diff options
| author | Eric Blake <ebb9@byu.net> | 2009-09-01 12:25:01 -0600 |
|---|---|---|
| committer | Eric Blake <ebb9@byu.net> | 2009-09-02 20:33:22 -0600 |
| commit | fc333501ca97880108c8ff17e33d9dd7d5e28ed4 (patch) | |
| tree | 07c376828675d6e9d737cf1e5bbc1e4345eb23e6 | |
| parent | 02fd4eb4561842dee666b709fbbb1632c4357d2d (diff) | |
| download | gnulib-fc333501ca97880108c8ff17e33d9dd7d5e28ed4.tar.gz | |
backupfile, chdir-long, fts, savedir: make safer
* lib/backupfile.c (includes): Use "dirent--.h", since
numbered_backup can write to stderr during readdir.
* lib/savedir.c (includes): Likewise.
* lib/chdir-long.c (includes): Use "fcntl--.h", since openat
emulation can write to stderr on failure.
* lib/fts.c (includes) [!_LIBC]: Likewise for opendir and openat.
* lib/getcwd.c: Document why opendir_safer is unused.
* lib/glob.c: Likewise.
* lib/scandir.c: Likewise.
* lib/openat-proc.c: Likewise, for open_safer.
* modules/backupfile (Depends-on): Add dirent-safer.
* modules/savedir (Depends-on): Likewise.
* modules/fts (Depends-on): Add dirent-safer and openat-safer.
* modules/chdir-long (Depends-on): Add openat-safer.
Signed-off-by: Eric Blake <ebb9@byu.net>
| -rw-r--r-- | ChangeLog | 16 | ||||
| -rw-r--r-- | lib/backupfile.c | 9 | ||||
| -rw-r--r-- | lib/chdir-long.c | 5 | ||||
| -rw-r--r-- | lib/fts.c | 2 | ||||
| -rw-r--r-- | lib/getcwd.c | 8 | ||||
| -rw-r--r-- | lib/glob.c | 7 | ||||
| -rw-r--r-- | lib/openat-proc.c | 7 | ||||
| -rw-r--r-- | lib/savedir.c | 7 | ||||
| -rw-r--r-- | lib/scandir.c | 8 | ||||
| -rw-r--r-- | modules/backupfile | 1 | ||||
| -rw-r--r-- | modules/chdir-long | 2 | ||||
| -rw-r--r-- | modules/fts | 3 | ||||
| -rw-r--r-- | modules/savedir | 1 |
13 files changed, 51 insertions, 25 deletions
@@ -1,5 +1,21 @@ 2009-09-02 Eric Blake <ebb9@byu.net> + backupfile, chdir-long, fts, savedir: make safer + * lib/backupfile.c (includes): Use "dirent--.h", since + numbered_backup can write to stderr during readdir. + * lib/savedir.c (includes): Likewise. + * lib/chdir-long.c (includes): Use "fcntl--.h", since openat + emulation can write to stderr on failure. + * lib/fts.c (includes) [!_LIBC]: Likewise for opendir and openat. + * lib/getcwd.c: Document why opendir_safer is unused. + * lib/glob.c: Likewise. + * lib/scandir.c: Likewise. + * lib/openat-proc.c: Likewise, for open_safer. + * modules/backupfile (Depends-on): Add dirent-safer. + * modules/savedir (Depends-on): Likewise. + * modules/fts (Depends-on): Add dirent-safer and openat-safer. + * modules/chdir-long (Depends-on): Add openat-safer. + openat-safer: new module * modules/openat-safer: New file. * lib/openat-safer.c: Likewise. diff --git a/lib/backupfile.c b/lib/backupfile.c index 1420edd8cd..f6cf73779b 100644 --- a/lib/backupfile.c +++ b/lib/backupfile.c @@ -1,7 +1,7 @@ /* backupfile.c -- make Emacs style backup file names Copyright (C) 1990, 1991, 1992, 1993, 1994, 1995, 1996, 1997, 1998, - 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006 Free Software + 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2009 Free Software Foundation, Inc. This program is free software: you can redistribute it and/or modify @@ -37,7 +37,7 @@ #include <unistd.h> -#include <dirent.h> +#include "dirent--.h" #ifndef _D_EXACT_NAMLEN # define _D_EXACT_NAMLEN(dp) strlen ((dp)->d_name) #endif @@ -80,11 +80,6 @@ of `digit' even when the host does not conform to POSIX. */ #define ISDIGIT(c) ((unsigned int) (c) - '0' <= 9) -/* The results of opendir() in this file are not used with dirfd and fchdir, - therefore save some unnecessary work in fchdir.c. */ -#undef opendir -#undef closedir - /* The extension added to file names to produce a simple (as opposed to numbered) backup file name. */ char const *simple_backup_suffix = "~"; diff --git a/lib/chdir-long.c b/lib/chdir-long.c index 291b58c289..ba47d59973 100644 --- a/lib/chdir-long.c +++ b/lib/chdir-long.c @@ -1,5 +1,5 @@ /* provide a chdir function that tries not to fail due to ENAMETOOLONG - Copyright (C) 2004, 2005, 2006, 2007, 2008 Free Software Foundation, Inc. + Copyright (C) 2004-2009 Free Software Foundation, Inc. This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -20,7 +20,6 @@ #include "chdir-long.h" -#include <fcntl.h> #include <stdlib.h> #include <stdbool.h> #include <string.h> @@ -28,7 +27,7 @@ #include <stdio.h> #include <assert.h> -#include "openat.h" +#include "fcntl--.h" #ifndef PATH_MAX # error "compile this file only if your system defines PATH_MAX" @@ -69,7 +69,7 @@ static char sccsid[] = "@(#)fts.c 8.6 (Berkeley) 8/14/94"; #if ! _LIBC # include "fcntl--.h" -# include "openat.h" +# include "dirent--.h" # include "unistd--.h" # include "same-inode.h" #endif diff --git a/lib/getcwd.c b/lib/getcwd.c index b9e57d31a9..2da1aeef28 100644 --- a/lib/getcwd.c +++ b/lib/getcwd.c @@ -1,4 +1,4 @@ -/* Copyright (C) 1991-1999, 2004-2008 Free Software Foundation, Inc. +/* Copyright (C) 1991-1999, 2004-2009 Free Software Foundation, Inc. This file is part of the GNU C Library. This program is free software: you can redistribute it and/or modify @@ -103,7 +103,11 @@ #endif /* The results of opendir() in this file are not used with dirfd and fchdir, - therefore save some unnecessary recursion in fchdir.c. */ + and we do not leak fds to any single-threaded code that could use stdio, + therefore save some unnecessary recursion in fchdir.c. + FIXME - if the kernel ever adds support for multi-thread safety for + avoiding standard fds, then we should use opendir_safer and + openat_safer. */ #undef opendir #undef closedir diff --git a/lib/glob.c b/lib/glob.c index 40cc9b3de5..42cd39bd4f 100644 --- a/lib/glob.c +++ b/lib/glob.c @@ -1,4 +1,4 @@ -/* Copyright (C) 1991-2002, 2003, 2004, 2005, 2006, 2007, 2008 +/* Copyright (C) 1991-2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, Inc. This file is part of the GNU C Library. @@ -186,7 +186,10 @@ static const char *next_brace_sub (const char *begin, int flags) __THROW; #ifndef _LIBC /* The results of opendir() in this file are not used with dirfd and fchdir, - therefore save some unnecessary work in fchdir.c. */ + and we do not leak fds to any single-threaded code that could use stdio, + therefore save some unnecessary recursion in fchdir.c and opendir_safer.c. + FIXME - if the kernel ever adds support for multi-thread safety for + avoiding standard fds, then we should use opendir_safer. */ # undef opendir # undef closedir diff --git a/lib/openat-proc.c b/lib/openat-proc.c index e84dc454fb..8057033e86 100644 --- a/lib/openat-proc.c +++ b/lib/openat-proc.c @@ -1,6 +1,6 @@ /* Create /proc/self/fd-related names for subfiles of open directories. - Copyright (C) 2006 Free Software Foundation, Inc. + Copyright (C) 2006, 2009 Free Software Foundation, Inc. This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -34,7 +34,10 @@ #include "xalloc.h" /* The results of open() in this file are not used with fchdir, - therefore save some unnecessary work in fchdir.c. */ + and we do not leak fds to any single-threaded code that could use stdio, + therefore save some unnecessary work in fchdir.c. + FIXME - if the kernel ever adds support for multi-thread safety for + avoiding standard fds, then we should use open_safer. */ #undef open #undef close diff --git a/lib/savedir.c b/lib/savedir.c index 8400145ad8..5e69d386f3 100644 --- a/lib/savedir.c +++ b/lib/savedir.c @@ -26,7 +26,7 @@ #include <errno.h> -#include <dirent.h> +#include "dirent--.h" #ifndef _D_EXACT_NAMLEN # define _D_EXACT_NAMLEN(dp) strlen ((dp)->d_name) #endif @@ -41,11 +41,6 @@ # define NAME_SIZE_DEFAULT 512 #endif -/* The results of opendir() in this file are not used with dirfd and fchdir, - therefore save some unnecessary work in fchdir.c. */ -#undef opendir -#undef closedir - /* Return a freshly allocated string containing the file names in directory DIRP, separated by '\0' characters; the end is marked by two '\0' characters in a row. diff --git a/lib/scandir.c b/lib/scandir.c index 8b34070e86..54a74d5e04 100644 --- a/lib/scandir.c +++ b/lib/scandir.c @@ -45,6 +45,14 @@ # define __opendir opendir # define __closedir closedir # define __set_errno(val) errno = (val) + +/* The results of opendir() in this file are not used with dirfd and fchdir, + and we do not leak fds to any single-threaded code that could use stdio, + therefore save some unnecessary recursion in fchdir.c and opendir_safer.c. + FIXME - if the kernel ever adds support for multi-thread safety for + avoiding standard fds, then we should use opendir_safer. */ +# undef opendir +# undef closedir #endif #ifndef SCANDIR_CANCEL diff --git a/modules/backupfile b/modules/backupfile index 3f8ccfdf12..aaf20f3b1d 100644 --- a/modules/backupfile +++ b/modules/backupfile @@ -11,6 +11,7 @@ m4/backupfile.m4 Depends-on: argmatch d-ino +dirent-safer dirname memcmp stdbool diff --git a/modules/chdir-long b/modules/chdir-long index 4025b45afc..cdcb9eb70e 100644 --- a/modules/chdir-long +++ b/modules/chdir-long @@ -10,7 +10,7 @@ Depends-on: atexit fchdir fcntl-h -openat +openat-safer memchr mempcpy memrchr diff --git a/modules/fts b/modules/fts index 38b22567bb..f80a827db5 100644 --- a/modules/fts +++ b/modules/fts @@ -11,6 +11,7 @@ Depends-on: cycle-check d-ino d-type +dirent-safer dirfd fchdir fcntl-h @@ -19,7 +20,7 @@ hash i-ring lstat memmove -openat +openat-safer stdbool unistd-safer diff --git a/modules/savedir b/modules/savedir index 4171b802c1..6699095e21 100644 --- a/modules/savedir +++ b/modules/savedir @@ -7,6 +7,7 @@ lib/savedir.c m4/savedir.m4 Depends-on: +dirent-safer fdopendir xalloc |