- djm@cvs.openbsd.org 2006/01/05 23:43:53

[misc.c] check that stdio file descriptors are actually closed before clobbering them in sanitise_stdfd(). problems occurred when a lower numbered fd was closed, but higher ones weren't. spotted by, and patch tested by Frédéric Olivié
author: Damien Miller <djm@mindrot.org> 2006-01-06 14:50:44 +1100
committer: Damien Miller <djm@mindrot.org> 2006-01-06 14:50:44 +1100
commit: 72c5b7d85d06d6f71960ff00e780b87ca9d33d78 (patch)
tree: 0a2d2be8e6d5ba782ded80d3d4a9450f9f49b9b9 /misc.c
parent: c27f83a63c818b04f957a3225d6781526084c481 (diff)
1 files changed, 8 insertions, 6 deletions
diff --git a/misc.c b/misc.c
index 0339cede..b876c003 100644
--- a/misc.c
+++ b/misc.c
@@ -24,7 +24,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: misc.c,v 1.40 2006/01/02 07:53:44 reyk Exp $");
+RCSID("$OpenBSD: misc.c,v 1.41 2006/01/05 23:43:53 djm Exp $");
 
 #ifdef SSH_TUN_OPENBSD
 #include <net/if.h>
@@ -616,18 +616,20 @@ tun_open(int tun, int mode)
 void
 sanitise_stdfd(void)
 {
-	int nullfd;
+	int nullfd, dupfd;
 
-	if ((nullfd = open(_PATH_DEVNULL, O_RDWR)) == -1) {
+	if ((nullfd = dupfd = open(_PATH_DEVNULL, O_RDWR)) == -1) {
 		fprintf(stderr, "Couldn't open /dev/null: %s", strerror(errno));
 		exit(1);
 	}
-	while (nullfd < 2) {
-		if (dup2(nullfd, nullfd + 1) == -1) {
+	while (++dupfd <= 2) {
+		/* Only clobber closed fds */
+		if (fcntl(dupfd, F_GETFL, 0) >= 0)
+			continue;
+		if (dup2(nullfd, dupfd) == -1) {
 			fprintf(stderr, "dup2: %s", strerror(errno));
 			exit(1);
 		}
-		nullfd++;
 	}
 	if (nullfd > 2)
 		close(nullfd);
author	Damien Miller <djm@mindrot.org>	2006-01-06 14:50:44 +1100
committer	Damien Miller <djm@mindrot.org>	2006-01-06 14:50:44 +1100
commit	72c5b7d85d06d6f71960ff00e780b87ca9d33d78 (patch)
tree	0a2d2be8e6d5ba782ded80d3d4a9450f9f49b9b9 /misc.c
parent	c27f83a63c818b04f957a3225d6781526084c481 (diff)