mirrors/git
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge branch 'tr/protect-low-3-fds'

Browse Source 
When "git" is spawned in such a way that any of the low 3 file
descriptors is closed, our first open() may yield file descriptor 2,
and writing error message to it would screw things up in a big way.

* tr/protect-low-3-fds:
  git: ensure 0/1/2 are open in main()
  daemon/shell: refactor redirection of 0/1/2 from /dev/null
This commit is contained in:
Junio C Hamano
2013-07-22 11:23:35 -07:00
parent 5701c3d701 a11c39646c
commit cb29dfde48
5 changed files with 24 additions and 21 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
cache.h
View File

@ -425,6 +425,8 @@ extern int path_inside_repo(const char *prefix, const char *path);
extern int set_git_dir_init(const char *git_dir, const char *real_git_dir, int); extern int set_git_dir_init(const char *git_dir, const char *real_git_dir, int);
extern int init_db(const char *template_dir, unsigned int flags); extern int init_db(const char *template_dir, unsigned int flags);
extern void sanitize_stdfds(void);
#define alloc_nr(x) (((x)+16)*3/2) #define alloc_nr(x) (((x)+16)*3/2)
/* /*

12
daemon.c
View File

@ -1047,18 +1047,6 @@ static int service_loop(struct socketlist *socklist)
} }
} }
/* if any standard file descriptor is missing open it to /dev/null */
static void sanitize_stdfds(void)
{
int fd = open("/dev/null", O_RDWR, 0);
while (fd != -1 && fd < 2)
fd = dup(fd);
if (fd == -1)
die_errno("open /dev/null or dup failed");
if (fd > 2)
close(fd);
}
#ifdef NO_POSIX_GOODIES #ifdef NO_POSIX_GOODIES
struct credentials; struct credentials;

7
git.c
View File

@ -525,6 +525,13 @@ int main(int argc, char **av)
if (!cmd) if (!cmd)
cmd = "git-help"; cmd = "git-help";
/*
* Always open file descriptors 0/1/2 to avoid clobbering files
* in die(). It also avoids messing up when the pipes are dup'ed
* onto stdin/stdout/stderr in the child processes we spawn.
*/
sanitize_stdfds();
git_setup_gettext(); git_setup_gettext();
/* /*

12
setup.c
View File

@ -908,3 +908,15 @@ const char *resolve_gitdir(const char *suspect)
return suspect; return suspect;
return read_gitfile(suspect); return read_gitfile(suspect);
} }
/* if any standard file descriptor is missing open it to /dev/null */
void sanitize_stdfds(void)
{
int fd = open("/dev/null", O_RDWR, 0);
while (fd != -1 && fd < 2)
fd = dup(fd);
if (fd == -1)
die_errno("open /dev/null or dup failed");
if (fd > 2)
close(fd);
}

12
shell.c
View File

@ -147,7 +147,6 @@ int main(int argc, char **argv)
char *prog; char *prog;
const char **user_argv; const char **user_argv;
struct commands *cmd; struct commands *cmd;
int devnull_fd;
int count; int count;
git_setup_gettext(); git_setup_gettext();
@ -156,15 +155,10 @@ int main(int argc, char **argv)
/* /*
* Always open file descriptors 0/1/2 to avoid clobbering files * Always open file descriptors 0/1/2 to avoid clobbering files
* in die(). It also avoids not messing up when the pipes are * in die(). It also avoids messing up when the pipes are dup'ed
* dup'ed onto stdin/stdout/stderr in the child processes we spawn. * onto stdin/stdout/stderr in the child processes we spawn.
*/ */
devnull_fd = open("/dev/null", O_RDWR); sanitize_stdfds();
while (devnull_fd >= 0 && devnull_fd <= 2)
devnull_fd = dup(devnull_fd);
if (devnull_fd == -1)
die_errno("opening /dev/null failed");
close (devnull_fd);
/* /*
* Special hack to pretend to be a CVS server * Special hack to pretend to be a CVS server