pool/pciutils
SHA256
2
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Accepting request 91418 from home:elvigia:branches:Base:System

Browse Source 
- open all file descriptors with O_CLOEXEC,specially important
  on libpci and calling apps may fork() and we end up leaking
  information to child processes.

OBS-URL: https://build.opensuse.org/request/show/91418
OBS-URL: https://build.opensuse.org/package/show/Base:System/pciutils?expand=0&rev=30
This commit is contained in:
Andreas Jaeger 2011-11-15 11:53:33 +00:00 committed by Git OBS Bridge
parent a52c05f558
commit f5bbcbb382
3 changed files with 130 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

118
pciutils-ocloexec.patch Normal file
View File

@ -0,0 +1,118 @@
--- lib/dump.c.orig
+++ lib/dump.c
@@ -64,7 +64,7 @@ dump_init(struct pci_access *a)
if (!a)
a->error("dump: File name not given.");
- if (!(f = fopen(name, "r")))
+ if (!(f = fopen(name, "re")))
a->error("dump: Cannot open %s: %s", name, strerror(errno));
while (fgets(buf, sizeof(buf)-1, f))
{
--- lib/proc.c.orig
+++ lib/proc.c
@@ -62,7 +62,7 @@ proc_scan(struct pci_access *a)
if (snprintf(buf, sizeof(buf), "%s/devices", pci_get_param(a, "proc.path")) == sizeof(buf))
a->error("File name too long");
- f = fopen(buf, "r");
+ f = fopen(buf, "re");
if (!f)
a->error("Cannot open %s", buf);
while (fgets(buf, sizeof(buf)-1, f))
@@ -129,7 +129,7 @@ proc_setup(struct pci_dev *d, int rw)
if (e < 0 || e >= (int) sizeof(buf))
a->error("File name too long");
a->fd_rw = a->writeable || rw;
- a->fd = open(buf, a->fd_rw ? O_RDWR : O_RDONLY);
+ a->fd = open(buf, (a->fd_rw ? O_RDWR : O_RDONLY) | O_CLOEXEC);
if (a->fd < 0)
{
e = snprintf(buf, sizeof(buf), "%s/%04x:%02x/%02x.%d",
@@ -137,7 +137,7 @@ proc_setup(struct pci_dev *d, int rw)
d->domain, d->bus, d->dev, d->func);
if (e < 0 || e >= (int) sizeof(buf))
a->error("File name too long");
- a->fd = open(buf, a->fd_rw ? O_RDWR : O_RDONLY);
+ a->fd = open(buf, (a->fd_rw ? O_RDWR : O_RDONLY) | O_CLOEXEC);
}
if (a->fd < 0)
a->warning("Cannot open %s", buf);
--- lib/names-parse.c.orig
+++ lib/names-parse.c
@@ -52,7 +52,7 @@ static pci_file pci_open(struct pci_acce
typedef FILE * pci_file;
#define pci_gets(f, l, s) fgets(l, s, f)
#define pci_eof(f) feof(f)
-#define pci_open(a) fopen(a->id_file_name, "r")
+#define pci_open(a) fopen(a->id_file_name, "re")
#define pci_close(f) fclose(f)
#define PCI_ERROR(f, err) if (!err && ferror(f)) err = "I/O error";
#endif
--- lib/names-cache.c.orig
+++ lib/names-cache.c
@@ -62,7 +62,7 @@ pci_id_cache_load(struct pci_access *a,
return 0;
}
- f = fopen(name, "rb");
+ f = fopen(name, "rbe");
if (!f)
{
a->debug("Cache file does not exist\n");
@@ -135,7 +135,7 @@ pci_id_cache_flush(struct pci_access *a)
tmpname = pci_malloc(a, strlen(name) + strlen(hostname) + 64);
sprintf(tmpname, "%s.tmp-%s-%d", name, hostname, this_pid);
- f = fopen(tmpname, "wb");
+ f = fopen(tmpname, "wbe");
if (!f)
{
a->warning("Cannot write to %s: %s", name, strerror(errno));
--- lib/sysfs.c.orig
+++ lib/sysfs.c
@@ -93,7 +93,7 @@ sysfs_get_value(struct pci_dev *d, char
char namebuf[OBJNAMELEN], buf[256];
sysfs_obj_name(d, object, namebuf);
- fd = open(namebuf, O_RDONLY);
+ fd = open(namebuf, O_RDONLY|O_CLOEXEC);
if (fd < 0)
a->error("Cannot open %s: %s", namebuf, strerror(errno));
n = read(fd, buf, sizeof(buf));
@@ -115,7 +115,7 @@ sysfs_get_resources(struct pci_dev *d)
int i;
sysfs_obj_name(d, "resource", namebuf);
- file = fopen(namebuf, "r");
+ file = fopen(namebuf, "re");
if (!file)
a->error("Cannot open %s: %s", namebuf, strerror(errno));
for (i = 0; i < 7; i++)
@@ -220,7 +220,7 @@ sysfs_fill_slots(struct pci_access *a)
n = snprintf(namebuf, OBJNAMELEN, "%s/%s/%s", dirname, entry->d_name, "address");
if (n < 0 || n >= OBJNAMELEN)
a->error("File name too long");
- file = fopen(namebuf, "r");
+ file = fopen(namebuf, "re");
/*
* Old versions of Linux had a fakephp which didn't have an 'address'
* file. There's no useful information to be gleaned from these
@@ -283,7 +283,7 @@ sysfs_setup(struct pci_dev *d, int inten
if (a->fd_vpd < 0)
{
sysfs_obj_name(d, "vpd", namebuf);
- a->fd_vpd = open(namebuf, O_RDONLY);
+ a->fd_vpd = open(namebuf, O_RDONLY|O_CLOEXEC);
/* No warning on error; vpd may be absent or accessible only to root */
}
return a->fd_vpd;
@@ -293,7 +293,7 @@ sysfs_setup(struct pci_dev *d, int inten
{
sysfs_obj_name(d, "config", namebuf);
a->fd_rw = a->writeable || intent == SETUP_WRITE_CONFIG;
- a->fd = open(namebuf, a->fd_rw ? O_RDWR : O_RDONLY);
+ a->fd = open(namebuf, (a->fd_rw ? O_RDWR : O_RDONLY) | O_CLOEXEC);
if (a->fd < 0)
a->warning("Cannot open %s", namebuf);
a->fd_pos = 0;

7
pciutils.changes
View File

@ -1,3 +1,10 @@
-------------------------------------------------------------------
Mon Nov 14 22:34:42 UTC 2011 - crrodriguez@opensuse.org
- open all file descriptors with O_CLOEXEC,specially important
on libpci and calling apps may fork() and we end up leaking
information to child processes.
-------------------------------------------------------------------
Mon Mar 21 16:52:43 UTC 2011 - coolo@novell.com

8
pciutils.spec
View File

@ -1,7 +1,7 @@
#
# spec file for package pciutils (Version 3.1.7)
# spec file for package pciutils
#
# Copyright (c) 2010 SUSE LINUX Products GmbH, Nuernberg, Germany.
# Copyright (c) 2011 SUSE LINUX Products GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@ -20,7 +20,7 @@
Name: pciutils
Version: 3.1.7
Release: 7
Release: 11
BuildRequires: zlib-devel
BuildRequires: pkg-config
Requires: pciutils-ids
@ -39,6 +39,7 @@ Source1: COPYING
Source2: baselibs.conf
Patch: update-pciutils-dist
Patch1: %{name}-%{version}_pkgconfig.patch
Patch2: pciutils-ocloexec.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-build
%description
@ -84,6 +85,7 @@ Authors:
%setup -q
%patch -p1
%patch1
%patch2
%build
make %{?_smp_mflags} OPT="$RPM_OPT_FLAGS -Wall" PREFIX=%{_prefix} LIBDIR=/%{_lib} SBINDIR=/sbin STRIP="" SHARED="yes"