luc14n0/glib
1
0
Fork 0
mirror of https://gitlab.gnome.org/GNOME/glib.git synced 2025-01-23 12:41:50 +01:00
Code Issues Packages Projects Releases Wiki Activity

Use O_CLOEXEC in {g_,}open () calls for race-free setting of the close-on-exec flag

Browse Source 
The remaining call sites are either Windows-only, between fork () and
exec () or in xdgmime copylib.

Hope I haven't missed any site.
This commit is contained in:
Maciej S. Szmigiero 2023-02-19 16:22:22 +01:00 committed by Philip Withnall
parent 0f5d274871
commit 3f2e18b07c
10 changed files with 56 additions and 24 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
gio/gdbusauthmechanismsha1.c
View File

@ -37,6 +37,10 @@
#include "gwin32sid.h" #include "gwin32sid.h"
#endif #endif
#ifndef O_CLOEXEC
#define O_CLOEXEC 0
#endif
#include "gdbusauthmechanismsha1.h" #include "gdbusauthmechanismsha1.h"
#include "gcredentials.h" #include "gcredentials.h"
#include "gdbuserror.h" #include "gdbuserror.h"
@ -519,7 +523,7 @@ create_lock_exclusive (const gchar *lock_path,
int errsv; int errsv;
gint ret; gint ret;
ret = g_open (lock_path, O_CREAT | O_EXCL, 0600); ret = g_open (lock_path, O_CREAT | O_EXCL | O_CLOEXEC, 0600);
errsv = errno; errsv = errno;
if (ret < 0) if (ret < 0)
{ {

12
gio/glocalfile.c
View File

@ -51,6 +51,10 @@
#define O_BINARY 0 #define O_BINARY 0
#endif #endif
#ifndef O_CLOEXEC
#define O_CLOEXEC 0
#endif
#include "gfileattribute.h" #include "gfileattribute.h"
#include "glocalfile.h" #include "glocalfile.h"
#include "glocalfileinfo.h" #include "glocalfileinfo.h"
@ -1352,7 +1356,7 @@ g_local_file_read (GFile *file,
int fd, ret; int fd, ret;
GLocalFileStat buf; GLocalFileStat buf;
fd = g_open (local->filename, O_RDONLY|O_BINARY, 0); fd = g_open (local->filename, O_RDONLY | O_BINARY | O_CLOEXEC, 0);
if (fd == -1) if (fd == -1)
{ {
int errsv = errno; int errsv = errno;
@ -2227,7 +2231,7 @@ g_local_file_trash (GFile *file,
infofile = g_build_filename (infodir, infoname, NULL); infofile = g_build_filename (infodir, infoname, NULL);
g_free (infoname); g_free (infoname);
fd = g_open (infofile, O_CREAT | O_EXCL, 0666); fd = g_open (infofile, O_CREAT | O_EXCL | O_CLOEXEC, 0666);
errsv = errno; errsv = errno;
} while (fd == -1 && errsv == EEXIST); } while (fd == -1 && errsv == EEXIST);
@ -2881,9 +2885,9 @@ g_local_file_measure_size_of_file (gint parent_fd,
#ifdef AT_FDCWD #ifdef AT_FDCWD
#ifdef HAVE_OPEN_O_DIRECTORY #ifdef HAVE_OPEN_O_DIRECTORY
dir_fd = openat (parent_fd, name->data, O_RDONLY|O_DIRECTORY); dir_fd = openat (parent_fd, name->data, O_RDONLY | O_DIRECTORY | O_CLOEXEC);
#else #else
dir_fd = openat (parent_fd, name->data, O_RDONLY); dir_fd = openat (parent_fd, name->data, O_RDONLY | O_CLOEXEC);
#endif #endif
errsv = errno; errsv = errno;
if (dir_fd < 0) if (dir_fd < 0)

8
gio/glocalfileinfo.c
View File

@ -92,6 +92,10 @@
#endif #endif
#endif #endif
#ifndef O_CLOEXEC
#define O_CLOEXEC 0
#endif
#include "glocalfileinfo.h" #include "glocalfileinfo.h"
#include "gioerror.h" #include "gioerror.h"
#include "gthemedicon.h" #include "gthemedicon.h"
@ -1391,11 +1395,11 @@ get_content_type (const char *basename,
sniff_length = 4096; sniff_length = 4096;
#ifdef O_NOATIME #ifdef O_NOATIME
fd = g_open (path, O_RDONLY | O_NOATIME, 0); fd = g_open (path, O_RDONLY | O_NOATIME | O_CLOEXEC, 0);
errsv = errno; errsv = errno;
if (fd < 0 && errsv == EPERM) if (fd < 0 && errsv == EPERM)
#endif #endif
fd = g_open (path, O_RDONLY, 0); fd = g_open (path, O_RDONLY | O_CLOEXEC, 0);
if (fd != -1) if (fd != -1)
{ {

16
gio/glocalfileoutputstream.c
View File

@ -700,7 +700,7 @@ _g_local_file_output_stream_open (const char *filename,
if (g_cancellable_set_error_if_cancelled (cancellable, error)) if (g_cancellable_set_error_if_cancelled (cancellable, error))
return NULL; return NULL;
open_flags = O_BINARY; open_flags = O_BINARY | O_CLOEXEC;
if (readable) if (readable)
open_flags |= O_RDWR; open_flags |= O_RDWR;
else else
@ -737,7 +737,7 @@ _g_local_file_output_stream_create (const char *filename,
mode = mode_from_flags_or_info (flags, reference_info); mode = mode_from_flags_or_info (flags, reference_info);
open_flags = O_CREAT | O_EXCL | O_BINARY; open_flags = O_CREAT | O_EXCL | O_BINARY | O_CLOEXEC;
if (readable) if (readable)
open_flags |= O_RDWR; open_flags |= O_RDWR;
else else
@ -762,7 +762,7 @@ _g_local_file_output_stream_append (const char *filename,
else else
mode = 0666; mode = 0666;
return output_stream_open (filename, O_CREAT | O_APPEND | O_WRONLY | O_BINARY, mode, return output_stream_open (filename, O_CREAT | O_APPEND | O_WRONLY | O_BINARY | O_CLOEXEC, mode,
cancellable, error); cancellable, error);
} }
@ -865,9 +865,9 @@ handle_overwrite_open (const char *filename,
/* We only need read access to the original file if we are creating a backup. /* We only need read access to the original file if we are creating a backup.
* We also add O_CREAT to avoid a race if the file was just removed */ * We also add O_CREAT to avoid a race if the file was just removed */
if (create_backup || readable) if (create_backup || readable)
open_flags = O_RDWR | O_CREAT | O_BINARY; open_flags = O_RDWR | O_CREAT | O_BINARY | O_CLOEXEC;
else else
open_flags = O_WRONLY | O_CREAT | O_BINARY; open_flags = O_WRONLY | O_CREAT | O_BINARY | O_CLOEXEC;
/* Some systems have O_NOFOLLOW, which lets us avoid some races /* Some systems have O_NOFOLLOW, which lets us avoid some races
* when finding out if the file we opened was a symlink */ * when finding out if the file we opened was a symlink */
@ -1113,7 +1113,7 @@ handle_overwrite_open (const char *filename,
} }
bfd = g_open (backup_filename, bfd = g_open (backup_filename,
O_WRONLY | O_CREAT | O_EXCL | O_BINARY, O_WRONLY | O_CREAT | O_EXCL | O_BINARY | O_CLOEXEC,
_g_stat_mode (&original_stat) & 0777); _g_stat_mode (&original_stat) & 0777);
if (bfd == -1) if (bfd == -1)
@ -1208,9 +1208,9 @@ handle_overwrite_open (const char *filename,
} }
if (readable) if (readable)
open_flags = O_RDWR | O_CREAT | O_BINARY; open_flags = O_RDWR | O_CREAT | O_BINARY | O_CLOEXEC;
else else
open_flags = O_WRONLY | O_CREAT | O_BINARY; open_flags = O_WRONLY | O_CREAT | O_BINARY | O_CLOEXEC;
fd = g_open (filename, open_flags, mode); fd = g_open (filename, open_flags, mode);
if (fd == -1) if (fd == -1)
{ {

6
gio/kqueue/gkqueuefilemonitor.c
View File

@ -32,6 +32,10 @@
#include <fcntl.h> #include <fcntl.h>
#include <string.h> #include <string.h>
#ifndef O_CLOEXEC
#define O_CLOEXEC 0
#endif
#include <glib-object.h> #include <glib-object.h>
#include <glib/gfileutils.h> #include <glib/gfileutils.h>
#include <gio/gfilemonitor.h> #include <gio/gfilemonitor.h>
@ -583,7 +587,7 @@ _kqsub_start_watching (kqueue_sub *sub)
struct stat st; struct stat st;
struct kevent ev; struct kevent ev;
sub->fd = open (sub->filename, O_KQFLAG); sub->fd = open (sub->filename, O_KQFLAG | O_CLOEXEC);
if (sub->fd == -1) if (sub->fd == -1)
return FALSE; return FALSE;

6
glib/gfileutils.c
View File

@ -329,7 +329,7 @@ g_mkdir_with_parents (const gchar *pathname,
* } * }
* *
* // DO THIS INSTEAD * // DO THIS INSTEAD
* fd = g_open (filename, O_WRONLY | O_NOFOLLOW); * fd = g_open (filename, O_WRONLY | O_NOFOLLOW | O_CLOEXEC);
* if (fd == -1) * if (fd == -1)
* { * {
* // check error * // check error
@ -908,7 +908,7 @@ get_contents_posix (const gchar *filename,
gint fd; gint fd;
/* O_BINARY useful on Cygwin */ /* O_BINARY useful on Cygwin */
fd = open (filename, O_RDONLY|O_BINARY); fd = open (filename, O_RDONLY | O_BINARY | O_CLOEXEC);
if (fd < 0) if (fd < 0)
{ {
@ -1083,7 +1083,7 @@ rename_file (const char *old_name,
if (do_fsync) if (do_fsync)
{ {
gchar *dir = g_path_get_dirname (new_name); gchar *dir = g_path_get_dirname (new_name);
int dir_fd = g_open (dir, O_RDONLY, 0); int dir_fd = g_open (dir, O_RDONLY | O_CLOEXEC, 0);
if (dir_fd >= 0) if (dir_fd >= 0)
{ {

6
glib/giounix.c
View File

@ -44,6 +44,10 @@
#include <fcntl.h> #include <fcntl.h>
#include <glib/gstdio.h> #include <glib/gstdio.h>
#ifndef O_CLOEXEC
#define O_CLOEXEC 0
#endif
#include "giochannel.h" #include "giochannel.h"
#include "gerror.h" #include "gerror.h"
@ -527,7 +531,7 @@ g_io_channel_new_file (const gchar *filename,
create_mode = S_IRUSR | S_IWUSR | S_IRGRP | S_IWGRP | S_IROTH | S_IWOTH; create_mode = S_IRUSR | S_IWUSR | S_IRGRP | S_IWGRP | S_IROTH | S_IWOTH;
fid = g_open (filename, flags, create_mode); fid = g_open (filename, flags | O_CLOEXEC, create_mode);
if (fid == -1) if (fid == -1)
{ {
int err = errno; int err = errno;

8
glib/gkeyfile.c
View File

@ -53,6 +53,10 @@
#endif /* G_OS_WIN23 */ #endif /* G_OS_WIN23 */
#ifndef O_CLOEXEC
#define O_CLOEXEC 0
#endif
#include "gconvert.h" #include "gconvert.h"
#include "gdataset.h" #include "gdataset.h"
#include "gerror.h" #include "gerror.h"
@ -761,7 +765,7 @@ find_file_in_data_dirs (const gchar *file,
path = g_build_filename (data_dir, sub_dir, path = g_build_filename (data_dir, sub_dir,
candidate_file, NULL); candidate_file, NULL);
fd = g_open (path, O_RDONLY, 0); fd = g_open (path, O_RDONLY | O_CLOEXEC, 0);
if (fd == -1) if (fd == -1)
{ {
@ -917,7 +921,7 @@ g_key_file_load_from_file (GKeyFile *key_file,
g_return_val_if_fail (key_file != NULL, FALSE); g_return_val_if_fail (key_file != NULL, FALSE);
g_return_val_if_fail (file != NULL, FALSE); g_return_val_if_fail (file != NULL, FALSE);
fd = g_open (file, O_RDONLY, 0); fd = g_open (file, O_RDONLY | O_CLOEXEC, 0);
errsv = errno; errsv = errno;
if (fd == -1) if (fd == -1)

6
glib/gmappedfile.c
View File

@ -50,6 +50,10 @@
#endif #endif
#ifndef O_CLOEXEC
#define O_CLOEXEC 0
#endif
#include "gconvert.h" #include "gconvert.h"
#include "gerror.h" #include "gerror.h"
#include "gfileutils.h" #include "gfileutils.h"
@ -252,7 +256,7 @@ g_mapped_file_new (const gchar *filename,
g_return_val_if_fail (filename != NULL, NULL); g_return_val_if_fail (filename != NULL, NULL);
g_return_val_if_fail (!error || *error == NULL, NULL); g_return_val_if_fail (!error || *error == NULL, NULL);
fd = g_open (filename, (writable ? O_RDWR : O_RDONLY) | _O_BINARY, 0); fd = g_open (filename, (writable ? O_RDWR : O_RDONLY) | _O_BINARY | O_CLOEXEC, 0);
if (fd == -1) if (fd == -1)
{ {
int save_errno = errno; int save_errno = errno;

6
gmodule/gmodule.c
View File

@ -45,6 +45,10 @@
#include <io.h> /* For open() and close() prototypes. */ #include <io.h> /* For open() and close() prototypes. */
#endif #endif
#ifndef O_CLOEXEC
#define O_CLOEXEC 0
#endif
#include "gmoduleconf.h" #include "gmoduleconf.h"
#include "gstdio.h" #include "gstdio.h"
@ -388,7 +392,7 @@ parse_libtool_archive (const gchar* libtool_name)
GTokenType token; GTokenType token;
GScanner *scanner; GScanner *scanner;
int fd = g_open (libtool_name, O_RDONLY, 0); int fd = g_open (libtool_name, O_RDONLY | O_CLOEXEC, 0);
if (fd < 0) if (fd < 0)
{ {
gchar *display_libtool_name = g_filename_display_name (libtool_name); gchar *display_libtool_name = g_filename_display_name (libtool_name);