diff options
author | Junio C Hamano <gitster@pobox.com> | 2013-07-22 11:23:35 -0700 |
---|---|---|
committer | Junio C Hamano <gitster@pobox.com> | 2013-07-22 11:23:35 -0700 |
commit | cb29dfde484e459e4329281151b05ef1c5ad462c (patch) | |
tree | 7d99f8e0d925b8369757793d6a9f65d27691a4a5 | |
parent | 5701c3d701d3932d853ffb9f75ee8745fae21209 (diff) | |
parent | a11c39646c14600d588ca55fcfe3c244b66047c7 (diff) | |
download | git-cb29dfde484e459e4329281151b05ef1c5ad462c.tar.gz |
Merge branch 'tr/protect-low-3-fds'
When "git" is spawned in such a way that any of the low 3 file
descriptors is closed, our first open() may yield file descriptor 2,
and writing error message to it would screw things up in a big way.
* tr/protect-low-3-fds:
git: ensure 0/1/2 are open in main()
daemon/shell: refactor redirection of 0/1/2 from /dev/null
-rw-r--r-- | cache.h | 2 | ||||
-rw-r--r-- | daemon.c | 12 | ||||
-rw-r--r-- | git.c | 7 | ||||
-rw-r--r-- | setup.c | 12 | ||||
-rw-r--r-- | shell.c | 12 |
5 files changed, 24 insertions, 21 deletions
@@ -425,6 +425,8 @@ extern int path_inside_repo(const char *prefix, const char *path); extern int set_git_dir_init(const char *git_dir, const char *real_git_dir, int); extern int init_db(const char *template_dir, unsigned int flags); +extern void sanitize_stdfds(void); + #define alloc_nr(x) (((x)+16)*3/2) /* @@ -1047,18 +1047,6 @@ static int service_loop(struct socketlist *socklist) } } -/* if any standard file descriptor is missing open it to /dev/null */ -static void sanitize_stdfds(void) -{ - int fd = open("/dev/null", O_RDWR, 0); - while (fd != -1 && fd < 2) - fd = dup(fd); - if (fd == -1) - die_errno("open /dev/null or dup failed"); - if (fd > 2) - close(fd); -} - #ifdef NO_POSIX_GOODIES struct credentials; @@ -525,6 +525,13 @@ int main(int argc, char **av) if (!cmd) cmd = "git-help"; + /* + * Always open file descriptors 0/1/2 to avoid clobbering files + * in die(). It also avoids messing up when the pipes are dup'ed + * onto stdin/stdout/stderr in the child processes we spawn. + */ + sanitize_stdfds(); + git_setup_gettext(); /* @@ -908,3 +908,15 @@ const char *resolve_gitdir(const char *suspect) return suspect; return read_gitfile(suspect); } + +/* if any standard file descriptor is missing open it to /dev/null */ +void sanitize_stdfds(void) +{ + int fd = open("/dev/null", O_RDWR, 0); + while (fd != -1 && fd < 2) + fd = dup(fd); + if (fd == -1) + die_errno("open /dev/null or dup failed"); + if (fd > 2) + close(fd); +} @@ -147,7 +147,6 @@ int main(int argc, char **argv) char *prog; const char **user_argv; struct commands *cmd; - int devnull_fd; int count; git_setup_gettext(); @@ -156,15 +155,10 @@ int main(int argc, char **argv) /* * Always open file descriptors 0/1/2 to avoid clobbering files - * in die(). It also avoids not messing up when the pipes are - * dup'ed onto stdin/stdout/stderr in the child processes we spawn. + * in die(). It also avoids messing up when the pipes are dup'ed + * onto stdin/stdout/stderr in the child processes we spawn. */ - devnull_fd = open("/dev/null", O_RDWR); - while (devnull_fd >= 0 && devnull_fd <= 2) - devnull_fd = dup(devnull_fd); - if (devnull_fd == -1) - die_errno("opening /dev/null failed"); - close (devnull_fd); + sanitize_stdfds(); /* * Special hack to pretend to be a CVS server |