summaryrefslogtreecommitdiffstats
path: root/src
diff options
context:
space:
mode:
authorTimo Teräs <timo.teras@iki.fi>2010-06-11 13:42:21 +0300
committerTimo Teräs <timo.teras@iki.fi>2010-06-11 13:42:21 +0300
commit43cb554c3fd94ba394b708265c5fa2225a37a9eb (patch)
treeff9708008237754d46c3c2188cdb866a4d0fd195 /src
parentbcbe575c3b28997a03a65426b241bdfef4d8b747 (diff)
downloadapk-tools-43cb554c3fd94ba394b708265c5fa2225a37a9eb.tar.bz2
apk-tools-43cb554c3fd94ba394b708265c5fa2225a37a9eb.tar.xz
various: use O_CLOEXEC and add some error checking
Diffstat (limited to 'src')
-rw-r--r--src/archive.c2
-rw-r--r--src/audit.c2
-rw-r--r--src/database.c22
-rw-r--r--src/fetch.c8
-rw-r--r--src/io.c13
-rw-r--r--src/package.c14
6 files changed, 30 insertions, 31 deletions
diff --git a/src/archive.c b/src/archive.c
index 2df93d9..e7260b6 100644
--- a/src/archive.c
+++ b/src/archive.c
@@ -355,7 +355,7 @@ int apk_archive_entry_extract(int atfd, const struct apk_file_info *ae,
break;
case S_IFREG:
if (ae->link_target == NULL) {
- int flags = O_RDWR | O_CREAT | O_TRUNC;
+ int flags = O_RDWR | O_CREAT | O_TRUNC | O_CLOEXEC;
fd = openat(atfd, fn, flags, ae->mode & 07777);
if (fd < 0) {
diff --git a/src/audit.c b/src/audit.c
index 9867227..ca0945e 100644
--- a/src/audit.c
+++ b/src/audit.c
@@ -55,7 +55,7 @@ static int audit_directory(apk_hash_item item, void *ctx)
if (!(dbd->flags & APK_DBDIRF_PROTECTED))
return 0;
- dir = fdopendir(openat(db->root_fd, dbd->name, O_RDONLY));
+ dir = fdopendir(openat(db->root_fd, dbd->name, O_RDONLY | O_CLOEXEC));
if (dir == NULL)
return 0;
diff --git a/src/database.c b/src/database.c
index e7d6b4e..ca90199 100644
--- a/src/database.c
+++ b/src/database.c
@@ -300,8 +300,10 @@ static void apk_db_diri_set(struct apk_db_dir_instance *diri, mode_t mode,
static void apk_db_diri_mkdir(struct apk_database *db, struct apk_db_dir_instance *diri)
{
- if (mkdirat(db->root_fd, diri->dir->name, diri->mode) == 0)
- fchownat(db->root_fd, diri->dir->name, diri->uid, diri->gid, 0);
+ if (mkdirat(db->root_fd, diri->dir->name, diri->mode) == 0) {
+ if (fchownat(db->root_fd, diri->dir->name, diri->uid, diri->gid, 0) != 0)
+ ;
+ }
}
static void apk_db_diri_rmdir(struct apk_database *db, struct apk_db_dir_instance *diri)
@@ -1013,7 +1015,7 @@ static int apk_db_create(struct apk_database *db)
mkdirat(db->root_fd, "var/cache", 0755);
mkdirat(db->root_fd, "var/cache/misc", 0755);
- fd = openat(db->root_fd, "var/lib/apk/world", O_CREAT|O_RDWR|O_TRUNC, 0644);
+ fd = openat(db->root_fd, "var/lib/apk/world", O_CREAT|O_RDWR|O_TRUNC|O_CLOEXEC, 0644);
if (fd < 0)
return -errno;
close(fd);
@@ -1053,10 +1055,10 @@ int apk_db_open(struct apk_database *db, struct apk_db_options *dbopts)
db->permanent = 1;
db->root = strdup(dbopts->root ?: "/");
- db->root_fd = openat(AT_FDCWD, db->root, O_RDONLY);
+ db->root_fd = openat(AT_FDCWD, db->root, O_RDONLY | O_CLOEXEC);
if (db->root_fd < 0 && (dbopts->open_flags & APK_OPENF_CREATE)) {
mkdirat(AT_FDCWD, db->root, 0755);
- db->root_fd = openat(AT_FDCWD, db->root, O_RDONLY);
+ db->root_fd = openat(AT_FDCWD, db->root, O_RDONLY | O_CLOEXEC);
}
if (db->root_fd < 0) {
msg = "Unable to open root";
@@ -1071,7 +1073,7 @@ int apk_db_open(struct apk_database *db, struct apk_db_options *dbopts)
if (dbopts->open_flags & APK_OPENF_WRITE) {
db->lock_fd = openat(db->root_fd, "var/lib/apk/lock",
- O_CREAT | O_RDWR, 0400);
+ O_CREAT | O_RDWR | O_CLOEXEC, 0400);
if (db->lock_fd < 0 && errno == ENOENT &&
(dbopts->open_flags & APK_OPENF_CREATE)) {
r = apk_db_create(db);
@@ -1080,7 +1082,7 @@ int apk_db_open(struct apk_database *db, struct apk_db_options *dbopts)
goto ret_r;
}
db->lock_fd = openat(db->root_fd, "var/lib/apk/lock",
- O_CREAT | O_RDWR, 0400);
+ O_CREAT | O_RDWR | O_CLOEXEC, 0400);
}
if (db->lock_fd < 0 ||
flock(db->lock_fd, LOCK_EX | LOCK_NB) < 0) {
@@ -1108,12 +1110,12 @@ int apk_db_open(struct apk_database *db, struct apk_db_options *dbopts)
blob = APK_BLOB_STR("etc:*etc/init.d");
apk_blob_for_each_segment(blob, ":", add_protected_path, db);
- db->cache_fd = openat(db->root_fd, db->cache_dir, O_RDONLY);
+ db->cache_fd = openat(db->root_fd, db->cache_dir, O_RDONLY | O_CLOEXEC);
mkdirat(db->cache_fd, "tmp", 0644);
- db->cachetmp_fd = openat(db->cache_fd, "tmp", O_RDONLY);
+ db->cachetmp_fd = openat(db->cache_fd, "tmp", O_RDONLY | O_CLOEXEC);
db->keys_fd = openat(db->root_fd,
dbopts->keys_dir ?: "etc/apk/keys",
- O_RDONLY);
+ O_RDONLY | O_CLOEXEC);
if (apk_flags & APK_OVERLAY_FROM_STDIN) {
apk_flags &= ~APK_OVERLAY_FROM_STDIN;
diff --git a/src/fetch.c b/src/fetch.c
index b7da2f5..9c32a11 100644
--- a/src/fetch.c
+++ b/src/fetch.c
@@ -62,9 +62,7 @@ static int cup(void)
unsigned long len = sizeof(buf);
uncompress(buf, &len, z, sizeof(z));
- write(STDOUT_FILENO, buf, len);
-
- return 0;
+ return write(STDOUT_FILENO, buf, len) != len;
}
static int fetch_parse(void *ctx, struct apk_db_options *dbopts,
@@ -83,7 +81,7 @@ static int fetch_parse(void *ctx, struct apk_db_options *dbopts,
fctx->flags |= FETCH_LINK;
break;
case 'o':
- fctx->outdir_fd = openat(AT_FDCWD, optarg, O_RDONLY);
+ fctx->outdir_fd = openat(AT_FDCWD, optarg, O_RDONLY | O_CLOEXEC);
break;
default:
return -1;
@@ -136,7 +134,7 @@ static int fetch_package(struct fetch_ctx *fctx,
return 0;
}
fd = openat(fctx->outdir_fd, pkgfile,
- O_CREAT|O_RDWR|O_TRUNC, 0644);
+ O_CREAT|O_RDWR|O_TRUNC|O_CLOEXEC, 0644);
if (fd < 0) {
apk_error("%s: %s", pkgfile, strerror(errno));
return -1;
diff --git a/src/io.c b/src/io.c
index 3e292a7..57e2d2d 100644
--- a/src/io.c
+++ b/src/io.c
@@ -83,12 +83,10 @@ struct apk_istream *apk_istream_from_file(int atfd, const char *file)
{
int fd;
- fd = openat(atfd, file, O_RDONLY);
+ fd = openat(atfd, file, O_RDONLY | O_CLOEXEC);
if (fd < 0)
return NULL;
- fcntl(fd, F_SETFD, FD_CLOEXEC);
-
return apk_istream_from_fd(fd);
}
@@ -348,11 +346,10 @@ struct apk_bstream *apk_bstream_from_file(int atfd, const char *file)
{
int fd;
- fd = openat(atfd, file, O_RDONLY);
+ fd = openat(atfd, file, O_RDONLY | O_CLOEXEC);
if (fd < 0)
return NULL;
- fcntl(fd, F_SETFD, FD_CLOEXEC);
return apk_bstream_from_fd(fd);
}
@@ -394,7 +391,7 @@ struct apk_bstream *apk_bstream_tee(struct apk_bstream *from, int atfd, const ch
struct apk_tee_bstream *tbs;
int fd;
- fd = openat(atfd, to, O_CREAT | O_RDWR | O_TRUNC,
+ fd = openat(atfd, to, O_CREAT | O_RDWR | O_TRUNC | O_CLOEXEC,
S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH);
if (fd < 0)
return NULL;
@@ -442,7 +439,7 @@ apk_blob_t apk_blob_from_file(int atfd, const char *file)
struct stat st;
char *buf;
- fd = openat(atfd, file, O_RDONLY);
+ fd = openat(atfd, file, O_RDONLY | O_CLOEXEC);
if (fd < 0)
return APK_BLOB_NULL;
@@ -648,7 +645,7 @@ struct apk_ostream *apk_ostream_to_file(int atfd,
struct apk_ostream *os;
int fd;
- fd = openat(atfd, tmpfile ?: file, O_CREAT | O_RDWR | O_TRUNC, mode);
+ fd = openat(atfd, tmpfile ?: file, O_CREAT | O_RDWR | O_TRUNC | O_CLOEXEC, mode);
if (fd < 0)
return NULL;
diff --git a/src/package.c b/src/package.c
index 10f0d1b..0dd89d3 100644
--- a/src/package.c
+++ b/src/package.c
@@ -444,7 +444,7 @@ int apk_sign_ctx_process_file(struct apk_sign_ctx *ctx,
if (strncmp(&fi->name[6], "RSA.", 4) == 0 ||
strncmp(&fi->name[6], "DSA.", 4) == 0) {
- int fd = openat(ctx->keys_fd, &fi->name[10], O_RDONLY);
+ int fd = openat(ctx->keys_fd, &fi->name[10], O_RDONLY|O_CLOEXEC);
BIO *bio;
if (fd < 0)
@@ -884,22 +884,24 @@ int apk_ipkg_run_script(struct apk_installed_package *ipkg, int root_fd,
if (apk_flags & APK_SIMULATE)
return 0;
- fd = openat(root_fd, fn, O_CREAT|O_RDWR|O_TRUNC, 0755);
+ fd = openat(root_fd, fn, O_CREAT|O_RDWR|O_TRUNC|O_CLOEXEC, 0755);
if (fd < 0) {
mkdirat(root_fd, "var/cache/misc", 0755);
- fd = openat(root_fd, fn, O_CREAT|O_RDWR|O_TRUNC, 0755);
+ fd = openat(root_fd, fn, O_CREAT|O_RDWR|O_TRUNC|O_CLOEXEC, 0755);
if (fd < 0)
return -errno;
}
- write(fd, ipkg->script[type].ptr, ipkg->script[type].len);
+ if (write(fd, ipkg->script[type].ptr, ipkg->script[type].len) < 0) {
+ close(fd);
+ return -errno;
+ }
close(fd);
pid = fork();
if (pid == -1)
return -1;
if (pid == 0) {
- fchdir(root_fd);
- if (chroot(".") < 0) {
+ if (fchdir(root_fd) < 0 || chroot(".") < 0) {
apk_error("chroot: %s", strerror(errno));
} else {
execve(fn, argv, environment);