summaryrefslogtreecommitdiffstats
path: root/lib/util/closefrom.c
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-15 13:14:46 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-15 13:14:46 +0000
commit025c439e829e0db9ac511cd9c1b8d5fd53475ead (patch)
treefa6986b4690f991613ffb97cea1f6942427baf5d /lib/util/closefrom.c
parentInitial commit. (diff)
downloadsudo-025c439e829e0db9ac511cd9c1b8d5fd53475ead.tar.xz
sudo-025c439e829e0db9ac511cd9c1b8d5fd53475ead.zip
Adding upstream version 1.9.15p5.upstream/1.9.15p5upstream
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'lib/util/closefrom.c')
-rw-r--r--lib/util/closefrom.c183
1 files changed, 183 insertions, 0 deletions
diff --git a/lib/util/closefrom.c b/lib/util/closefrom.c
new file mode 100644
index 0000000..ef8e20c
--- /dev/null
+++ b/lib/util/closefrom.c
@@ -0,0 +1,183 @@
+/*
+ * SPDX-License-Identifier: ISC
+ *
+ * Copyright (c) 2004-2005, 2007, 2010, 2012-2015, 2017-2022
+ * Todd C. Miller <Todd.Miller@sudo.ws>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/*
+ * This is an open source non-commercial project. Dear PVS-Studio, please check it.
+ * PVS-Studio Static Code Analyzer for C, C++ and C#: http://www.viva64.com
+ */
+
+#include <config.h>
+
+#ifndef HAVE_CLOSEFROM
+
+#include <errno.h>
+#include <fcntl.h>
+#include <limits.h>
+#include <stdlib.h>
+#include <unistd.h>
+#ifdef HAVE_PSTAT_GETPROC
+# include <sys/pstat.h>
+#else
+# include <dirent.h>
+#endif
+#ifdef HAVE_LIBPROC_H
+# include <libproc.h>
+#endif
+#ifdef HAVE_LINUX_CLOSE_RANGE_H
+# include <linux/close_range.h>
+#endif
+
+#include <sudo_compat.h>
+#include <sudo_util.h>
+#include <pathnames.h>
+
+#ifndef OPEN_MAX
+# define OPEN_MAX 256
+#endif
+
+/* Avoid potential libdispatch crash on macOS when we close its fds. */
+#ifdef __APPLE__
+# define closefrom_close(x) fcntl((x), F_SETFD, FD_CLOEXEC)
+#else
+# define closefrom_close(x) close(x)
+#endif
+
+/*
+ * Close all file descriptors greater than or equal to lowfd.
+ * This is the expensive (fallback) method.
+ */
+static void
+closefrom_fallback(int lowfd)
+{
+ long fd, maxfd;
+
+ /*
+ * Fall back on sysconf(_SC_OPEN_MAX). This is equivalent to
+ * checking the RLIMIT_NOFILE soft limit. It is possible for
+ * there to be open file descriptors past this limit but there's
+ * not much we can do about that since the hard limit may be
+ * RLIM_INFINITY (LLONG_MAX or ULLONG_MAX on modern systems).
+ */
+ maxfd = sysconf(_SC_OPEN_MAX);
+ if (maxfd < OPEN_MAX)
+ maxfd = OPEN_MAX;
+
+ /* Make sure we didn't get RLIM_INFINITY as the upper limit. */
+ if (maxfd > INT_MAX)
+ maxfd = INT_MAX;
+
+ for (fd = lowfd; fd < maxfd; fd++) {
+ (void)closefrom_close((int)fd);
+ }
+}
+
+/*
+ * Close all file descriptors greater than or equal to lowfd.
+ * We try the fast way first, falling back on the slow method.
+ */
+void
+sudo_closefrom(int lowfd)
+{
+#if defined(HAVE_PSTAT_GETPROC)
+ struct pst_status pst;
+#elif defined(HAVE_DIRFD)
+ const char *path;
+ DIR *dirp;
+#endif
+#if defined(HAVE_PROC_PIDINFO)
+ struct proc_fdinfo *buf = NULL;
+ const pid_t pid = getpid();
+ int i, n, len;
+#endif
+
+ /* Try the fast method first, if possible. */
+#if defined(HAVE_FCNTL_CLOSEM)
+ if (fcntl(lowfd, F_CLOSEM, 0) != -1)
+ return;
+#elif defined(HAVE_CLOSE_RANGE)
+ if (close_range((unsigned int)lowfd, ~0U, 0) != -1)
+ return;
+#elif defined(HAVE_PROC_PIDINFO)
+ len = proc_pidinfo(pid, PROC_PIDLISTFDS, 0, NULL, 0);
+ switch (len) {
+ case 0:
+ /* No open files. */
+ return;
+ case -1:
+ /* Fall back on other methods. */
+ break;
+ default:
+ /* Allocate space for 4 extra fds to leave some wiggle room. */
+ buf = malloc(len + (PROC_PIDLISTFD_SIZE * 4));
+ if (buf == NULL)
+ break;
+ n = proc_pidinfo(pid, PROC_PIDLISTFDS, 0, buf, len);
+ if (n == -1 || n > len) {
+ free(buf);
+ break;
+ }
+ n /= PROC_PIDLISTFD_SIZE;
+ for (i = 0; i < n; i++) {
+ if (buf[i].proc_fd >= lowfd) {
+ (void)closefrom_close(buf[i].proc_fd);
+ }
+ }
+ free(buf);
+ return;
+ }
+#endif /* HAVE_PROC_PIDINFO */
+#if defined(HAVE_PSTAT_GETPROC)
+ /*
+ * EOVERFLOW is not a fatal error for the fields we use.
+ * See the "EOVERFLOW Error" section of pstat_getvminfo(3).
+ */
+ if (pstat_getproc(&pst, sizeof(pst), 0, getpid()) != -1 ||
+ errno == EOVERFLOW) {
+ int fd;
+
+ for (fd = lowfd; fd <= pst.pst_highestfd; fd++)
+ (void)closefrom_close(fd);
+ return;
+ }
+#elif defined(HAVE_DIRFD)
+ /* Use /proc/self/fd (or /dev/fd on macOS) if it exists. */
+# ifdef __APPLE__
+ path = _PATH_DEV "fd";
+# else
+ path = "/proc/self/fd";
+# endif
+ if ((dirp = opendir(path)) != NULL) {
+ struct dirent *dent;
+ while ((dent = readdir(dirp)) != NULL) {
+ const char *errstr;
+ int fd = (int)sudo_strtonum(dent->d_name, lowfd, INT_MAX, &errstr);
+ if (errstr == NULL && fd != dirfd(dirp)) {
+ (void)closefrom_close(fd);
+ }
+ }
+ (void)closedir(dirp);
+ return;
+ }
+#endif /* HAVE_DIRFD */
+
+ /* Do things the slow way. */
+ closefrom_fallback(lowfd);
+}
+
+#endif /* HAVE_CLOSEFROM */