Mercurial > hg > octave-kai > gnulib-hg
changeset 11938:7cbcde229d97
backupfile, chdir-long, fts, savedir: make safer
* lib/backupfile.c (includes): Use "dirent--.h", since
numbered_backup can write to stderr during readdir.
* lib/savedir.c (includes): Likewise.
* lib/chdir-long.c (includes): Use "fcntl--.h", since openat
emulation can write to stderr on failure.
* lib/fts.c (includes) [!_LIBC]: Likewise for opendir and openat.
* lib/getcwd.c: Document why opendir_safer is unused.
* lib/glob.c: Likewise.
* lib/scandir.c: Likewise.
* lib/openat-proc.c: Likewise, for open_safer.
* modules/backupfile (Depends-on): Add dirent-safer.
* modules/savedir (Depends-on): Likewise.
* modules/fts (Depends-on): Add dirent-safer and openat-safer.
* modules/chdir-long (Depends-on): Add openat-safer.
Signed-off-by: Eric Blake <ebb9@byu.net>
| author | Eric Blake <ebb9@byu.net> |
|---|---|
| date | Tue, 01 Sep 2009 12:25:01 -0600 |
| parents | ded3ad24a7f4 |
| children | cd48f861a7a7 |
| files | ChangeLog lib/backupfile.c lib/chdir-long.c lib/fts.c lib/getcwd.c lib/glob.c lib/openat-proc.c lib/savedir.c lib/scandir.c modules/backupfile modules/chdir-long modules/fts modules/savedir |
| diffstat | 13 files changed, 51 insertions(+), 25 deletions(-) [+] |
line wrap: on
line diff
--- a/ChangeLog +++ b/ChangeLog @@ -1,5 +1,21 @@ 2009-09-02 Eric Blake <ebb9@byu.net> + backupfile, chdir-long, fts, savedir: make safer + * lib/backupfile.c (includes): Use "dirent--.h", since + numbered_backup can write to stderr during readdir. + * lib/savedir.c (includes): Likewise. + * lib/chdir-long.c (includes): Use "fcntl--.h", since openat + emulation can write to stderr on failure. + * lib/fts.c (includes) [!_LIBC]: Likewise for opendir and openat. + * lib/getcwd.c: Document why opendir_safer is unused. + * lib/glob.c: Likewise. + * lib/scandir.c: Likewise. + * lib/openat-proc.c: Likewise, for open_safer. + * modules/backupfile (Depends-on): Add dirent-safer. + * modules/savedir (Depends-on): Likewise. + * modules/fts (Depends-on): Add dirent-safer and openat-safer. + * modules/chdir-long (Depends-on): Add openat-safer. + openat-safer: new module * modules/openat-safer: New file. * lib/openat-safer.c: Likewise.
--- a/lib/backupfile.c +++ b/lib/backupfile.c @@ -1,7 +1,7 @@ /* backupfile.c -- make Emacs style backup file names Copyright (C) 1990, 1991, 1992, 1993, 1994, 1995, 1996, 1997, 1998, - 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006 Free Software + 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2009 Free Software Foundation, Inc. This program is free software: you can redistribute it and/or modify @@ -37,7 +37,7 @@ #include <unistd.h> -#include <dirent.h> +#include "dirent--.h" #ifndef _D_EXACT_NAMLEN # define _D_EXACT_NAMLEN(dp) strlen ((dp)->d_name) #endif @@ -80,11 +80,6 @@ of `digit' even when the host does not conform to POSIX. */ #define ISDIGIT(c) ((unsigned int) (c) - '0' <= 9) -/* The results of opendir() in this file are not used with dirfd and fchdir, - therefore save some unnecessary work in fchdir.c. */ -#undef opendir -#undef closedir - /* The extension added to file names to produce a simple (as opposed to numbered) backup file name. */ char const *simple_backup_suffix = "~";
--- a/lib/chdir-long.c +++ b/lib/chdir-long.c @@ -1,5 +1,5 @@ /* provide a chdir function that tries not to fail due to ENAMETOOLONG - Copyright (C) 2004, 2005, 2006, 2007, 2008 Free Software Foundation, Inc. + Copyright (C) 2004-2009 Free Software Foundation, Inc. This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -20,7 +20,6 @@ #include "chdir-long.h" -#include <fcntl.h> #include <stdlib.h> #include <stdbool.h> #include <string.h> @@ -28,7 +27,7 @@ #include <stdio.h> #include <assert.h> -#include "openat.h" +#include "fcntl--.h" #ifndef PATH_MAX # error "compile this file only if your system defines PATH_MAX"
--- a/lib/fts.c +++ b/lib/fts.c @@ -69,7 +69,7 @@ #if ! _LIBC # include "fcntl--.h" -# include "openat.h" +# include "dirent--.h" # include "unistd--.h" # include "same-inode.h" #endif
--- a/lib/getcwd.c +++ b/lib/getcwd.c @@ -1,4 +1,4 @@ -/* Copyright (C) 1991-1999, 2004-2008 Free Software Foundation, Inc. +/* Copyright (C) 1991-1999, 2004-2009 Free Software Foundation, Inc. This file is part of the GNU C Library. This program is free software: you can redistribute it and/or modify @@ -103,7 +103,11 @@ #endif /* The results of opendir() in this file are not used with dirfd and fchdir, - therefore save some unnecessary recursion in fchdir.c. */ + and we do not leak fds to any single-threaded code that could use stdio, + therefore save some unnecessary recursion in fchdir.c. + FIXME - if the kernel ever adds support for multi-thread safety for + avoiding standard fds, then we should use opendir_safer and + openat_safer. */ #undef opendir #undef closedir
--- a/lib/glob.c +++ b/lib/glob.c @@ -1,4 +1,4 @@ -/* Copyright (C) 1991-2002, 2003, 2004, 2005, 2006, 2007, 2008 +/* Copyright (C) 1991-2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, Inc. This file is part of the GNU C Library. @@ -186,7 +186,10 @@ #ifndef _LIBC /* The results of opendir() in this file are not used with dirfd and fchdir, - therefore save some unnecessary work in fchdir.c. */ + and we do not leak fds to any single-threaded code that could use stdio, + therefore save some unnecessary recursion in fchdir.c and opendir_safer.c. + FIXME - if the kernel ever adds support for multi-thread safety for + avoiding standard fds, then we should use opendir_safer. */ # undef opendir # undef closedir
--- a/lib/openat-proc.c +++ b/lib/openat-proc.c @@ -1,6 +1,6 @@ /* Create /proc/self/fd-related names for subfiles of open directories. - Copyright (C) 2006 Free Software Foundation, Inc. + Copyright (C) 2006, 2009 Free Software Foundation, Inc. This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -34,7 +34,10 @@ #include "xalloc.h" /* The results of open() in this file are not used with fchdir, - therefore save some unnecessary work in fchdir.c. */ + and we do not leak fds to any single-threaded code that could use stdio, + therefore save some unnecessary work in fchdir.c. + FIXME - if the kernel ever adds support for multi-thread safety for + avoiding standard fds, then we should use open_safer. */ #undef open #undef close
--- a/lib/savedir.c +++ b/lib/savedir.c @@ -26,7 +26,7 @@ #include <errno.h> -#include <dirent.h> +#include "dirent--.h" #ifndef _D_EXACT_NAMLEN # define _D_EXACT_NAMLEN(dp) strlen ((dp)->d_name) #endif @@ -41,11 +41,6 @@ # define NAME_SIZE_DEFAULT 512 #endif -/* The results of opendir() in this file are not used with dirfd and fchdir, - therefore save some unnecessary work in fchdir.c. */ -#undef opendir -#undef closedir - /* Return a freshly allocated string containing the file names in directory DIRP, separated by '\0' characters; the end is marked by two '\0' characters in a row.
--- a/lib/scandir.c +++ b/lib/scandir.c @@ -45,6 +45,14 @@ # define __opendir opendir # define __closedir closedir # define __set_errno(val) errno = (val) + +/* The results of opendir() in this file are not used with dirfd and fchdir, + and we do not leak fds to any single-threaded code that could use stdio, + therefore save some unnecessary recursion in fchdir.c and opendir_safer.c. + FIXME - if the kernel ever adds support for multi-thread safety for + avoiding standard fds, then we should use opendir_safer. */ +# undef opendir +# undef closedir #endif #ifndef SCANDIR_CANCEL
--- a/modules/backupfile +++ b/modules/backupfile @@ -11,6 +11,7 @@ Depends-on: argmatch d-ino +dirent-safer dirname memcmp stdbool
--- a/modules/chdir-long +++ b/modules/chdir-long @@ -10,7 +10,7 @@ atexit fchdir fcntl-h -openat +openat-safer memchr mempcpy memrchr