2009-09-02 Eric Blake <ebb9@byu.net>
+ backupfile, chdir-long, fts, savedir: make safer
+ * lib/backupfile.c (includes): Use "dirent--.h", since
+ numbered_backup can write to stderr during readdir.
+ * lib/savedir.c (includes): Likewise.
+ * lib/chdir-long.c (includes): Use "fcntl--.h", since openat
+ emulation can write to stderr on failure.
+ * lib/fts.c (includes) [!_LIBC]: Likewise for opendir and openat.
+ * lib/getcwd.c: Document why opendir_safer is unused.
+ * lib/glob.c: Likewise.
+ * lib/scandir.c: Likewise.
+ * lib/openat-proc.c: Likewise, for open_safer.
+ * modules/backupfile (Depends-on): Add dirent-safer.
+ * modules/savedir (Depends-on): Likewise.
+ * modules/fts (Depends-on): Add dirent-safer and openat-safer.
+ * modules/chdir-long (Depends-on): Add openat-safer.
+
openat-safer: new module
* modules/openat-safer: New file.
* lib/openat-safer.c: Likewise.
/* backupfile.c -- make Emacs style backup file names
Copyright (C) 1990, 1991, 1992, 1993, 1994, 1995, 1996, 1997, 1998,
- 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006 Free Software
+ 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2009 Free Software
Foundation, Inc.
This program is free software: you can redistribute it and/or modify
#include <unistd.h>
-#include <dirent.h>
+#include "dirent--.h"
#ifndef _D_EXACT_NAMLEN
# define _D_EXACT_NAMLEN(dp) strlen ((dp)->d_name)
#endif
of `digit' even when the host does not conform to POSIX. */
#define ISDIGIT(c) ((unsigned int) (c) - '0' <= 9)
-/* The results of opendir() in this file are not used with dirfd and fchdir,
- therefore save some unnecessary work in fchdir.c. */
-#undef opendir
-#undef closedir
-
/* The extension added to file names to produce a simple (as opposed
to numbered) backup file name. */
char const *simple_backup_suffix = "~";
/* provide a chdir function that tries not to fail due to ENAMETOOLONG
- Copyright (C) 2004, 2005, 2006, 2007, 2008 Free Software Foundation, Inc.
+ Copyright (C) 2004-2009 Free Software Foundation, Inc.
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
#include "chdir-long.h"
-#include <fcntl.h>
#include <stdlib.h>
#include <stdbool.h>
#include <string.h>
#include <stdio.h>
#include <assert.h>
-#include "openat.h"
+#include "fcntl--.h"
#ifndef PATH_MAX
# error "compile this file only if your system defines PATH_MAX"
#if ! _LIBC
# include "fcntl--.h"
-# include "openat.h"
+# include "dirent--.h"
# include "unistd--.h"
# include "same-inode.h"
#endif
-/* Copyright (C) 1991-1999, 2004-2008 Free Software Foundation, Inc.
+/* Copyright (C) 1991-1999, 2004-2009 Free Software Foundation, Inc.
This file is part of the GNU C Library.
This program is free software: you can redistribute it and/or modify
#endif
/* The results of opendir() in this file are not used with dirfd and fchdir,
- therefore save some unnecessary recursion in fchdir.c. */
+ and we do not leak fds to any single-threaded code that could use stdio,
+ therefore save some unnecessary recursion in fchdir.c.
+ FIXME - if the kernel ever adds support for multi-thread safety for
+ avoiding standard fds, then we should use opendir_safer and
+ openat_safer. */
#undef opendir
#undef closedir
\f
-/* Copyright (C) 1991-2002, 2003, 2004, 2005, 2006, 2007, 2008
+/* Copyright (C) 1991-2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009
Free Software Foundation, Inc.
This file is part of the GNU C Library.
#ifndef _LIBC
/* The results of opendir() in this file are not used with dirfd and fchdir,
- therefore save some unnecessary work in fchdir.c. */
+ and we do not leak fds to any single-threaded code that could use stdio,
+ therefore save some unnecessary recursion in fchdir.c and opendir_safer.c.
+ FIXME - if the kernel ever adds support for multi-thread safety for
+ avoiding standard fds, then we should use opendir_safer. */
# undef opendir
# undef closedir
/* Create /proc/self/fd-related names for subfiles of open directories.
- Copyright (C) 2006 Free Software Foundation, Inc.
+ Copyright (C) 2006, 2009 Free Software Foundation, Inc.
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
#include "xalloc.h"
/* The results of open() in this file are not used with fchdir,
- therefore save some unnecessary work in fchdir.c. */
+ and we do not leak fds to any single-threaded code that could use stdio,
+ therefore save some unnecessary work in fchdir.c.
+ FIXME - if the kernel ever adds support for multi-thread safety for
+ avoiding standard fds, then we should use open_safer. */
#undef open
#undef close
#include <errno.h>
-#include <dirent.h>
+#include "dirent--.h"
#ifndef _D_EXACT_NAMLEN
# define _D_EXACT_NAMLEN(dp) strlen ((dp)->d_name)
#endif
# define NAME_SIZE_DEFAULT 512
#endif
-/* The results of opendir() in this file are not used with dirfd and fchdir,
- therefore save some unnecessary work in fchdir.c. */
-#undef opendir
-#undef closedir
-
/* Return a freshly allocated string containing the file names
in directory DIRP, separated by '\0' characters;
the end is marked by two '\0' characters in a row.
# define __opendir opendir
# define __closedir closedir
# define __set_errno(val) errno = (val)
+
+/* The results of opendir() in this file are not used with dirfd and fchdir,
+ and we do not leak fds to any single-threaded code that could use stdio,
+ therefore save some unnecessary recursion in fchdir.c and opendir_safer.c.
+ FIXME - if the kernel ever adds support for multi-thread safety for
+ avoiding standard fds, then we should use opendir_safer. */
+# undef opendir
+# undef closedir
#endif
#ifndef SCANDIR_CANCEL
Depends-on:
argmatch
d-ino
+dirent-safer
dirname
memcmp
stdbool
atexit
fchdir
fcntl-h
-openat
+openat-safer
memchr
mempcpy
memrchr
cycle-check
d-ino
d-type
+dirent-safer
dirfd
fchdir
fcntl-h
i-ring
lstat
memmove
-openat
+openat-safer
stdbool
unistd-safer
m4/savedir.m4
Depends-on:
+dirent-safer
fdopendir
xalloc
projects / pspp / commitdiff