_O_LARGEFILE, mode);
+    }
+    else
+    {
+	fd = open(pathname, flags | FC_O_CLOEXEC | FC_O_LARGEFILE);
+    }
+
+    return fd;
+}
+
+int
+FcMakeTempfile (char *template)
+{
+    int fd = -1;
+
+#if HAVE_MKOSTEMP
+    fd = mkostemp (template, FC_O_CLOEXEC);
+#elif HAVE_MKSTEMP
+    fd = mkstemp (template);
+#  ifdef F_DUPFD_CLOEXEC
+    if (fd != -1)
+    {
+	int newfd = fcntl(fd, F_DUPFD_CLOEXEC);
+
+	close(fd);
+	fd = newfd;
+    }
+#  elif defined(FD_CLOEXEC)
+    if (fd != -1)
+    {
+	fcntl(fd, F_SETFD, fcntl(fd, F_GETFD) | FD_CLOEXEC);
+    }
+#  endif
+#else
+#error no secure functions to create a temporary file
+#endif
+
+    return fd;
+}
diff --git a/src/fcint.h b/src/fcint.h
index 38bd9bb..3883bc9 100644
--- a/src/fcint.h
+++ b/src/fcint.h
@@ -717,6 +717,13 @@ FcCharSetSerialize(FcSerialize *serialize, const FcCharSet *cs);
 FcPrivate FcChar16 *
 FcCharSetGetNumbers(const FcCharSet *c);
 
+/* fccompat.c */
+FcPrivate int
+FcOpen(const char *pathname, int flags, ...);
+
+FcPrivate int
+FcMakeTempfile (char *template);
+
 /* fcdbg.c */
 
 FcPrivate void
diff --git a/src/fcstat.c b/src/fcstat.c
index 9763c21..390f45c 100644
--- a/src/fcstat.c
+++ b/src/fcstat.c
@@ -336,7 +336,7 @@ FcIsFsMmapSafe (int fd)
 FcBool
 FcIsFsMtimeBroken (const FcChar8 *dir)
 {
-    int fd = open ((const char *) dir, O_RDONLY);
+    int fd = FcOpen ((const char *) dir, O_RDONLY);
 
     if (fd != -1)
     {
diff --git a/src/fcxml.c b/src/fcxml.c
index b234e43..2a0d088 100644
--- a/src/fcxml.c
+++ b/src/fcxml.c
@@ -2979,7 +2979,7 @@ FcConfigParseAndLoad (FcConfig	    *config,
     if (FcDebug () & FC_DBG_CONFIG)
 	printf ("\tLoading config file %s\n", filename);
 
-    fd = open ((char *) filename, O_RDONLY);
+    fd = FcOpen ((char *) filename, O_RDONLY);
     if (fd == -1) {
 	FcStrFree (filename);
 	goto bail0;