From 6c3ea4f47ea280811a7fe53a22f7832e4533c9ec Mon Sep 17 00:00:00 2001
From: Daniel Baumann <daniel.baumann@progress-linux.org>
Date: Wed, 26 Jun 2024 18:18:36 +0200
Subject: Adding upstream version 1:4.15.2.

Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
---
 lib/fd.c | 41 +++++++++++++++++++++++++++++++++++++++++
 1 file changed, 41 insertions(+)
 create mode 100644 lib/fd.c

(limited to 'lib/fd.c')

diff --git a/lib/fd.c b/lib/fd.c
new file mode 100644
index 0000000..bcfa374
--- /dev/null
+++ b/lib/fd.c
@@ -0,0 +1,41 @@
+// SPDX-FileCopyrightText: 2024, Skyler Ferrante <sjf5462@rit.edu>
+// SPDX-License-Identifier: BSD-3-Clause
+
+/**
+ * To protect against file descriptor omission attacks, we open the std file
+ * descriptors with /dev/null if they are not already open. Code is based on
+ * fix_fds from sudo.c.
+ */
+
+#include <fcntl.h>
+#include <stdlib.h>
+#include <unistd.h>
+
+#include "prototypes.h"
+
+static void check_fd(int fd);
+
+void
+check_fds(void)
+{
+	/**
+	 * Make sure stdin, stdout, stderr are open
+	 * If they are closed, set them to /dev/null
+	 */
+	check_fd(STDIN_FILENO);
+	check_fd(STDOUT_FILENO);
+	check_fd(STDERR_FILENO);
+}
+
+static void
+check_fd(int fd)
+{
+	int  devnull;
+
+	if (fcntl(fd, F_GETFL, 0) != -1)
+		return;
+
+	devnull = open("/dev/null", O_RDWR);
+	if (devnull != fd)
+		abort();
+}
-- 
cgit v1.2.3