dhcp/0011-dhcp-4.2.6-close-on-exec.patch

From ecb183516cf0b51ebf0a02f3b46248479fa51e43 Mon Sep 17 00:00:00 2001
From: Marius Tomaschewski <mt@suse.de>
Date: Thu, 18 Aug 2011 14:09:06 +0200
Subject: [PATCH] dhcp-4.2.6-close-on-exec

Merged fixed close-on-exec patch (bnc#732910)

References: bnc#732910
Signed-off-by: Marius Tomaschewski <mt@suse.de>

diff --git a/client/clparse.c b/client/clparse.c
index 320c42f..b7e4251 100644
--- a/client/clparse.c
+++ b/client/clparse.c
@@ -221,7 +221,7 @@ int read_client_conf_file (const char *name, struct interface_info *ip,
 	int token;
 	isc_result_t status;
 
-	if ((file = open (name, O_RDONLY)) < 0)
+	if ((file = open (name, O_RDONLY | O_CLOEXEC)) < 0)
 		return uerr2isc (errno);
 
 	cfile = NULL;
@@ -297,7 +297,7 @@ void read_client_leases ()
 
 	/* Open the lease file.   If we can't open it, just return -
 	   we can safely trust the server to remember our state. */
-	if ((file = open (path_dhclient_db, O_RDONLY)) < 0)
+	if ((file = open (path_dhclient_db, O_RDONLY | O_CLOEXEC)) < 0)
 		return;
 
 	cfile = NULL;
diff --git a/client/dhclient.c b/client/dhclient.c
index a077b48..ac36e3d 100644
--- a/client/dhclient.c
+++ b/client/dhclient.c
@@ -438,7 +438,7 @@ main(int argc, char **argv) {
 		long temp;
 		int e;
 
-		if ((pidfd = fopen(path_dhclient_pid, "r")) != NULL) {
+		if ((pidfd = fopen(path_dhclient_pid, "re")) != NULL) {
 			e = fscanf(pidfd, "%ld\n", &temp);
 			oldpid = (pid_t)temp;
 
@@ -2840,7 +2840,7 @@ void rewrite_client_leases ()
 
 	if (leaseFile != NULL)
 		fclose (leaseFile);
-	leaseFile = fopen (path_dhclient_db, "w");
+	leaseFile = fopen (path_dhclient_db, "we");
 	if (leaseFile == NULL) {
 		log_error ("can't create %s: %m", path_dhclient_db);
 		return;
@@ -3033,7 +3033,7 @@ write_duid(struct data_string *duid)
 		return DHCP_R_INVALIDARG;
 
 	if (leaseFile == NULL) {	/* XXX? */
-		leaseFile = fopen(path_dhclient_db, "w");
+		leaseFile = fopen(path_dhclient_db, "we");
 		if (leaseFile == NULL) {
 			log_error("can't create %s: %m", path_dhclient_db);
 			return ISC_R_IOERROR;
@@ -3081,7 +3081,7 @@ write_client6_lease(struct client_state *client, struct dhc6_lease *lease,
 		return DHCP_R_INVALIDARG;
 
 	if (leaseFile == NULL) {	/* XXX? */
-		leaseFile = fopen(path_dhclient_db, "w");
+		leaseFile = fopen(path_dhclient_db, "we");
 		if (leaseFile == NULL) {
 			log_error("can't create %s: %m", path_dhclient_db);
 			return ISC_R_IOERROR;
@@ -3213,7 +3213,7 @@ int write_client_lease (client, lease, rewrite, makesure)
 		return 1;
 
 	if (leaseFile == NULL) {	/* XXX */
-		leaseFile = fopen (path_dhclient_db, "w");
+		leaseFile = fopen (path_dhclient_db, "we");
 		if (leaseFile == NULL) {
 			log_error ("can't create %s: %m", path_dhclient_db);
 			return 0;
diff --git a/common/bpf.c b/common/bpf.c
index 39d4f45..df9facc 100644
--- a/common/bpf.c
+++ b/common/bpf.c
@@ -95,7 +95,7 @@ int if_register_bpf (info)
 	for (b = 0; 1; b++) {
 		/* %Audit% 31 bytes max. %2004.06.17,Safe% */
 		sprintf(filename, BPF_FORMAT, b);
-		sock = open (filename, O_RDWR, 0);
+		sock = open (filename, O_RDWR | O_CLOEXEC, 0);
 		if (sock < 0) {
 			if (errno == EBUSY) {
 				continue;
diff --git a/common/discover.c b/common/discover.c
index 3cd64a7..37af780 100644
--- a/common/discover.c
+++ b/common/discover.c
@@ -415,7 +415,7 @@ begin_iface_scan(struct iface_conf_list *ifaces) {
 	int len;
 	int i;
 
-	ifaces->fp = fopen("/proc/net/dev", "r");
+	ifaces->fp = fopen("/proc/net/dev", "re");
 	if (ifaces->fp == NULL) {
 		log_error("Error opening '/proc/net/dev' to list interfaces");
 		return 0;
@@ -450,7 +450,7 @@ begin_iface_scan(struct iface_conf_list *ifaces) {
 
 #ifdef DHCPv6
 	if (local_family == AF_INET6) {
-		ifaces->fp6 = fopen("/proc/net/if_inet6", "r");
+		ifaces->fp6 = fopen("/proc/net/if_inet6", "re");
 		if (ifaces->fp6 == NULL) {
 			log_error("Error opening '/proc/net/if_inet6' to "
 				  "list IPv6 interfaces; %m");
diff --git a/common/dlpi.c b/common/dlpi.c
index c34adc3..944f21c 100644
--- a/common/dlpi.c
+++ b/common/dlpi.c
@@ -804,7 +804,7 @@ dlpiopen(const char *ifname) {
 	}
 	*dp = '\0';
 	
-	return open (devname, O_RDWR, 0);
+	return open (devname, O_RDWR | O_CLOEXEC, 0);
 }
 
 /*
diff --git a/common/nit.c b/common/nit.c
index 316e85f..6aa778b 100644
--- a/common/nit.c
+++ b/common/nit.c
@@ -75,7 +75,7 @@ int if_register_nit (info)
 	struct strioctl sio;
 
 	/* Open a NIT device */
-	sock = open ("/dev/nit", O_RDWR);
+	sock = open ("/dev/nit", O_RDWR | O_CLOEXEC);
 	if (sock < 0)
 		log_fatal ("Can't open NIT device for %s: %m", info -> name);
 
diff --git a/common/resolv.c b/common/resolv.c
index 526cebf..2ac8d43 100644
--- a/common/resolv.c
+++ b/common/resolv.c
@@ -44,7 +44,7 @@ void read_resolv_conf (parse_time)
 	struct domain_search_list *dp, *dl, *nd;
 	isc_result_t status;
 
-	if ((file = open (path_resolv_conf, O_RDONLY)) < 0) {
+	if ((file = open (path_resolv_conf, O_RDONLY | O_CLOEXEC)) < 0) {
 		log_error ("Can't open %s: %m", path_resolv_conf);
 		return;
 	}
diff --git a/common/upf.c b/common/upf.c
index 34011eb..77d5878 100644
--- a/common/upf.c
+++ b/common/upf.c
@@ -71,7 +71,7 @@ int if_register_upf (info)
 		/* %Audit% Cannot exceed 36 bytes. %2004.06.17,Safe% */
 		sprintf(filename, "/dev/pf/pfilt%d", b);
 
-		sock = open (filename, O_RDWR, 0);
+		sock = open (filename, O_RDWR | O_CLOEXEC, 0);
 		if (sock < 0) {
 			if (errno == EBUSY) {
 				continue;
diff --git a/omapip/trace.c b/omapip/trace.c
index f4115c1..4410c35 100644
--- a/omapip/trace.c
+++ b/omapip/trace.c
@@ -138,10 +138,10 @@ isc_result_t trace_begin (const char *filename,
 		return DHCP_R_INVALIDARG;
 	}
 
-	traceoutfile = open (filename, O_CREAT | O_WRONLY | O_EXCL, 0600);
+	traceoutfile = open (filename, O_CREAT | O_WRONLY | O_EXCL | O_CLOEXEC, 0600);
 	if (traceoutfile < 0 && errno == EEXIST) {
 		log_error ("WARNING: Overwriting trace file \"%s\"", filename);
-		traceoutfile = open (filename, O_WRONLY | O_EXCL | O_TRUNC,
+		traceoutfile = open (filename, O_WRONLY | O_EXCL | O_TRUNC | O_CLOEXEC,
 				     0600);
 	}
 
@@ -429,7 +429,7 @@ void trace_file_replay (const char *filename)
 	isc_result_t result;
 	int len;
 
-	traceinfile = fopen (filename, "r");
+	traceinfile = fopen (filename, "re");
 	if (!traceinfile) {
 		log_error("Can't open tracefile %s: %m", filename);
 		return;
diff --git a/relay/dhcrelay.c b/relay/dhcrelay.c
index 15b4997..9d39fae 100644
--- a/relay/dhcrelay.c
+++ b/relay/dhcrelay.c
@@ -558,13 +558,14 @@ main(int argc, char **argv) {
 
 		if (no_pid_file == ISC_FALSE) {
 			pfdesc = open(path_dhcrelay_pid,
-				      O_CREAT | O_TRUNC | O_WRONLY, 0644);
+				      O_CREAT | O_TRUNC | O_WRONLY |
+				      O_CLOEXEC, 0644);
 
 			if (pfdesc < 0) {
 				log_error("Can't create %s: %m",
 					  path_dhcrelay_pid);
 			} else {
-				pf = fdopen(pfdesc, "w");
+				pf = fdopen(pfdesc, "we");
 				if (!pf)
 					log_error("Can't fdopen %s: %m",
 						  path_dhcrelay_pid);
diff --git a/server/confpars.c b/server/confpars.c
index 4b2907d..6aa5b3f 100644
--- a/server/confpars.c
+++ b/server/confpars.c
@@ -111,7 +111,7 @@ isc_result_t read_conf_file (const char *filename, struct group *group,
 	}
 #endif
 
-	if ((file = open (filename, O_RDONLY)) < 0) {
+	if ((file = open (filename, O_RDONLY | O_CLOEXEC)) < 0) {
 		if (leasep) {
 			log_error ("Can't open lease database %s: %m --",
 				   path_dhcpd_db);
diff --git a/server/db.c b/server/db.c
index 0c642ad..e9a38fe 100644
--- a/server/db.c
+++ b/server/db.c
@@ -1072,7 +1072,7 @@ void db_startup (testp)
 	}
 #endif
 	if (!testp) {
-		db_file = fopen (path_dhcpd_db, "a");
+		db_file = fopen (path_dhcpd_db, "ae");
 		if (!db_file)
 			log_fatal ("Can't open %s for append.", path_dhcpd_db);
 		expire_all_pools ();
@@ -1120,7 +1120,7 @@ int new_lease_file ()
 		     path_dhcpd_db) >= sizeof newfname)
 		log_fatal("new_lease_file: lease file path too long");
 
-	db_fd = mkstemp (newfname);
+	db_fd = mkostemp (newfname, O_CLOEXEC);
 	if (db_fd < 0) {
 		log_error ("Can't create new lease file: %m");
 		return 0;
@@ -1145,7 +1145,7 @@ int new_lease_file ()
 	}
 #endif /* PARANOIA */
 
-	if ((new_db_file = fdopen(db_fd, "w")) == NULL) {
+	if ((new_db_file = fdopen(db_fd, "we")) == NULL) {
 		log_error("Can't fdopen new lease file: %m");
 		close(db_fd);
 		goto fdfail;
diff --git a/server/dhcpd.c b/server/dhcpd.c
index eecc89b..afef390 100644
--- a/server/dhcpd.c
+++ b/server/dhcpd.c
@@ -658,7 +658,7 @@ main(int argc, char **argv) {
 	 */
 	if ((lftest == 0) && (no_pid_file == ISC_FALSE)) {
 		/*Read previous pid file. */
-		if ((i = open(path_dhcpd_pid, O_RDONLY)) >= 0) {
+		if ((i = open(path_dhcpd_pid, O_RDONLY | O_CLOEXEC)) >= 0) {
 			status = read(i, pbuf, (sizeof pbuf) - 1);
 			close(i);
 			if (status > 0) {
@@ -758,7 +758,7 @@ main(int argc, char **argv) {
 	 * appropriate.
 	 */
 	if (no_pid_file == ISC_FALSE) {
-		i = open(path_dhcpd_pid, O_WRONLY|O_CREAT|O_TRUNC, 0644);
+		i = open(path_dhcpd_pid, O_WRONLY|O_CREAT|O_TRUNC|O_CLOEXEC, 0644);
 		if (i >= 0) {
 			sprintf(pbuf, "%d\n", (int) getpid());
 			IGNORE_RET(write(i, pbuf, strlen(pbuf)));
diff --git a/server/ldap.c b/server/ldap.c
index 2893b82..9530d9d 100644
--- a/server/ldap.c
+++ b/server/ldap.c
@@ -1442,7 +1442,7 @@ ldap_start (void)
 
   if (ldap_debug_file != NULL && ldap_debug_fd == -1)
     {
-      if ((ldap_debug_fd = open (ldap_debug_file, O_CREAT | O_TRUNC | O_WRONLY,
+      if ((ldap_debug_fd = open (ldap_debug_file, O_CREAT | O_TRUNC | O_WRONLY | O_CLOEXEC,
                                  S_IRUSR | S_IWUSR)) < 0)
         log_error ("Error opening debug LDAP log file %s: %s", ldap_debug_file,
                    strerror (errno));
-- 
2.1.4