Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12:Update
dhcp.1901
0011-dhcp-4.2.6-close-on-exec.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File 0011-dhcp-4.2.6-close-on-exec.patch of Package dhcp.1901
From 0ae45af28ebda5770465f84ac0f69f28ed6b7b07 Mon Sep 17 00:00:00 2001 From: Marius Tomaschewski <mt@suse.de> Date: Thu, 18 Aug 2011 14:09:06 +0200 Subject: [PATCH] dhcp-4.2.6-close-on-exec --- client/clparse.c | 4 ++-- client/dhclient.c | 10 +++++----- common/bpf.c | 2 +- common/discover.c | 4 ++-- common/dlpi.c | 2 +- common/nit.c | 2 +- common/resolv.c | 2 +- common/upf.c | 2 +- dst/dst_api.c | 8 ++++---- dst/prandom.c | 4 ++-- omapip/trace.c | 6 +++--- relay/dhcrelay.c | 5 +++-- server/confpars.c | 2 +- server/db.c | 6 +++--- server/dhcpd.c | 4 ++-- server/ldap.c | 2 +- 16 files changed, 33 insertions(+), 32 deletions(-) diff --git a/client/clparse.c b/client/clparse.c index 646229f..3e9f9b1 100644 --- a/client/clparse.c +++ b/client/clparse.c @@ -221,7 +221,7 @@ int read_client_conf_file (const char *name, struct interface_info *ip, int token; isc_result_t status; - if ((file = open (name, O_RDONLY)) < 0) + if ((file = open (name, O_RDONLY | O_CLOEXEC)) < 0) return uerr2isc (errno); cfile = NULL; @@ -258,7 +258,7 @@ void read_client_leases () /* Open the lease file. If we can't open it, just return - we can safely trust the server to remember our state. */ - if ((file = open (path_dhclient_db, O_RDONLY)) < 0) + if ((file = open (path_dhclient_db, O_RDONLY | O_CLOEXEC)) < 0) return; cfile = NULL; diff --git a/client/dhclient.c b/client/dhclient.c index 19a527b..dbc6f38 100644 --- a/client/dhclient.c +++ b/client/dhclient.c @@ -422,7 +422,7 @@ main(int argc, char **argv) { long temp; int e; - if ((pidfd = fopen(path_dhclient_pid, "r")) != NULL) { + if ((pidfd = fopen(path_dhclient_pid, "re")) != NULL) { e = fscanf(pidfd, "%ld\n", &temp); oldpid = (pid_t)temp; @@ -2728,7 +2728,7 @@ void rewrite_client_leases () if (leaseFile != NULL) fclose (leaseFile); - leaseFile = fopen (path_dhclient_db, "w"); + leaseFile = fopen (path_dhclient_db, "we"); if (leaseFile == NULL) { log_error ("can't create %s: %m", path_dhclient_db); return; @@ -2849,7 +2849,7 @@ write_duid(struct data_string *duid) return DHCP_R_INVALIDARG; if (leaseFile == NULL) { /* XXX? */ - leaseFile = fopen(path_dhclient_db, "w"); + leaseFile = fopen(path_dhclient_db, "we"); if (leaseFile == NULL) { log_error("can't create %s: %m", path_dhclient_db); return ISC_R_IOERROR; @@ -2897,7 +2897,7 @@ write_client6_lease(struct client_state *client, struct dhc6_lease *lease, return DHCP_R_INVALIDARG; if (leaseFile == NULL) { /* XXX? */ - leaseFile = fopen(path_dhclient_db, "w"); + leaseFile = fopen(path_dhclient_db, "we"); if (leaseFile == NULL) { log_error("can't create %s: %m", path_dhclient_db); return ISC_R_IOERROR; @@ -3029,7 +3029,7 @@ int write_client_lease (client, lease, rewrite, makesure) return 1; if (leaseFile == NULL) { /* XXX */ - leaseFile = fopen (path_dhclient_db, "w"); + leaseFile = fopen (path_dhclient_db, "we"); if (leaseFile == NULL) { log_error ("can't create %s: %m", path_dhclient_db); return 0; diff --git a/common/bpf.c b/common/bpf.c index 559b414..076d9bc 100644 --- a/common/bpf.c +++ b/common/bpf.c @@ -94,7 +94,7 @@ int if_register_bpf (info) for (b = 0; 1; b++) { /* %Audit% 31 bytes max. %2004.06.17,Safe% */ sprintf(filename, BPF_FORMAT, b); - sock = open (filename, O_RDWR, 0); + sock = open (filename, O_RDWR | O_CLOEXEC, 0); if (sock < 0) { if (errno == EBUSY) { continue; diff --git a/common/discover.c b/common/discover.c index 4b40a70..6a0540b 100644 --- a/common/discover.c +++ b/common/discover.c @@ -412,7 +412,7 @@ begin_iface_scan(struct iface_conf_list *ifaces) { int len; int i; - ifaces->fp = fopen("/proc/net/dev", "r"); + ifaces->fp = fopen("/proc/net/dev", "re"); if (ifaces->fp == NULL) { log_error("Error opening '/proc/net/dev' to list interfaces"); return 0; @@ -447,7 +447,7 @@ begin_iface_scan(struct iface_conf_list *ifaces) { #ifdef DHCPv6 if (local_family == AF_INET6) { - ifaces->fp6 = fopen("/proc/net/if_inet6", "r"); + ifaces->fp6 = fopen("/proc/net/if_inet6", "re"); if (ifaces->fp6 == NULL) { log_error("Error opening '/proc/net/if_inet6' to " "list IPv6 interfaces; %m"); diff --git a/common/dlpi.c b/common/dlpi.c index 14e95d2..efaba3a 100644 --- a/common/dlpi.c +++ b/common/dlpi.c @@ -804,7 +804,7 @@ dlpiopen(const char *ifname) { } *dp = '\0'; - return open (devname, O_RDWR, 0); + return open (devname, O_RDWR | O_CLOEXEC, 0); } /* diff --git a/common/nit.c b/common/nit.c index 3fdef1d..dc62081 100644 --- a/common/nit.c +++ b/common/nit.c @@ -75,7 +75,7 @@ int if_register_nit (info) struct strioctl sio; /* Open a NIT device */ - sock = open ("/dev/nit", O_RDWR); + sock = open ("/dev/nit", O_RDWR | O_CLOEXEC); if (sock < 0) log_fatal ("Can't open NIT device for %s: %m", info -> name); diff --git a/common/resolv.c b/common/resolv.c index 526cebf..2ac8d43 100644 --- a/common/resolv.c +++ b/common/resolv.c @@ -44,7 +44,7 @@ void read_resolv_conf (parse_time) struct domain_search_list *dp, *dl, *nd; isc_result_t status; - if ((file = open (path_resolv_conf, O_RDONLY)) < 0) { + if ((file = open (path_resolv_conf, O_RDONLY | O_CLOEXEC)) < 0) { log_error ("Can't open %s: %m", path_resolv_conf); return; } diff --git a/common/upf.c b/common/upf.c index 6a02077..e5cafcf 100644 --- a/common/upf.c +++ b/common/upf.c @@ -71,7 +71,7 @@ int if_register_upf (info) /* %Audit% Cannot exceed 36 bytes. %2004.06.17,Safe% */ sprintf(filename, "/dev/pf/pfilt%d", b); - sock = open (filename, O_RDWR, 0); + sock = open (filename, O_RDWR | O_CLOEXEC, 0); if (sock < 0) { if (errno == EBUSY) { continue; diff --git a/dst/dst_api.c b/dst/dst_api.c index 3993b1e..aadcc1f 100644 --- a/dst/dst_api.c +++ b/dst/dst_api.c @@ -437,7 +437,7 @@ dst_s_write_private_key(const DST_KEY *key) PRIVATE_KEY, PATH_MAX); /* Do not overwrite an existing file */ - if ((fp = dst_s_fopen(file, "w", 0600)) != NULL) { + if ((fp = dst_s_fopen(file, "we", 0600)) != NULL) { int nn; if ((nn = fwrite(encoded_block, 1, len, fp)) != len) { EREPORT(("dst_write_private_key(): Write failure on %s %d != %d errno=%d\n", @@ -495,7 +495,7 @@ dst_s_read_public_key(const char *in_name, const unsigned in_id, int in_alg) * flags, proto, alg stored as decimal (or hex numbers FIXME). * (FIXME: handle parentheses for line continuation.) */ - if ((fp = dst_s_fopen(name, "r", 0)) == NULL) { + if ((fp = dst_s_fopen(name, "re", 0)) == NULL) { EREPORT(("dst_read_public_key(): Public Key not found %s\n", name)); return (NULL); @@ -621,7 +621,7 @@ dst_s_write_public_key(const DST_KEY *key) return (0); } /* create public key file */ - if ((fp = dst_s_fopen(filename, "w+", 0644)) == NULL) { + if ((fp = dst_s_fopen(filename, "w+e", 0644)) == NULL) { EREPORT(("DST_write_public_key: open of file:%s failed (errno=%d)\n", filename, errno)); return (0); @@ -855,7 +855,7 @@ dst_s_read_private_key_file(char *name, DST_KEY *pk_key, unsigned in_id, return (0); } /* first check if we can find the key file */ - if ((fp = dst_s_fopen(filename, "r", 0)) == NULL) { + if ((fp = dst_s_fopen(filename, "re", 0)) == NULL) { EREPORT(("dst_s_read_private_key_file: Could not open file %s in directory %s\n", filename, dst_path[0] ? dst_path : (char *) getcwd(NULL, PATH_MAX - 1))); diff --git a/dst/prandom.c b/dst/prandom.c index d207993..775cb23 100644 --- a/dst/prandom.c +++ b/dst/prandom.c @@ -270,7 +270,7 @@ get_dev_random(u_char *output, unsigned size) s = stat("/dev/random", &st); if (s == 0 && S_ISCHR(st.st_mode)) { - if ((fd = open("/dev/random", O_RDONLY | O_NONBLOCK)) != -1) { + if ((fd = open("/dev/random", O_RDONLY | O_NONBLOCK | O_CLOEXEC)) != -1) { if ((n = read(fd, output, size)) < 0) n = 0; close(fd); @@ -480,7 +480,7 @@ digest_file(dst_work *work) work->file_digest = dst_free_key(work->file_digest); return (0); } - if ((fp = fopen(name, "r")) == NULL) + if ((fp = fopen(name, "re")) == NULL) return (0); for (no = 0; (i = fread(buf, sizeof(*buf), sizeof(buf), fp)) > 0; no += i) diff --git a/omapip/trace.c b/omapip/trace.c index 23e4e50..846b42b 100644 --- a/omapip/trace.c +++ b/omapip/trace.c @@ -138,10 +138,10 @@ isc_result_t trace_begin (const char *filename, return DHCP_R_INVALIDARG; } - traceoutfile = open (filename, O_CREAT | O_WRONLY | O_EXCL, 0600); + traceoutfile = open (filename, O_CREAT | O_WRONLY | O_EXCL | O_CLOEXEC, 0600); if (traceoutfile < 0 && errno == EEXIST) { log_error ("WARNING: Overwriting trace file \"%s\"", filename); - traceoutfile = open (filename, O_WRONLY | O_EXCL | O_TRUNC, + traceoutfile = open (filename, O_WRONLY | O_EXCL | O_TRUNC | O_CLOEXEC, 0600); } @@ -429,7 +429,7 @@ void trace_file_replay (const char *filename) isc_result_t result; int len; - traceinfile = fopen (filename, "r"); + traceinfile = fopen (filename, "re"); if (!traceinfile) { log_error("Can't open tracefile %s: %m", filename); return; diff --git a/relay/dhcrelay.c b/relay/dhcrelay.c index 6f42927..4ef6737 100644 --- a/relay/dhcrelay.c +++ b/relay/dhcrelay.c @@ -539,13 +539,14 @@ main(int argc, char **argv) { if (no_pid_file == ISC_FALSE) { pfdesc = open(path_dhcrelay_pid, - O_CREAT | O_TRUNC | O_WRONLY, 0644); + O_CREAT | O_TRUNC | O_WRONLY | + O_CLOEXEC, 0644); if (pfdesc < 0) { log_error("Can't create %s: %m", path_dhcrelay_pid); } else { - pf = fdopen(pfdesc, "w"); + pf = fdopen(pfdesc, "we"); if (!pf) log_error("Can't fdopen %s: %m", path_dhcrelay_pid); diff --git a/server/confpars.c b/server/confpars.c index 684f9c1..3b5a840 100644 --- a/server/confpars.c +++ b/server/confpars.c @@ -110,7 +110,7 @@ isc_result_t read_conf_file (const char *filename, struct group *group, } #endif - if ((file = open (filename, O_RDONLY)) < 0) { + if ((file = open (filename, O_RDONLY | O_CLOEXEC)) < 0) { if (leasep) { log_error ("Can't open lease database %s: %m --", path_dhcpd_db); diff --git a/server/db.c b/server/db.c index c2630ea..59e96dd 100644 --- a/server/db.c +++ b/server/db.c @@ -1050,7 +1050,7 @@ void db_startup (testp) } #endif if (!testp) { - db_file = fopen (path_dhcpd_db, "a"); + db_file = fopen (path_dhcpd_db, "ae"); if (!db_file) log_fatal ("Can't open %s for append.", path_dhcpd_db); expire_all_pools (); @@ -1089,7 +1089,7 @@ int new_lease_file () db_validity = lease_file_is_corrupt; snprintf (newfname, sizeof(newfname), "%s.XXXXXX", path_dhcpd_db); - db_fd = mkstemp (newfname); + db_fd = mkostemp (newfname, O_CLOEXEC); if (db_fd < 0) { log_error ("Can't create new lease file: %m"); return 0; @@ -1098,7 +1098,7 @@ int new_lease_file () log_error ("Can't fchmod new lease file: %m"); goto fail; } - if ((new_db_file = fdopen(db_fd, "w")) == NULL) { + if ((new_db_file = fdopen(db_fd, "we")) == NULL) { log_error("Can't fdopen new lease file: %m"); close(db_fd); goto fdfail; diff --git a/server/dhcpd.c b/server/dhcpd.c index b4c1bef..41a9efe 100644 --- a/server/dhcpd.c +++ b/server/dhcpd.c @@ -805,7 +805,7 @@ main(int argc, char **argv) { */ if (no_pid_file == ISC_FALSE) { /*Read previous pid file. */ - if ((i = open (path_dhcpd_pid, O_RDONLY)) >= 0) { + if ((i = open (path_dhcpd_pid, O_RDONLY | O_CLOEXEC)) >= 0) { status = read(i, pbuf, (sizeof pbuf) - 1); close (i); if (status > 0) { @@ -824,7 +824,7 @@ main(int argc, char **argv) { } /* Write new pid file. */ - i = open(path_dhcpd_pid, O_WRONLY|O_CREAT|O_TRUNC, 0644); + i = open(path_dhcpd_pid, O_WRONLY|O_CREAT|O_TRUNC|O_CLOEXEC, 0644); if (i >= 0) { sprintf(pbuf, "%d\n", (int) getpid()); IGNORE_RET (write(i, pbuf, strlen(pbuf))); diff --git a/server/ldap.c b/server/ldap.c index 6e7f508..d1cde27 100644 --- a/server/ldap.c +++ b/server/ldap.c @@ -1252,7 +1252,7 @@ ldap_start (void) if (ldap_debug_file != NULL && ldap_debug_fd == -1) { - if ((ldap_debug_fd = open (ldap_debug_file, O_CREAT | O_TRUNC | O_WRONLY, + if ((ldap_debug_fd = open (ldap_debug_file, O_CREAT | O_TRUNC | O_WRONLY | O_CLOEXEC, S_IRUSR | S_IWUSR)) < 0) log_error ("Error opening debug LDAP log file %s: %s", ldap_debug_file, strerror (errno)); -- 1.8.4
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor