Accepting request 70370 from home:elvigia:branches:network:dhcp

- Import redhat's patch to open all needed FDs with O_CLOEXEC so they dont leak. OBS-URL: https://build.opensuse.org/request/show/70370 OBS-URL: https://build.opensuse.org/package/show/network:dhcp/dhcp?expand=0&rev=73
2011-05-17 10:54:19 +00:00 · 2011-05-17 10:54:19 +00:00 · 6441545555
commit 6441545555
parent dd686d8d98
3 changed files with 409 additions and 1 deletions
--- a/dhcp-4.2.0-CLOEXEC.patch
+++ b/dhcp-4.2.0-CLOEXEC.patch
@ -0,0 +1,400 @@
+--- client/clparse.c.orig
+++ client/clparse.c
+@@ -210,7 +210,7 @@ int read_client_conf_file (const char *n
+ 	int token;
+ 	isc_result_t status;
+ 	
+-	if ((file = open (name, O_RDONLY)) < 0)
+	if ((file = open (name, O_RDONLY | O_CLOEXEC)) < 0)
+ 		return uerr2isc (errno);
+ 
+ 	cfile = NULL;
+@@ -247,7 +247,7 @@ void read_client_leases ()
+ 
+ 	/* Open the lease file.   If we can't open it, just return -
+ 	   we can safely trust the server to remember our state. */
+-	if ((file = open (path_dhclient_db, O_RDONLY)) < 0)
+	if ((file = open (path_dhclient_db, O_RDONLY | O_CLOEXEC)) < 0)
+ 		return;
+ 
+ 	cfile = NULL;
+--- client/dhclient.c.orig
+++ client/dhclient.c
+@@ -127,11 +127,11 @@ main(int argc, char **argv) {
+ 	/* Make sure that file descriptors 0 (stdin), 1, (stdout), and
+ 	   2 (stderr) are open. To do this, we assume that when we
+ 	   open a file the lowest available file descriptor is used. */
+-	fd = open("/dev/null", O_RDWR);
+	fd = open("/dev/null", O_RDWR | O_CLOEXEC);
+ 	if (fd == 0)
+-		fd = open("/dev/null", O_RDWR);
+		fd = open("/dev/null", O_RDWR | O_CLOEXEC);
+ 	if (fd == 1)
+-		fd = open("/dev/null", O_RDWR);
+		fd = open("/dev/null", O_RDWR | O_CLOEXEC);
+ 	if (fd == 2)
+ 		log_perror = 0; /* No sense logging to /dev/null. */
+ 	else if (fd != -1)
+@@ -406,7 +406,7 @@ main(int argc, char **argv) {
+ 		int e;
+ 
+ 		oldpid = 0;
+-		if ((pidfd = fopen(path_dhclient_pid, "r")) != NULL) {
+		if ((pidfd = fopen(path_dhclient_pid, "re")) != NULL) {
+ 			e = fscanf(pidfd, "%ld\n", &temp);
+ 			oldpid = (pid_t)temp;
+ 
+@@ -2627,7 +2627,7 @@ void rewrite_client_leases ()
+ 
+ 	if (leaseFile != NULL)
+ 		fclose (leaseFile);
+-	leaseFile = fopen (path_dhclient_db, "w");
+	leaseFile = fopen (path_dhclient_db, "we");
+ 	if (leaseFile == NULL) {
+ 		log_error ("can't create %s: %m", path_dhclient_db);
+ 		return;
+@@ -2731,7 +2731,7 @@ write_duid(struct data_string *duid)
+ 		return DHCP_R_INVALIDARG;
+ 
+ 	if (leaseFile == NULL) {	/* XXX? */
+-		leaseFile = fopen(path_dhclient_db, "w");
+		leaseFile = fopen(path_dhclient_db, "we");
+ 		if (leaseFile == NULL) {
+ 			log_error("can't create %s: %m", path_dhclient_db);
+ 			return ISC_R_IOERROR;
+@@ -2779,7 +2779,7 @@ write_client6_lease(struct client_state
+ 		return DHCP_R_INVALIDARG;
+ 
+ 	if (leaseFile == NULL) {	/* XXX? */
+-		leaseFile = fopen(path_dhclient_db, "w");
+		leaseFile = fopen(path_dhclient_db, "we");
+ 		if (leaseFile == NULL) {
+ 			log_error("can't create %s: %m", path_dhclient_db);
+ 			return ISC_R_IOERROR;
+@@ -2911,7 +2911,7 @@ int write_client_lease (client, lease, r
+ 		return 1;
+ 
+ 	if (leaseFile == NULL) {	/* XXX */
+-		leaseFile = fopen (path_dhclient_db, "w");
+		leaseFile = fopen (path_dhclient_db, "we");
+ 		if (leaseFile == NULL) {
+ 			log_error ("can't create %s: %m", path_dhclient_db);
+ 			return 0;
+@@ -3400,9 +3400,9 @@ void go_daemon ()
+ 	close(2);
+ 
+ 	/* Reopen them on /dev/null. */
+-	open("/dev/null", O_RDWR);
+-	open("/dev/null", O_RDWR);
+-	open("/dev/null", O_RDWR);
+	open("/dev/null", O_RDWR | O_CLOEXEC);
+	open("/dev/null", O_RDWR | O_CLOEXEC);
+	open("/dev/null", O_RDWR | O_CLOEXEC);
+ 
+ 	write_client_pid_file ();
+ 
+@@ -3414,14 +3414,14 @@ void write_client_pid_file ()
+ 	FILE *pf;
+ 	int pfdesc;
+ 
+-	pfdesc = open (path_dhclient_pid, O_CREAT | O_TRUNC | O_WRONLY, 0644);
+	pfdesc = open (path_dhclient_pid, O_CREAT | O_TRUNC | O_WRONLY | O_CLOEXEC, 0644);
+ 
+ 	if (pfdesc < 0) {
+ 		log_error ("Can't create %s: %m", path_dhclient_pid);
+ 		return;
+ 	}
+ 
+-	pf = fdopen (pfdesc, "w");
+	pf = fdopen (pfdesc, "we");
+ 	if (!pf)
+ 		log_error ("Can't fdopen %s: %m", path_dhclient_pid);
+ 	else {
+--- common/bpf.c.orig
+++ common/bpf.c
+@@ -94,7 +94,7 @@ int if_register_bpf (info)
+ 	for (b = 0; 1; b++) {
+ 		/* %Audit% 31 bytes max. %2004.06.17,Safe% */
+ 		sprintf(filename, BPF_FORMAT, b);
+-		sock = open (filename, O_RDWR, 0);
+		sock = open (filename, O_RDWR | O_CLOEXEC, 0);
+ 		if (sock < 0) {
+ 			if (errno == EBUSY) {
+ 				continue;
+--- common/discover.c.orig
+++ common/discover.c
+@@ -409,7 +409,7 @@ begin_iface_scan(struct iface_conf_list
+ 	int len;
+ 	int i;
+ 
+-	ifaces->fp = fopen("/proc/net/dev", "r");
+	ifaces->fp = fopen("/proc/net/dev", "re");
+ 	if (ifaces->fp == NULL) {
+ 		log_error("Error opening '/proc/net/dev' to list interfaces");
+ 		return 0;
+@@ -444,7 +444,7 @@ begin_iface_scan(struct iface_conf_list
+ 
+ #ifdef DHCPv6
+ 	if (local_family == AF_INET6) {
+-		ifaces->fp6 = fopen("/proc/net/if_inet6", "r");
+		ifaces->fp6 = fopen("/proc/net/if_inet6", "re");
+ 		if (ifaces->fp6 == NULL) {
+ 			log_error("Error opening '/proc/net/if_inet6' to "
+ 				  "list IPv6 interfaces; %m");
+--- common/dlpi.c.orig
+++ common/dlpi.c
+@@ -808,7 +808,7 @@ dlpiopen(const char *ifname) {
+ 	}
+ 	*dp = '\0';
+ 	
+-	return open (devname, O_RDWR, 0);
+	return open (devname, O_RDWR | O_CLOEXEC, 0);
+ }
+ 
+ /*
+--- common/nit.c.orig
+++ common/nit.c
+@@ -81,7 +81,7 @@ int if_register_nit (info)
+ 	struct strioctl sio;
+ 
+ 	/* Open a NIT device */
+-	sock = open ("/dev/nit", O_RDWR);
+	sock = open ("/dev/nit", O_RDWR | O_CLOEXEC);
+ 	if (sock < 0)
+ 		log_fatal ("Can't open NIT device for %s: %m", info -> name);
+ 
+--- common/resolv.c.orig
+++ common/resolv.c
+@@ -49,7 +49,7 @@ void read_resolv_conf (parse_time)
+ 	struct domain_search_list *dp, *dl, *nd;
+ 	isc_result_t status;
+ 
+-	if ((file = open (path_resolv_conf, O_RDONLY)) < 0) {
+	if ((file = open (path_resolv_conf, O_RDONLY | O_CLOEXEC)) < 0) {
+ 		log_error ("Can't open %s: %m", path_resolv_conf);
+ 		return;
+ 	}
+--- common/upf.c.orig
+++ common/upf.c
+@@ -77,7 +77,7 @@ int if_register_upf (info)
+ 		/* %Audit% Cannot exceed 36 bytes. %2004.06.17,Safe% */
+ 		sprintf(filename, "/dev/pf/pfilt%d", b);
+ 
+-		sock = open (filename, O_RDWR, 0);
+		sock = open (filename, O_RDWR | O_CLOEXEC, 0);
+ 		if (sock < 0) {
+ 			if (errno == EBUSY) {
+ 				continue;
+--- dst/dst_api.c.orig
+++ dst/dst_api.c
+@@ -437,7 +437,7 @@ dst_s_write_private_key(const DST_KEY *k
+ 			     PRIVATE_KEY, PATH_MAX);
+ 
+ 	/* Do not overwrite an existing file */
+-	if ((fp = dst_s_fopen(file, "w", 0600)) != NULL) {
+	if ((fp = dst_s_fopen(file, "we", 0600)) != NULL) {
+ 		int nn;
+ 		if ((nn = fwrite(encoded_block, 1, len, fp)) != len) {
+ 			EREPORT(("dst_write_private_key(): Write failure on %s %d != %d errno=%d\n",
+@@ -494,7 +494,7 @@ dst_s_read_public_key(const char *in_nam
+ 	 * flags, proto, alg stored as decimal (or hex numbers FIXME).
+ 	 * (FIXME: handle parentheses for line continuation.)
+ 	 */
+-	if ((fp = dst_s_fopen(name, "r", 0)) == NULL) {
+	if ((fp = dst_s_fopen(name, "re", 0)) == NULL) {
+ 		EREPORT(("dst_read_public_key(): Public Key not found %s\n",
+ 			 name));
+ 		return (NULL);
+@@ -620,7 +620,7 @@ dst_s_write_public_key(const DST_KEY *ke
+ 		return (0);
+ 	}
+ 	/* create public key file */
+-	if ((fp = dst_s_fopen(filename, "w+", 0644)) == NULL) {
+	if ((fp = dst_s_fopen(filename, "w+e", 0644)) == NULL) {
+ 		EREPORT(("DST_write_public_key: open of file:%s failed (errno=%d)\n",
+ 			 filename, errno));
+ 		return (0);
+@@ -854,7 +854,7 @@ dst_s_read_private_key_file(char *name,
+ 		return (0);
+ 	}
+ 	/* first check if we can find the key file */
+-	if ((fp = dst_s_fopen(filename, "r", 0)) == NULL) {
+	if ((fp = dst_s_fopen(filename, "re", 0)) == NULL) {
+ 		EREPORT(("dst_s_read_private_key_file: Could not open file %s in directory %s\n",
+ 			 filename, dst_path[0] ? dst_path :
+ 			 (char *) getcwd(NULL, PATH_MAX - 1)));
+--- dst/prandom.c.orig
+++ dst/prandom.c
+@@ -269,7 +269,7 @@ get_dev_random(u_char *output, unsigned
+ 
+ 	s = stat("/dev/random", &st);
+ 	if (s == 0 && S_ISCHR(st.st_mode)) {
+-		if ((fd = open("/dev/random", O_RDONLY | O_NONBLOCK)) != -1) {
+		if ((fd = open("/dev/random", O_RDONLY | O_NONBLOCK | O_CLOEXEC)) != -1) {
+ 			if ((n = read(fd, output, size)) < 0)
+ 				n = 0;
+ 			close(fd);
+@@ -480,7 +480,7 @@ digest_file(dst_work *work)
+ 		work->file_digest = dst_free_key(work->file_digest);
+ 		return (0);
+ 	}
+-	if ((fp = fopen(name, "r")) == NULL) 
+	if ((fp = fopen(name, "re")) == NULL) 
+ 		return (0);
+ 	for (no = 0; (i = fread(buf, sizeof(*buf), sizeof(buf), fp)) > 0; 
+ 	     no += i) 
+--- omapip/trace.c.orig
+++ omapip/trace.c
+@@ -141,10 +141,10 @@ isc_result_t trace_begin (const char *fi
+ 		return DHCP_R_INVALIDARG;
+ 	}
+ 
+-	traceoutfile = open (filename, O_CREAT | O_WRONLY | O_EXCL, 0600);
+	traceoutfile = open (filename, O_CREAT | O_WRONLY | O_EXCL | O_CLOEXEC, 0600);
+ 	if (traceoutfile < 0 && errno == EEXIST) {
+ 		log_error ("WARNING: Overwriting trace file \"%s\"", filename);
+-		traceoutfile = open (filename, O_WRONLY | O_EXCL | O_TRUNC,
+		traceoutfile = open (filename, O_WRONLY | O_EXCL | O_TRUNC | O_CLOEXEC,
+ 				     0600);
+ 	}
+ 
+@@ -431,7 +431,7 @@ void trace_file_replay (const char *file
+ 	isc_result_t result;
+ 	int len;
+ 
+-	traceinfile = fopen (filename, "r");
+	traceinfile = fopen (filename, "re");
+ 	if (!traceinfile) {
+ 		log_error("Can't open tracefile %s: %m", filename);
+ 		return;
+--- relay/dhcrelay.c.orig
+++ relay/dhcrelay.c
+@@ -177,11 +177,11 @@ main(int argc, char **argv) {
+ 	/* Make sure that file descriptors 0(stdin), 1,(stdout), and
+ 	   2(stderr) are open. To do this, we assume that when we
+ 	   open a file the lowest available file descriptor is used. */
+-	fd = open("/dev/null", O_RDWR);
+	fd = open("/dev/null", O_RDWR | O_CLOEXEC);
+ 	if (fd == 0)
+-		fd = open("/dev/null", O_RDWR);
+		fd = open("/dev/null", O_RDWR | O_CLOEXEC);
+ 	if (fd == 1)
+-		fd = open("/dev/null", O_RDWR);
+		fd = open("/dev/null", O_RDWR | O_CLOEXEC);
+ 	if (fd == 2)
+ 		log_perror = 0; /* No sense logging to /dev/null. */
+ 	else if (fd != -1)
+@@ -520,12 +520,12 @@ main(int argc, char **argv) {
+ 			exit(0);
+ 
+ 		pfdesc = open(path_dhcrelay_pid,
+-			       O_CREAT | O_TRUNC | O_WRONLY, 0644);
+			       O_CREAT | O_TRUNC | O_WRONLY | O_CLOEXEC, 0644);
+ 
+ 		if (pfdesc < 0) {
+ 			log_error("Can't create %s: %m", path_dhcrelay_pid);
+ 		} else {
+-			pf = fdopen(pfdesc, "w");
+			pf = fdopen(pfdesc, "we");
+ 			if (!pf)
+ 				log_error("Can't fdopen %s: %m",
+ 				      path_dhcrelay_pid);
+--- server/confpars.c.orig
+++ server/confpars.c
+@@ -116,7 +116,7 @@ isc_result_t read_conf_file (const char
+ 	}
+ #endif
+ 
+-	if ((file = open (filename, O_RDONLY)) < 0) {
+	if ((file = open (filename, O_RDONLY | O_CLOEXEC)) < 0) {
+ 		if (leasep) {
+ 			log_error ("Can't open lease database %s: %m --",
+ 				   path_dhcpd_db);
+--- server/db.c.orig
+++ server/db.c
+@@ -1035,7 +1035,7 @@ void db_startup (testp)
+ 	}
+ #endif
+ 	if (!testp) {
+-		db_file = fopen (path_dhcpd_db, "a");
+		db_file = fopen (path_dhcpd_db, "ae");
+ 		if (!db_file)
+ 			log_fatal ("Can't open %s for append.", path_dhcpd_db);
+ 		expire_all_pools ();
+@@ -1074,7 +1074,7 @@ int new_lease_file ()
+ 	db_validity = lease_file_is_corrupt;
+ 
+ 	snprintf (newfname, sizeof(newfname), "%s.XXXXXX", path_dhcpd_db);
+-	db_fd = mkstemp (newfname);
+	db_fd = mkostemp (newfname, O_CLOEXEC);
+ 	if (db_fd < 0) {
+ 		log_error ("Can't create new lease file: %m");
+ 		return 0;
+@@ -1083,7 +1083,7 @@ int new_lease_file ()
+ 		log_error ("Can't fchmod new lease file: %m");
+ 		goto fail;
+ 	}
+-	if ((new_db_file = fdopen(db_fd, "w")) == NULL) {
+	if ((new_db_file = fdopen(db_fd, "we")) == NULL) {
+ 		log_error("Can't fdopen new lease file: %m");
+ 		close(db_fd);
+ 		goto fdfail;
+--- server/dhcpd.c.orig
+++ server/dhcpd.c
+@@ -272,11 +272,11 @@ main(int argc, char **argv) {
+         /* Make sure that file descriptors 0 (stdin), 1, (stdout), and
+            2 (stderr) are open. To do this, we assume that when we
+            open a file the lowest available file descriptor is used. */
+-        fd = open("/dev/null", O_RDWR);
+        fd = open("/dev/null", O_RDWR | O_CLOEXEC);
+         if (fd == 0)
+-                fd = open("/dev/null", O_RDWR);
+                fd = open("/dev/null", O_RDWR | O_CLOEXEC);
+         if (fd == 1)
+-                fd = open("/dev/null", O_RDWR);
+                fd = open("/dev/null", O_RDWR | O_CLOEXEC);
+         if (fd == 2)
+                 log_perror = 0; /* No sense logging to /dev/null. */
+         else if (fd != -1)
+@@ -800,7 +800,7 @@ main(int argc, char **argv) {
+ #endif /* PARANOIA */
+ 
+ 	/* Read previous pid file. */
+-	if ((i = open (path_dhcpd_pid, O_RDONLY)) >= 0) {
+	if ((i = open (path_dhcpd_pid, O_RDONLY | O_CLOEXEC)) >= 0) {
+ 		status = read(i, pbuf, (sizeof pbuf) - 1);
+ 		close (i);
+ 		if (status > 0) {
+@@ -818,7 +818,7 @@ main(int argc, char **argv) {
+ 	}
+ 
+         /* Write new pid file. */
+-        if ((i = open(path_dhcpd_pid, O_WRONLY|O_CREAT|O_TRUNC, 0644)) >= 0) {
+        if ((i = open(path_dhcpd_pid, O_WRONLY|O_CREAT|O_TRUNC|O_CLOEXEC, 0644)) >= 0) {
+                 sprintf(pbuf, "%d\n", (int) getpid());
+                 IGNORE_RET (write(i, pbuf, strlen(pbuf)));
+                 close(i);
+@@ -844,9 +844,9 @@ main(int argc, char **argv) {
+                 close(2);
+ 
+                 /* Reopen them on /dev/null. */
+-                open("/dev/null", O_RDWR);
+-                open("/dev/null", O_RDWR);
+-                open("/dev/null", O_RDWR);
+                open("/dev/null", O_RDWR | O_CLOEXEC);
+                open("/dev/null", O_RDWR | O_CLOEXEC);
+                open("/dev/null", O_RDWR | O_CLOEXEC);
+                 log_perror = 0; /* No sense logging to /dev/null. */
+ 
+        		IGNORE_RET (chdir("/"));
+--- server/ldap.c.orig
+++ server/ldap.c
+@@ -1098,7 +1098,7 @@ ldap_start (void)
+ 
+   if (ldap_debug_file != NULL && ldap_debug_fd == -1)
+     {
+-      if ((ldap_debug_fd = open (ldap_debug_file, O_CREAT | O_TRUNC | O_WRONLY,
+      if ((ldap_debug_fd = open (ldap_debug_file, O_CREAT | O_TRUNC | O_WRONLY | O_CLOEXEC,
+                                  S_IRUSR | S_IWUSR)) < 0)
+         log_error ("Error opening debug LDAP log file %s: %s", ldap_debug_file,
+                    strerror (errno));
--- a/dhcp.changes
+++ b/dhcp.changes
@ -1,3 +1,9 @@
+-------------------------------------------------------------------
+Tue May 17 03:58:24 UTC 2011 - crrodriguez@opensuse.org
+
+- Import redhat's patch to open all needed FDs  with O_CLOEXEC
+  so they dont leak.
+
 -------------------------------------------------------------------
 Thu May 12 08:39:03 UTC 2011 - mt@suse.de

--- a/dhcp.spec
+++ b/dhcp.spec
@ -87,6 +87,7 @@ Patch40:        dhcp-4.1.1-P1-lpf-bind-msg-fix.diff
 Patch41:        dhcp-4.1.1-P1-relay-no-ip-on-interface.diff
 Patch44:        dhcp-4.2.0-xen-checksum.patch
 Patch45:        dhcp-4.2.1-P1-dhclient-option-checks.bnc675052.diff
+Patch46:        dhcp-4.2.0-CLOEXEC.patch
 ##
 PreReq:         /bin/touch /sbin/chkconfig sysconfig
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
@ -227,12 +228,13 @@ Authors:
 %patch41 -p1
 %patch44 -p1
 %patch45 -p1
+%patch46
 ##
 find . -type f -name \*.cat\* -exec rm -f {} \;
 dos2unix contrib/ms2isc/*

 %build
-CFLAGS="$RPM_OPT_FLAGS -W -Wall -fno-strict-aliasing -Wno-unused"
+CFLAGS="$RPM_OPT_FLAGS -D_GNU_SOURCE -W -Wall -fno-strict-aliasing -Wno-unused"
 %ifarch ppc ppc64 s390x
  # bugs 134590, 171532
  CFLAGS="$CFLAGS -fsigned-char"