summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJunio C Hamano <gitster@pobox.com>2013-07-22 11:23:35 -0700
committerJunio C Hamano <gitster@pobox.com>2013-07-22 11:23:35 -0700
commitcb29dfde484e459e4329281151b05ef1c5ad462c (patch)
tree7d99f8e0d925b8369757793d6a9f65d27691a4a5
parent5701c3d701d3932d853ffb9f75ee8745fae21209 (diff)
parenta11c39646c14600d588ca55fcfe3c244b66047c7 (diff)
downloadgit-cb29dfde484e459e4329281151b05ef1c5ad462c.tar.gz
Merge branch 'tr/protect-low-3-fds'
When "git" is spawned in such a way that any of the low 3 file descriptors is closed, our first open() may yield file descriptor 2, and writing error message to it would screw things up in a big way. * tr/protect-low-3-fds: git: ensure 0/1/2 are open in main() daemon/shell: refactor redirection of 0/1/2 from /dev/null
-rw-r--r--cache.h2
-rw-r--r--daemon.c12
-rw-r--r--git.c7
-rw-r--r--setup.c12
-rw-r--r--shell.c12
5 files changed, 24 insertions, 21 deletions
diff --git a/cache.h b/cache.h
index 2d06169155..b89409bbf2 100644
--- a/cache.h
+++ b/cache.h
@@ -425,6 +425,8 @@ extern int path_inside_repo(const char *prefix, const char *path);
extern int set_git_dir_init(const char *git_dir, const char *real_git_dir, int);
extern int init_db(const char *template_dir, unsigned int flags);
+extern void sanitize_stdfds(void);
+
#define alloc_nr(x) (((x)+16)*3/2)
/*
diff --git a/daemon.c b/daemon.c
index 6aeddcb98d..973ec38faf 100644
--- a/daemon.c
+++ b/daemon.c
@@ -1047,18 +1047,6 @@ static int service_loop(struct socketlist *socklist)
}
}
-/* if any standard file descriptor is missing open it to /dev/null */
-static void sanitize_stdfds(void)
-{
- int fd = open("/dev/null", O_RDWR, 0);
- while (fd != -1 && fd < 2)
- fd = dup(fd);
- if (fd == -1)
- die_errno("open /dev/null or dup failed");
- if (fd > 2)
- close(fd);
-}
-
#ifdef NO_POSIX_GOODIES
struct credentials;
diff --git a/git.c b/git.c
index 4359086fd6..6104d5eefc 100644
--- a/git.c
+++ b/git.c
@@ -525,6 +525,13 @@ int main(int argc, char **av)
if (!cmd)
cmd = "git-help";
+ /*
+ * Always open file descriptors 0/1/2 to avoid clobbering files
+ * in die(). It also avoids messing up when the pipes are dup'ed
+ * onto stdin/stdout/stderr in the child processes we spawn.
+ */
+ sanitize_stdfds();
+
git_setup_gettext();
/*
diff --git a/setup.c b/setup.c
index 94c1e61bda..88aab94f15 100644
--- a/setup.c
+++ b/setup.c
@@ -908,3 +908,15 @@ const char *resolve_gitdir(const char *suspect)
return suspect;
return read_gitfile(suspect);
}
+
+/* if any standard file descriptor is missing open it to /dev/null */
+void sanitize_stdfds(void)
+{
+ int fd = open("/dev/null", O_RDWR, 0);
+ while (fd != -1 && fd < 2)
+ fd = dup(fd);
+ if (fd == -1)
+ die_errno("open /dev/null or dup failed");
+ if (fd > 2)
+ close(fd);
+}
diff --git a/shell.c b/shell.c
index 1429870a8f..66350b220c 100644
--- a/shell.c
+++ b/shell.c
@@ -147,7 +147,6 @@ int main(int argc, char **argv)
char *prog;
const char **user_argv;
struct commands *cmd;
- int devnull_fd;
int count;
git_setup_gettext();
@@ -156,15 +155,10 @@ int main(int argc, char **argv)
/*
* Always open file descriptors 0/1/2 to avoid clobbering files
- * in die(). It also avoids not messing up when the pipes are
- * dup'ed onto stdin/stdout/stderr in the child processes we spawn.
+ * in die(). It also avoids messing up when the pipes are dup'ed
+ * onto stdin/stdout/stderr in the child processes we spawn.
*/
- devnull_fd = open("/dev/null", O_RDWR);
- while (devnull_fd >= 0 && devnull_fd <= 2)
- devnull_fd = dup(devnull_fd);
- if (devnull_fd == -1)
- die_errno("opening /dev/null failed");
- close (devnull_fd);
+ sanitize_stdfds();
/*
* Special hack to pretend to be a CVS server