diff options
author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-19 16:58:41 +0000 |
---|---|---|
committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-19 16:58:41 +0000 |
commit | e1908ae95dd4c9d19ee4dfabfc8bf8a7f85943fe (patch) | |
tree | f5cc731bedcac0fb7fe14d952e4581e749f8bb87 /lib/freopen-safer.c | |
parent | Initial commit. (diff) | |
download | coreutils-upstream.tar.xz coreutils-upstream.zip |
Adding upstream version 9.4.upstream/9.4upstream
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'lib/freopen-safer.c')
-rw-r--r-- | lib/freopen-safer.c | 109 |
1 files changed, 109 insertions, 0 deletions
diff --git a/lib/freopen-safer.c b/lib/freopen-safer.c new file mode 100644 index 0000000..886e3e8 --- /dev/null +++ b/lib/freopen-safer.c @@ -0,0 +1,109 @@ +/* Invoke freopen, but avoid some glitches. + + Copyright (C) 2009-2023 Free Software Foundation, Inc. + + This program is free software: you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation, either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see <https://www.gnu.org/licenses/>. */ + +/* Written by Eric Blake. */ + +#include <config.h> + +#include "stdio-safer.h" + +#include "attribute.h" + +#include <errno.h> +#include <fcntl.h> +#include <unistd.h> + +/* GCC 13 misunderstands the dup2 trickery in this file. */ +#if 13 <= __GNUC__ +# pragma GCC diagnostic ignored "-Wanalyzer-fd-leak" +#endif + +/* Guarantee that FD is open; all smaller FDs must already be open. + Return true if successful. */ +static bool +protect_fd (int fd) +{ + int value = open ("/dev/null", O_RDONLY); + if (value != fd) + { + if (0 <= value) + { + close (value); + errno = EBADF; /* Unexpected; this is as good as anything else. */ + } + return false; + } + return true; +} + +/* Like freopen, but guarantee that reopening stdin, stdout, or stderr + preserves the invariant that STDxxx_FILENO==fileno(stdxxx), and + that no other stream will interfere with the standard streams. + This is necessary because most freopen implementations will change + the associated fd of a stream to the lowest available slot. */ + +FILE * +freopen_safer (char const *name, char const *mode, FILE *f) +{ + /* Unfortunately, we cannot use the fopen_safer approach of using + fdopen (dup_safer (fileno (freopen (cmd, mode, f)))), because we + need to return f itself. The implementation of freopen(NULL,m,f) + is system-dependent, so the best we can do is guarantee that all + lower-valued standard fds are open prior to the freopen call, + even though this puts more pressure on open fds. */ + bool protect_in = false; + bool protect_out = false; + bool protect_err = false; + int saved_errno; + + switch (fileno (f)) + { + default: /* -1 or not a standard stream. */ + if (dup2 (STDERR_FILENO, STDERR_FILENO) != STDERR_FILENO) + protect_err = true; + FALLTHROUGH; + case STDERR_FILENO: + if (dup2 (STDOUT_FILENO, STDOUT_FILENO) != STDOUT_FILENO) + protect_out = true; + FALLTHROUGH; + case STDOUT_FILENO: + if (dup2 (STDIN_FILENO, STDIN_FILENO) != STDIN_FILENO) + protect_in = true; + FALLTHROUGH; + case STDIN_FILENO: + /* Nothing left to protect. */ + break; + } + if (protect_in && !protect_fd (STDIN_FILENO)) + f = NULL; + else if (protect_out && !protect_fd (STDOUT_FILENO)) + f = NULL; + else if (protect_err && !protect_fd (STDERR_FILENO)) + f = NULL; + else + f = freopen (name, mode, f); + saved_errno = errno; + if (protect_err) + close (STDERR_FILENO); + if (protect_out) + close (STDOUT_FILENO); + if (protect_in) + close (STDIN_FILENO); + if (!f) + errno = saved_errno; + return f; +} |