1 |
vip-ire |
1.1 |
diff -up ppp-2.4.4/pppd/auth.c.fd_leak ppp-2.4.4/pppd/auth.c |
2 |
|
|
--- ppp-2.4.4/pppd/auth.c.fd_leak 2006-06-18 13:26:00.000000000 +0200 |
3 |
|
|
+++ ppp-2.4.4/pppd/auth.c 2009-10-08 21:22:59.789547513 +0200 |
4 |
|
|
@@ -428,7 +428,7 @@ setupapfile(argv) |
5 |
|
|
option_error("unable to reset uid before opening %s: %m", fname); |
6 |
|
|
return 0; |
7 |
|
|
} |
8 |
|
|
- ufile = fopen(fname, "r"); |
9 |
|
|
+ ufile = fopen_r(fname); |
10 |
|
|
if (seteuid(euid) == -1) |
11 |
|
|
fatal("unable to regain privileges: %m"); |
12 |
|
|
if (ufile == NULL) { |
13 |
|
|
@@ -1414,7 +1414,7 @@ check_passwd(unit, auser, userlen, apass |
14 |
|
|
filename = _PATH_UPAPFILE; |
15 |
|
|
addrs = opts = NULL; |
16 |
|
|
ret = UPAP_AUTHNAK; |
17 |
|
|
- f = fopen(filename, "r"); |
18 |
|
|
+ f = fopen_r(filename); |
19 |
|
|
if (f == NULL) { |
20 |
|
|
error("Can't open PAP password file %s: %m", filename); |
21 |
|
|
|
22 |
|
|
@@ -1511,7 +1511,7 @@ null_login(unit) |
23 |
|
|
if (ret <= 0) { |
24 |
|
|
filename = _PATH_UPAPFILE; |
25 |
|
|
addrs = NULL; |
26 |
|
|
- f = fopen(filename, "r"); |
27 |
|
|
+ f = fopen_r(filename); |
28 |
|
|
if (f == NULL) |
29 |
|
|
return 0; |
30 |
|
|
check_access(f, filename); |
31 |
|
|
@@ -1558,7 +1558,7 @@ get_pap_passwd(passwd) |
32 |
|
|
} |
33 |
|
|
|
34 |
|
|
filename = _PATH_UPAPFILE; |
35 |
|
|
- f = fopen(filename, "r"); |
36 |
|
|
+ f = fopen_r(filename); |
37 |
|
|
if (f == NULL) |
38 |
|
|
return 0; |
39 |
|
|
check_access(f, filename); |
40 |
|
|
@@ -1596,7 +1596,7 @@ have_pap_secret(lacks_ipp) |
41 |
|
|
} |
42 |
|
|
|
43 |
|
|
filename = _PATH_UPAPFILE; |
44 |
|
|
- f = fopen(filename, "r"); |
45 |
|
|
+ f = fopen_r(filename); |
46 |
|
|
if (f == NULL) |
47 |
|
|
return 0; |
48 |
|
|
|
49 |
|
|
@@ -1641,7 +1641,7 @@ have_chap_secret(client, server, need_ip |
50 |
|
|
} |
51 |
|
|
|
52 |
|
|
filename = _PATH_CHAPFILE; |
53 |
|
|
- f = fopen(filename, "r"); |
54 |
|
|
+ f = fopen_r(filename); |
55 |
|
|
if (f == NULL) |
56 |
|
|
return 0; |
57 |
|
|
|
58 |
|
|
@@ -1683,7 +1683,7 @@ have_srp_secret(client, server, need_ip, |
59 |
|
|
struct wordlist *addrs; |
60 |
|
|
|
61 |
|
|
filename = _PATH_SRPFILE; |
62 |
|
|
- f = fopen(filename, "r"); |
63 |
|
|
+ f = fopen_r(filename); |
64 |
|
|
if (f == NULL) |
65 |
|
|
return 0; |
66 |
|
|
|
67 |
|
|
@@ -1739,7 +1739,7 @@ get_secret(unit, client, server, secret, |
68 |
|
|
addrs = NULL; |
69 |
|
|
secbuf[0] = 0; |
70 |
|
|
|
71 |
|
|
- f = fopen(filename, "r"); |
72 |
|
|
+ f = fopen_r(filename); |
73 |
|
|
if (f == NULL) { |
74 |
|
|
error("Can't open chap secret file %s: %m", filename); |
75 |
|
|
return 0; |
76 |
|
|
@@ -1796,7 +1796,7 @@ get_srp_secret(unit, client, server, sec |
77 |
|
|
filename = _PATH_SRPFILE; |
78 |
|
|
addrs = NULL; |
79 |
|
|
|
80 |
|
|
- fp = fopen(filename, "r"); |
81 |
|
|
+ fp = fopen_r(filename); |
82 |
|
|
if (fp == NULL) { |
83 |
|
|
error("Can't open srp secret file %s: %m", filename); |
84 |
|
|
return 0; |
85 |
|
|
@@ -2202,7 +2202,7 @@ scan_authfile(f, client, server, secret, |
86 |
|
|
*/ |
87 |
|
|
if (word[0] == '@' && word[1] == '/') { |
88 |
|
|
strlcpy(atfile, word+1, sizeof(atfile)); |
89 |
|
|
- if ((sf = fopen(atfile, "r")) == NULL) { |
90 |
|
|
+ if ((sf = fopen_r(atfile)) == NULL) { |
91 |
|
|
warn("can't open indirect secret file %s", atfile); |
92 |
|
|
continue; |
93 |
|
|
} |
94 |
|
|
diff -up ppp-2.4.4/pppd/eap.c.fd_leak ppp-2.4.4/pppd/eap.c |
95 |
|
|
--- ppp-2.4.4/pppd/eap.c.fd_leak 2004-11-09 23:39:25.000000000 +0100 |
96 |
|
|
+++ ppp-2.4.4/pppd/eap.c 2009-10-08 21:22:59.791544181 +0200 |
97 |
|
|
@@ -1226,7 +1226,7 @@ mode_t modebits; |
98 |
|
|
|
99 |
|
|
if ((path = name_of_pn_file()) == NULL) |
100 |
|
|
return (-1); |
101 |
|
|
- fd = open(path, modebits, S_IRUSR | S_IWUSR); |
102 |
|
|
+ fd = open_fd(path, modebits, S_IRUSR | S_IWUSR); |
103 |
|
|
err = errno; |
104 |
|
|
free(path); |
105 |
|
|
errno = err; |
106 |
|
|
diff -up ppp-2.4.4/pppd/main.c.fd_leak ppp-2.4.4/pppd/main.c |
107 |
|
|
--- ppp-2.4.4/pppd/main.c.fd_leak 2009-10-08 21:22:59.769544859 +0200 |
108 |
|
|
+++ ppp-2.4.4/pppd/main.c 2009-10-08 21:30:32.356546561 +0200 |
109 |
|
|
@@ -201,6 +201,8 @@ int ngroups; /* How many groups valid |
110 |
|
|
|
111 |
|
|
static struct timeval start_time; /* Time when link was started. */ |
112 |
|
|
|
113 |
|
|
+static int cloexec_works; /* controlls setting FD_CLOEXEC flag up */ |
114 |
|
|
+ |
115 |
|
|
static struct pppd_stats old_link_stats; |
116 |
|
|
struct pppd_stats link_stats; |
117 |
|
|
unsigned link_connect_time; |
118 |
|
|
@@ -245,6 +247,7 @@ static void holdoff_end __P((void *)); |
119 |
|
|
static void forget_child __P((int pid, int status)); |
120 |
|
|
static int reap_kids __P((void)); |
121 |
|
|
static void childwait_end __P((void *)); |
122 |
|
|
+static void check_cloexec __P((int)); |
123 |
|
|
|
124 |
|
|
#ifdef USE_TDB |
125 |
|
|
static void update_db_entry __P((void)); |
126 |
|
|
@@ -419,7 +422,7 @@ main(argc, argv) |
127 |
|
|
die(0); |
128 |
|
|
|
129 |
|
|
/* Make sure fds 0, 1, 2 are open to somewhere. */ |
130 |
|
|
- fd_devnull = open(_PATH_DEVNULL, O_RDWR); |
131 |
|
|
+ fd_devnull = open_fd(_PATH_DEVNULL, O_RDWR); |
132 |
|
|
if (fd_devnull < 0) |
133 |
|
|
fatal("Couldn't open %s: %m", _PATH_DEVNULL); |
134 |
|
|
while (fd_devnull <= 2) { |
135 |
|
|
@@ -865,6 +866,104 @@ holdoff_end(arg) |
136 |
|
|
new_phase(PHASE_DORMANT); |
137 |
|
|
} |
138 |
|
|
|
139 |
|
|
+ |
140 |
|
|
+/* |
141 |
|
|
+ * check_cloexec - checks for FD_CLOEXEC flag and adds it if necessary |
142 |
|
|
+ */ |
143 |
|
|
+static void |
144 |
|
|
+check_cloexec(int fd) |
145 |
|
|
+{ |
146 |
|
|
+ if (cloexec_works == 0) { |
147 |
|
|
+ int fl = fcntl(fd, F_GETFD); |
148 |
|
|
+ cloexec_works = (fl & FD_CLOEXEC) ? 1 : -1; |
149 |
|
|
+ } |
150 |
|
|
+ if (cloexec_works > 0) |
151 |
|
|
+ return; |
152 |
|
|
+ fcntl(fd, F_SETFD, FD_CLOEXEC); |
153 |
|
|
+ return; |
154 |
|
|
+} |
155 |
|
|
+ |
156 |
|
|
+/* |
157 |
|
|
+ * socket_fd - create an endpoint for communication. uses FD_CLOEXEC if supported |
158 |
|
|
+ */ |
159 |
|
|
+int |
160 |
|
|
+socket_fd(int domain, int type, int protocol) |
161 |
|
|
+{ |
162 |
|
|
+ int fd; |
163 |
|
|
+ |
164 |
|
|
+#ifdef SOCK_CLOEXEC |
165 |
|
|
+ if (cloexec_works != -1) |
166 |
|
|
+ type |= SOCK_CLOEXEC; |
167 |
|
|
+#endif |
168 |
|
|
+ fd = socket(domain, type, protocol); |
169 |
|
|
+ if (fd == -1) |
170 |
|
|
+ return -1; |
171 |
|
|
+ check_cloexec(fd); |
172 |
|
|
+ return fd; |
173 |
|
|
+} |
174 |
|
|
+ |
175 |
|
|
+/* |
176 |
|
|
+ * open_fd - open file with FD_CLOEXEC flag |
177 |
|
|
+ */ |
178 |
|
|
+int |
179 |
|
|
+open_fd(const char *path, int flags) |
180 |
|
|
+{ |
181 |
|
|
+ int fd; |
182 |
|
|
+ |
183 |
|
|
+#if defined(O_CLOEXEC) && defined(SOCK_CLOEXEC) |
184 |
|
|
+ if (cloexec_works != -1) |
185 |
|
|
+ flags |= O_CLOEXEC; |
186 |
|
|
+#endif |
187 |
|
|
+ fd = open(path, flags); |
188 |
|
|
+ if (fd == -1) |
189 |
|
|
+ return -1; |
190 |
|
|
+ check_cloexec(fd); |
191 |
|
|
+ return fd; |
192 |
|
|
+} |
193 |
|
|
+ |
194 |
|
|
+/* |
195 |
|
|
+ * open_fd_mmode - open file with FD_CLOEXEC flag |
196 |
|
|
+ */ |
197 |
|
|
+int |
198 |
|
|
+open_fd_mode(const char *path, int flags, int mode) |
199 |
|
|
+{ |
200 |
|
|
+ int fd; |
201 |
|
|
+ |
202 |
|
|
+#if defined(O_CLOEXEC) && defined(SOCK_CLOEXEC) |
203 |
|
|
+ if (cloexec_works != -1) |
204 |
|
|
+ flags |= O_CLOEXEC; |
205 |
|
|
+#endif |
206 |
|
|
+ fd = open(path, flags, mode); |
207 |
|
|
+ if (fd == -1) |
208 |
|
|
+ return -1; |
209 |
|
|
+ check_cloexec(fd); |
210 |
|
|
+ return fd; |
211 |
|
|
+} |
212 |
|
|
+ |
213 |
|
|
+/* |
214 |
|
|
+ * fopen_r - open file with FD_CLOEXEC flag |
215 |
|
|
+ */ |
216 |
|
|
+FILE * |
217 |
|
|
+fopen_r(const char *path) |
218 |
|
|
+{ |
219 |
|
|
+ FILE *f; |
220 |
|
|
+ |
221 |
|
|
+#if defined(O_CLOEXEC) && defined(SOCK_CLOEXEC) |
222 |
|
|
+ if (cloexec_works != -1) { |
223 |
|
|
+ f = fopen(path, "re"); |
224 |
|
|
+ if (f != NULL) { |
225 |
|
|
+ check_cloexec(fileno(f)); |
226 |
|
|
+ return f; |
227 |
|
|
+ } |
228 |
|
|
+ } |
229 |
|
|
+#endif |
230 |
|
|
+ f = fopen(path, "r"); |
231 |
|
|
+ if (f == NULL) |
232 |
|
|
+ return NULL; |
233 |
|
|
+ check_cloexec(fileno(f)); |
234 |
|
|
+ return f; |
235 |
|
|
+} |
236 |
|
|
+ |
237 |
|
|
/* List of protocol names, to make our messages a little more informative. */ |
238 |
|
|
struct protocol_list { |
239 |
|
|
u_short proto; |
240 |
|
|
@@ -1618,7 +1717,7 @@ device_script(program, in, out, dont_wai |
241 |
|
|
if (log_to_fd >= 0) |
242 |
|
|
errfd = log_to_fd; |
243 |
|
|
else |
244 |
|
|
- errfd = open(_PATH_CONNERRS, O_WRONLY | O_APPEND | O_CREAT, 0600); |
245 |
|
|
+ errfd = open_fd_mode(_PATH_CONNERRS, O_WRONLY | O_APPEND | O_CREAT, 0600); |
246 |
|
|
|
247 |
|
|
++conn_running; |
248 |
|
|
pid = safe_fork(in, out, errfd); |
249 |
|
|
diff -up ppp-2.4.4/pppd/options.c.fd_leak ppp-2.4.4/pppd/options.c |
250 |
|
|
--- ppp-2.4.4/pppd/options.c.fd_leak 2006-06-18 13:26:00.000000000 +0200 |
251 |
|
|
+++ ppp-2.4.4/pppd/options.c 2009-10-08 21:22:59.797544174 +0200 |
252 |
|
|
@@ -409,7 +409,7 @@ options_from_file(filename, must_exist, |
253 |
|
|
option_error("unable to drop privileges to open %s: %m", filename); |
254 |
|
|
return 0; |
255 |
|
|
} |
256 |
|
|
- f = fopen(filename, "r"); |
257 |
|
|
+ f = fopen_r(filename); |
258 |
|
|
err = errno; |
259 |
|
|
if (check_prot && seteuid(euid) == -1) |
260 |
|
|
fatal("unable to regain privileges"); |
261 |
|
|
@@ -1528,9 +1528,9 @@ setlogfile(argv) |
262 |
|
|
option_error("unable to drop permissions to open %s: %m", *argv); |
263 |
|
|
return 0; |
264 |
|
|
} |
265 |
|
|
- fd = open(*argv, O_WRONLY | O_APPEND | O_CREAT | O_EXCL, 0644); |
266 |
|
|
+ fd = open_fd_mode(*argv, O_WRONLY | O_APPEND | O_CREAT | O_EXCL, 0644); |
267 |
|
|
if (fd < 0 && errno == EEXIST) |
268 |
|
|
- fd = open(*argv, O_WRONLY | O_APPEND); |
269 |
|
|
+ fd = open_fd(*argv, O_WRONLY | O_APPEND); |
270 |
|
|
err = errno; |
271 |
|
|
if (!privileged_option && seteuid(euid) == -1) |
272 |
|
|
fatal("unable to regain privileges: %m"); |
273 |
|
|
diff -up ppp-2.4.4/pppd/pppd.h.fd_leak ppp-2.4.4/pppd/pppd.h |
274 |
|
|
--- ppp-2.4.4/pppd/pppd.h.fd_leak 2005-08-26 01:59:34.000000000 +0200 |
275 |
|
|
+++ ppp-2.4.4/pppd/pppd.h 2009-10-08 21:22:59.800544904 +0200 |
276 |
|
|
@@ -494,6 +494,10 @@ int ppp_send_config __P((int, int, u_in |
277 |
|
|
int ppp_recv_config __P((int, int, u_int32_t, int, int)); |
278 |
|
|
const char *protocol_name __P((int)); |
279 |
|
|
void remove_pidfiles __P((void)); |
280 |
|
|
+int socket_fd __P((int, int, int)); |
281 |
|
|
+int open_fd __P((const char *, int)); |
282 |
|
|
+int open_fd_mode __P((const char *, int, int)); |
283 |
|
|
+FILE *fopen_r __P((const char *)); |
284 |
|
|
void lock_db __P((void)); |
285 |
|
|
void unlock_db __P((void)); |
286 |
|
|
|
287 |
|
|
diff -up ppp-2.4.4/pppd/sys-linux.c.fd_leak ppp-2.4.4/pppd/sys-linux.c |
288 |
|
|
--- ppp-2.4.4/pppd/sys-linux.c.fd_leak 2009-10-08 21:22:59.778544744 +0200 |
289 |
|
|
+++ ppp-2.4.4/pppd/sys-linux.c 2009-10-08 21:22:59.803544377 +0200 |
290 |
|
|
@@ -308,12 +308,12 @@ static int modify_flags(int fd, int clea |
291 |
|
|
void sys_init(void) |
292 |
|
|
{ |
293 |
|
|
/* Get an internet socket for doing socket ioctls. */ |
294 |
|
|
- sock_fd = socket(AF_INET, SOCK_DGRAM, 0); |
295 |
|
|
+ sock_fd = socket_fd(AF_INET, SOCK_DGRAM, 0); |
296 |
|
|
if (sock_fd < 0) |
297 |
|
|
fatal("Couldn't create IP socket: %m(%d)", errno); |
298 |
|
|
|
299 |
|
|
#ifdef INET6 |
300 |
|
|
- sock6_fd = socket(AF_INET6, SOCK_DGRAM, 0); |
301 |
|
|
+ sock6_fd = socket_fd(AF_INET6, SOCK_DGRAM, 0); |
302 |
|
|
if (sock6_fd < 0) |
303 |
|
|
sock6_fd = -errno; /* save errno for later */ |
304 |
|
|
#endif |
305 |
|
|
@@ -459,7 +459,7 @@ int generic_establish_ppp (int fd) |
306 |
|
|
goto err; |
307 |
|
|
} |
308 |
|
|
dbglog("using channel %d", chindex); |
309 |
|
|
- fd = open("/dev/ppp", O_RDWR); |
310 |
|
|
+ fd = open_fd("/dev/ppp", O_RDWR); |
311 |
|
|
if (fd < 0) { |
312 |
|
|
error("Couldn't reopen /dev/ppp: %m"); |
313 |
|
|
goto err; |
314 |
|
|
@@ -619,7 +619,7 @@ static int make_ppp_unit() |
315 |
|
|
dbglog("in make_ppp_unit, already had /dev/ppp open?"); |
316 |
|
|
close(ppp_dev_fd); |
317 |
|
|
} |
318 |
|
|
- ppp_dev_fd = open("/dev/ppp", O_RDWR); |
319 |
|
|
+ ppp_dev_fd = open_fd("/dev/ppp", O_RDWR); |
320 |
|
|
if (ppp_dev_fd < 0) |
321 |
|
|
fatal("Couldn't open /dev/ppp: %m"); |
322 |
|
|
flags = fcntl(ppp_dev_fd, F_GETFL); |
323 |
|
|
@@ -693,7 +693,7 @@ int bundle_attach(int ifnum) |
324 |
|
|
if (!new_style_driver) |
325 |
|
|
return -1; |
326 |
|
|
|
327 |
|
|
- master_fd = open("/dev/ppp", O_RDWR); |
328 |
|
|
+ master_fd = open_fd("/dev/ppp", O_RDWR); |
329 |
|
|
if (master_fd < 0) |
330 |
|
|
fatal("Couldn't open /dev/ppp: %m"); |
331 |
|
|
if (ioctl(master_fd, PPPIOCATTACH, &ifnum) < 0) { |
332 |
|
|
@@ -1412,7 +1412,7 @@ static char *path_to_procfs(const char * |
333 |
|
|
/* Default the mount location of /proc */ |
334 |
|
|
strlcpy (proc_path, "/proc", sizeof(proc_path)); |
335 |
|
|
proc_path_len = 5; |
336 |
|
|
- fp = fopen(MOUNTED, "r"); |
337 |
|
|
+ fp = fopen_r(MOUNTED); |
338 |
|
|
if (fp != NULL) { |
339 |
|
|
while ((mntent = getmntent(fp)) != NULL) { |
340 |
|
|
if (strcmp(mntent->mnt_type, MNTTYPE_IGNORE) == 0) |
341 |
|
|
@@ -1472,7 +1472,7 @@ static int open_route_table (void) |
342 |
|
|
close_route_table(); |
343 |
|
|
|
344 |
|
|
path = path_to_procfs("/net/route"); |
345 |
|
|
- route_fd = fopen (path, "r"); |
346 |
|
|
+ route_fd = fopen_r(path); |
347 |
|
|
if (route_fd == NULL) { |
348 |
|
|
error("can't open routing table %s: %m", path); |
349 |
|
|
return 0; |
350 |
|
|
@@ -1713,7 +1713,7 @@ int sifproxyarp (int unit, u_int32_t his |
351 |
|
|
if (tune_kernel) { |
352 |
|
|
forw_path = path_to_procfs("/sys/net/ipv4/ip_forward"); |
353 |
|
|
if (forw_path != 0) { |
354 |
|
|
- int fd = open(forw_path, O_WRONLY); |
355 |
|
|
+ int fd = open_fd(forw_path, O_WRONLY); |
356 |
|
|
if (fd >= 0) { |
357 |
|
|
if (write(fd, "1", 1) != 1) |
358 |
|
|
error("Couldn't enable IP forwarding: %m"); |
359 |
|
|
@@ -1857,7 +1857,7 @@ get_if_hwaddr(u_char *addr, char *name) |
360 |
|
|
struct ifreq ifreq; |
361 |
|
|
int ret, sock_fd; |
362 |
|
|
|
363 |
|
|
- sock_fd = socket(AF_INET, SOCK_DGRAM, 0); |
364 |
|
|
+ sock_fd = socket_fd(AF_INET, SOCK_DGRAM, 0); |
365 |
|
|
if (sock_fd < 0) |
366 |
|
|
return 0; |
367 |
|
|
memset(&ifreq.ifr_hwaddr, 0, sizeof(struct sockaddr)); |
368 |
|
|
@@ -2030,7 +2030,7 @@ int ppp_available(void) |
369 |
|
|
sscanf(utsname.release, "%d.%d.%d", &osmaj, &osmin, &ospatch); |
370 |
|
|
kernel_version = KVERSION(osmaj, osmin, ospatch); |
371 |
|
|
|
372 |
|
|
- fd = open("/dev/ppp", O_RDWR); |
373 |
|
|
+ fd = open_fd("/dev/ppp", O_RDWR); |
374 |
|
|
if (fd >= 0) { |
375 |
|
|
new_style_driver = 1; |
376 |
|
|
|
377 |
|
|
@@ -2068,7 +2068,7 @@ int ppp_available(void) |
378 |
|
|
/* |
379 |
|
|
* Open a socket for doing the ioctl operations. |
380 |
|
|
*/ |
381 |
|
|
- s = socket(AF_INET, SOCK_DGRAM, 0); |
382 |
|
|
+ s = socket_fd(AF_INET, SOCK_DGRAM, 0); |
383 |
|
|
if (s < 0) |
384 |
|
|
return 0; |
385 |
|
|
|
386 |
|
|
@@ -2318,7 +2318,7 @@ int sifaddr (int unit, u_int32_t our_adr |
387 |
|
|
int fd; |
388 |
|
|
|
389 |
|
|
path = path_to_procfs("/sys/net/ipv4/ip_dynaddr"); |
390 |
|
|
- if (path != 0 && (fd = open(path, O_WRONLY)) >= 0) { |
391 |
|
|
+ if (path != 0 && (fd = open_fd(path, O_WRONLY)) >= 0) { |
392 |
|
|
if (write(fd, "1", 1) != 1) |
393 |
|
|
error("Couldn't enable dynamic IP addressing: %m"); |
394 |
|
|
close(fd); |
395 |
|
|
@@ -2494,7 +2494,7 @@ get_pty(master_fdp, slave_fdp, slave_nam |
396 |
|
|
/* |
397 |
|
|
* Try the unix98 way first. |
398 |
|
|
*/ |
399 |
|
|
- mfd = open("/dev/ptmx", O_RDWR); |
400 |
|
|
+ mfd = open_fd("/dev/ptmx", O_RDWR); |
401 |
|
|
if (mfd >= 0) { |
402 |
|
|
int ptn; |
403 |
|
|
if (ioctl(mfd, TIOCGPTN, &ptn) >= 0) { |
404 |
|
|
@@ -2505,7 +2505,7 @@ get_pty(master_fdp, slave_fdp, slave_nam |
405 |
|
|
if (ioctl(mfd, TIOCSPTLCK, &ptn) < 0) |
406 |
|
|
warn("Couldn't unlock pty slave %s: %m", pty_name); |
407 |
|
|
#endif |
408 |
|
|
- if ((sfd = open(pty_name, O_RDWR | O_NOCTTY)) < 0) |
409 |
|
|
+ if ((sfd = open_fd(pty_name, O_RDWR | O_NOCTTY)) < 0) |
410 |
|
|
warn("Couldn't open pty slave %s: %m", pty_name); |
411 |
|
|
} |
412 |
|
|
} |
413 |
|
|
@@ -2516,10 +2516,10 @@ get_pty(master_fdp, slave_fdp, slave_nam |
414 |
|
|
for (i = 0; i < 64; ++i) { |
415 |
|
|
slprintf(pty_name, sizeof(pty_name), "/dev/pty%c%x", |
416 |
|
|
'p' + i / 16, i % 16); |
417 |
|
|
- mfd = open(pty_name, O_RDWR, 0); |
418 |
|
|
+ mfd = open_fd_mode(pty_name, O_RDWR, 0); |
419 |
|
|
if (mfd >= 0) { |
420 |
|
|
pty_name[5] = 't'; |
421 |
|
|
- sfd = open(pty_name, O_RDWR | O_NOCTTY, 0); |
422 |
|
|
+ sfd = open_fd_mode(pty_name, O_RDWR | O_NOCTTY, 0); |
423 |
|
|
if (sfd >= 0) { |
424 |
|
|
fchown(sfd, uid, -1); |
425 |
|
|
fchmod(sfd, S_IRUSR | S_IWUSR); |
426 |
|
|
@@ -2784,7 +2784,7 @@ ether_to_eui64(eui64_t *p_eui64) |
427 |
|
|
int skfd; |
428 |
|
|
const unsigned char *ptr; |
429 |
|
|
|
430 |
|
|
- skfd = socket(PF_INET6, SOCK_DGRAM, 0); |
431 |
|
|
+ skfd = socket_fd(PF_INET6, SOCK_DGRAM, 0); |
432 |
|
|
if(skfd == -1) |
433 |
|
|
{ |
434 |
|
|
warn("could not open IPv6 socket"); |
435 |
|
|
diff -up ppp-2.4.4/pppd/tdb.c.fd_leak ppp-2.4.4/pppd/tdb.c |
436 |
|
|
--- ppp-2.4.4/pppd/tdb.c.fd_leak 2004-11-13 08:13:07.000000000 +0100 |
437 |
|
|
+++ ppp-2.4.4/pppd/tdb.c 2009-10-08 21:22:59.806583590 +0200 |
438 |
|
|
@@ -1724,7 +1724,7 @@ TDB_CONTEXT *tdb_open_ex(const char *nam |
439 |
|
|
goto internal; |
440 |
|
|
} |
441 |
|
|
|
442 |
|
|
- if ((tdb->fd = open(name, open_flags, mode)) == -1) { |
443 |
|
|
+ if ((tdb->fd = open_fd_mode(name, open_flags, mode)) == -1) { |
444 |
|
|
TDB_LOG((tdb, 5, "tdb_open_ex: could not open file %s: %s\n", |
445 |
|
|
name, strerror(errno))); |
446 |
|
|
goto fail; /* errno set by open(2) */ |
447 |
|
|
@@ -1967,7 +1967,7 @@ int tdb_reopen(TDB_CONTEXT *tdb) |
448 |
|
|
} |
449 |
|
|
if (close(tdb->fd) != 0) |
450 |
|
|
TDB_LOG((tdb, 0, "tdb_reopen: WARNING closing tdb->fd failed!\n")); |
451 |
|
|
- tdb->fd = open(tdb->name, tdb->open_flags & ~(O_CREAT|O_TRUNC), 0); |
452 |
|
|
+ tdb->fd = open_fd_mode(tdb->name, tdb->open_flags & ~(O_CREAT|O_TRUNC), 0); |
453 |
|
|
if (tdb->fd == -1) { |
454 |
|
|
TDB_LOG((tdb, 0, "tdb_reopen: open failed (%s)\n", strerror(errno))); |
455 |
|
|
goto fail; |
456 |
|
|
diff -up ppp-2.4.4/pppd/tty.c.fd_leak ppp-2.4.4/pppd/tty.c |
457 |
|
|
--- ppp-2.4.4/pppd/tty.c.fd_leak 2006-06-04 09:04:57.000000000 +0200 |
458 |
|
|
+++ ppp-2.4.4/pppd/tty.c 2009-10-08 21:22:59.809544300 +0200 |
459 |
|
|
@@ -569,7 +569,7 @@ int connect_tty() |
460 |
|
|
status = EXIT_OPEN_FAILED; |
461 |
|
|
goto errret; |
462 |
|
|
} |
463 |
|
|
- real_ttyfd = open(devnam, O_NONBLOCK | O_RDWR, 0); |
464 |
|
|
+ real_ttyfd = open_fd_mode(devnam, O_NONBLOCK | O_RDWR, 0); |
465 |
|
|
err = errno; |
466 |
|
|
if (prio < OPRIO_ROOT && seteuid(0) == -1) |
467 |
|
|
fatal("Unable to regain privileges"); |
468 |
|
|
@@ -723,7 +723,7 @@ int connect_tty() |
469 |
|
|
if (connector == NULL && modem && devnam[0] != 0) { |
470 |
|
|
int i; |
471 |
|
|
for (;;) { |
472 |
|
|
- if ((i = open(devnam, O_RDWR)) >= 0) |
473 |
|
|
+ if ((i = open_fd(devnam, O_RDWR)) >= 0) |
474 |
|
|
break; |
475 |
|
|
if (errno != EINTR) { |
476 |
|
|
error("Failed to reopen %s: %m", devnam); |
477 |
|
|
@@ -896,7 +896,8 @@ open_socket(dest) |
478 |
|
|
*sep = ':'; |
479 |
|
|
|
480 |
|
|
/* get a socket and connect it to the other end */ |
481 |
|
|
- sock = socket(PF_INET, SOCK_STREAM, 0); |
482 |
|
|
+ //sock = socket(PF_INET, SOCK_STREAM, 0); |
483 |
|
|
+ sock = socket_fd(PF_INET, SOCK_STREAM, 0); |
484 |
|
|
if (sock < 0) { |
485 |
|
|
error("Can't create socket: %m"); |
486 |
|
|
return -1; |
487 |
|
|
diff -up ppp-2.4.4/pppd/utils.c.fd_leak ppp-2.4.4/pppd/utils.c |
488 |
|
|
--- ppp-2.4.4/pppd/utils.c.fd_leak 2009-10-08 21:22:59.620325739 +0200 |
489 |
|
|
+++ ppp-2.4.4/pppd/utils.c 2009-10-08 21:22:59.811573725 +0200 |
490 |
|
|
@@ -931,14 +931,14 @@ lock(dev) |
491 |
|
|
slprintf(lock_file, sizeof(lock_file), "%s/LCK..%s", LOCK_DIR, dev); |
492 |
|
|
#endif |
493 |
|
|
|
494 |
|
|
- while ((fd = open(lock_file, O_EXCL | O_CREAT | O_RDWR, 0644)) < 0) { |
495 |
|
|
+ while ((fd = open_fd_mode(lock_file, O_EXCL | O_CREAT | O_RDWR, 0644)) < 0) { |
496 |
|
|
if (errno != EEXIST) { |
497 |
|
|
error("Can't create lock file %s: %m", lock_file); |
498 |
|
|
break; |
499 |
|
|
} |
500 |
|
|
|
501 |
|
|
/* Read the lock file to find out who has the device locked. */ |
502 |
|
|
- fd = open(lock_file, O_RDONLY, 0); |
503 |
|
|
+ fd = open_fd_mode(lock_file, O_RDONLY, 0); |
504 |
|
|
if (fd < 0) { |
505 |
|
|
if (errno == ENOENT) /* This is just a timing problem. */ |
506 |
|
|
continue; |
507 |
|
|
@@ -1017,7 +1017,7 @@ relock(pid) |
508 |
|
|
|
509 |
|
|
if (lock_file[0] == 0) |
510 |
|
|
return -1; |
511 |
|
|
- fd = open(lock_file, O_WRONLY, 0); |
512 |
|
|
+ fd = open_fd_mode(lock_file, O_WRONLY, 0); |
513 |
|
|
if (fd < 0) { |
514 |
|
|
error("Couldn't reopen lock file %s: %m", lock_file); |
515 |
|
|
lock_file[0] = 0; |
516 |
|
|
diff -up ppp-2.4.5/pppd/plugins/pppoatm/pppoatm.c.test ppp-2.4.5/pppd/plugins/pppoatm/pppoatm.c |
517 |
|
|
--- ppp-2.4.5/pppd/plugins/pppoatm/pppoatm.c.test 2010-11-16 09:56:56.083707000 +0100 |
518 |
|
|
+++ ppp-2.4.5/pppd/plugins/pppoatm/pppoatm.c 2010-11-16 09:56:59.382707272 +0100 |
519 |
|
|
@@ -137,7 +137,11 @@ static int connect_pppoatm(void) |
520 |
|
|
|
521 |
|
|
if (!device_got_set) |
522 |
|
|
no_device_given_pppoatm(); |
523 |
|
|
+#ifdef SOCK_CLOEXEC |
524 |
|
|
+ fd = socket(AF_ATMPVC, SOCK_DGRAM | SOCK_CLOEXEC, 0); |
525 |
|
|
+#else |
526 |
|
|
fd = socket(AF_ATMPVC, SOCK_DGRAM, 0); |
527 |
|
|
+#endif |
528 |
|
|
if (fd < 0) |
529 |
|
|
fatal("failed to create socket: %m"); |
530 |
|
|
memset(&qos, 0, sizeof qos); |
531 |
|
|
diff -up ppp-2.4.5/pppd/plugins/pppol2tp/openl2tp.c.test ppp-2.4.5/pppd/plugins/pppol2tp/openl2tp.c |
532 |
|
|
--- ppp-2.4.5/pppd/plugins/pppol2tp/openl2tp.c.test 2010-11-16 09:58:17.499711288 +0100 |
533 |
|
|
+++ ppp-2.4.5/pppd/plugins/pppol2tp/openl2tp.c 2010-11-16 10:00:15.791706960 +0100 |
534 |
|
|
@@ -83,7 +83,11 @@ static int openl2tp_client_create(void) |
535 |
|
|
int result; |
536 |
|
|
|
537 |
|
|
if (openl2tp_fd < 0) { |
538 |
|
|
+#ifdef SOCK_CLOEXEC |
539 |
|
|
+ openl2tp_fd = socket(PF_UNIX, SOCK_DGRAM | SOCK_CLOEXEC, 0); |
540 |
|
|
+#else |
541 |
|
|
openl2tp_fd = socket(PF_UNIX, SOCK_DGRAM, 0); |
542 |
|
|
+#endif |
543 |
|
|
if (openl2tp_fd < 0) { |
544 |
|
|
error("openl2tp connection create: %m"); |
545 |
|
|
return -ENOTCONN; |
546 |
|
|
diff -up ppp-2.4.5/pppd/plugins/pppol2tp/pppol2tp.c.test ppp-2.4.5/pppd/plugins/pppol2tp/pppol2tp.c |
547 |
|
|
--- ppp-2.4.5/pppd/plugins/pppol2tp/pppol2tp.c.test 2010-11-16 09:57:44.448709467 +0100 |
548 |
|
|
+++ ppp-2.4.5/pppd/plugins/pppol2tp/pppol2tp.c 2010-11-16 09:59:32.877707001 +0100 |
549 |
|
|
@@ -208,7 +208,11 @@ static void send_config_pppol2tp(int mtu |
550 |
|
|
struct ifreq ifr; |
551 |
|
|
int fd; |
552 |
|
|
|
553 |
|
|
+#ifdef SOCK_CLOEXEC |
554 |
|
|
+ fd = socket(AF_INET, SOCK_DGRAM | SOCK_CLOEXEC, 0); |
555 |
|
|
+#else |
556 |
|
|
fd = socket(AF_INET, SOCK_DGRAM, 0); |
557 |
|
|
+#endif |
558 |
|
|
if (fd >= 0) { |
559 |
|
|
memset (&ifr, '\0', sizeof (ifr)); |
560 |
|
|
strlcpy(ifr.ifr_name, ifname, sizeof(ifr.ifr_name)); |
561 |
|
|
diff -up ppp-2.4.5/pppd/plugins/rp-pppoe/if.c.test ppp-2.4.5/pppd/plugins/rp-pppoe/if.c |
562 |
|
|
--- ppp-2.4.5/pppd/plugins/rp-pppoe/if.c.test 2009-11-16 23:26:07.000000000 +0100 |
563 |
|
|
+++ ppp-2.4.5/pppd/plugins/rp-pppoe/if.c 2010-11-16 09:54:03.973706239 +0100 |
564 |
|
|
@@ -116,6 +116,10 @@ openInterface(char const *ifname, UINT16 |
565 |
|
|
stype = SOCK_PACKET; |
566 |
|
|
#endif |
567 |
|
|
|
568 |
|
|
+#ifdef SOCK_CLOEXEC |
569 |
|
|
+ stype |= SOCK_CLOEXEC; |
570 |
|
|
+#endif |
571 |
|
|
+ |
572 |
|
|
if ((fd = socket(domain, stype, htons(type))) < 0) { |
573 |
|
|
/* Give a more helpful message for the common error case */ |
574 |
|
|
if (errno == EPERM) { |
575 |
|
|
diff -up ppp-2.4.5/pppd/plugins/rp-pppoe/plugin.c.test ppp-2.4.5/pppd/plugins/rp-pppoe/plugin.c |
576 |
|
|
--- ppp-2.4.5/pppd/plugins/rp-pppoe/plugin.c.test 2009-11-16 23:26:07.000000000 +0100 |
577 |
|
|
+++ ppp-2.4.5/pppd/plugins/rp-pppoe/plugin.c 2010-11-16 09:40:23.355707001 +0100 |
578 |
|
|
@@ -158,7 +158,11 @@ PPPOEConnectDevice(void) |
579 |
|
|
ppp_session_number = ntohs(conn->session); |
580 |
|
|
|
581 |
|
|
/* Make the session socket */ |
582 |
|
|
+#ifdef SOCK_CLOEXEC |
583 |
|
|
+ conn->sessionSocket = socket(AF_PPPOX, SOCK_STREAM | SOCK_CLOEXEC, PX_PROTO_OE); |
584 |
|
|
+#else |
585 |
|
|
conn->sessionSocket = socket(AF_PPPOX, SOCK_STREAM, PX_PROTO_OE); |
586 |
|
|
+#endif |
587 |
|
|
if (conn->sessionSocket < 0) { |
588 |
|
|
error("Failed to create PPPoE socket: %m"); |
589 |
|
|
goto errout; |
590 |
|
|
@@ -289,7 +293,11 @@ PPPoEDevnameHook(char *cmd, char **argv, |
591 |
|
|
} |
592 |
|
|
|
593 |
|
|
/* Open a socket */ |
594 |
|
|
+#ifdef SOCK_CLOEXEC |
595 |
|
|
+ if ((fd = socket(PF_PACKET, SOCK_RAW | SOCK_CLOEXEC, 0)) < 0) { |
596 |
|
|
+#else |
597 |
|
|
if ((fd = socket(PF_PACKET, SOCK_RAW, 0)) < 0) { |
598 |
|
|
+#endif |
599 |
|
|
r = 0; |
600 |
|
|
} |
601 |
|
|
|
602 |
|
|
diff -up ppp-2.4.5/pppd/plugins/rp-pppoe/pppoe-discovery.c.test ppp-2.4.5/pppd/plugins/rp-pppoe/pppoe-discovery.c |
603 |
|
|
--- ppp-2.4.5/pppd/plugins/rp-pppoe/pppoe-discovery.c.test 2009-11-16 23:26:07.000000000 +0100 |
604 |
|
|
+++ ppp-2.4.5/pppd/plugins/rp-pppoe/pppoe-discovery.c 2010-11-16 09:55:08.726707003 +0100 |
605 |
|
|
@@ -121,6 +121,10 @@ openInterface(char const *ifname, UINT16 |
606 |
|
|
stype = SOCK_PACKET; |
607 |
|
|
#endif |
608 |
|
|
|
609 |
|
|
+#ifdef SOCK_CLOEXEC |
610 |
|
|
+ stype |= SOCK_CLOEXEC; |
611 |
|
|
+#endif |
612 |
|
|
+ |
613 |
|
|
if ((fd = socket(domain, stype, htons(type))) < 0) { |
614 |
|
|
/* Give a more helpful message for the common error case */ |
615 |
|
|
if (errno == EPERM) { |