Merge branch 'tr/protect-low-3-fds'
When "git" is spawned in such a way that any of the low 3 file descriptors is closed, our first open() may yield file descriptor 2, and writing error message to it would screw things up in a big way. * tr/protect-low-3-fds: git: ensure 0/1/2 are open in main() daemon/shell: refactor redirection of 0/1/2 from /dev/nullmaint
Junio C Hamano
commit
cb29dfde48
2
cache.h
2
cache.h
|
|
@ -425,6 +425,8 @@ extern int path_inside_repo(const char *prefix, const char *path);
|
|||
extern int set_git_dir_init(const char *git_dir, const char *real_git_dir, int);
|
||||
extern int init_db(const char *template_dir, unsigned int flags);
|
||||
|
||||
extern void sanitize_stdfds(void);
|
||||
|
||||
#define alloc_nr(x) (((x)+16)*3/2)
|
||||
|
||||
/*
|
||||
|
|
|
|||
12
daemon.c
12
daemon.c
|
|
@ -1047,18 +1047,6 @@ static int service_loop(struct socketlist *socklist)
|
|||
}
|
||||
}
|
||||
|
||||
/* if any standard file descriptor is missing open it to /dev/null */
|
||||
static void sanitize_stdfds(void)
|
||||
{
|
||||
int fd = open("/dev/null", O_RDWR, 0);
|
||||
while (fd != -1 && fd < 2)
|
||||
fd = dup(fd);
|
||||
if (fd == -1)
|
||||
die_errno("open /dev/null or dup failed");
|
||||
if (fd > 2)
|
||||
close(fd);
|
||||
}
|
||||
|
||||
#ifdef NO_POSIX_GOODIES
|
||||
|
||||
struct credentials;
|
||||
|
|
|
|||
7
git.c
7
git.c
|
|
@ -525,6 +525,13 @@ int main(int argc, char **av)
|
|||
if (!cmd)
|
||||
cmd = "git-help";
|
||||
|
||||
/*
|
||||
* Always open file descriptors 0/1/2 to avoid clobbering files
|
||||
* in die(). It also avoids messing up when the pipes are dup'ed
|
||||
* onto stdin/stdout/stderr in the child processes we spawn.
|
||||
*/
|
||||
sanitize_stdfds();
|
||||
|
||||
git_setup_gettext();
|
||||
|
||||
/*
|
||||
|
|
|
|||
12
setup.c
12
setup.c
|
|
@ -908,3 +908,15 @@ const char *resolve_gitdir(const char *suspect)
|
|||
return suspect;
|
||||
return read_gitfile(suspect);
|
||||
}
|
||||
|
||||
/* if any standard file descriptor is missing open it to /dev/null */
|
||||
void sanitize_stdfds(void)
|
||||
{
|
||||
int fd = open("/dev/null", O_RDWR, 0);
|
||||
while (fd != -1 && fd < 2)
|
||||
fd = dup(fd);
|
||||
if (fd == -1)
|
||||
die_errno("open /dev/null or dup failed");
|
||||
if (fd > 2)
|
||||
close(fd);
|
||||
}
|
||||
|
|
|
|||
12
shell.c
12
shell.c
|
|
@ -147,7 +147,6 @@ int main(int argc, char **argv)
|
|||
char *prog;
|
||||
const char **user_argv;
|
||||
struct commands *cmd;
|
||||
int devnull_fd;
|
||||
int count;
|
||||
|
||||
git_setup_gettext();
|
||||
|
|
@ -156,15 +155,10 @@ int main(int argc, char **argv)
|
|||
|
||||
/*
|
||||
* Always open file descriptors 0/1/2 to avoid clobbering files
|
||||
* in die(). It also avoids not messing up when the pipes are
|
||||
* dup'ed onto stdin/stdout/stderr in the child processes we spawn.
|
||||
* in die(). It also avoids messing up when the pipes are dup'ed
|
||||
* onto stdin/stdout/stderr in the child processes we spawn.
|
||||
*/
|
||||
devnull_fd = open("/dev/null", O_RDWR);
|
||||
while (devnull_fd >= 0 && devnull_fd <= 2)
|
||||
devnull_fd = dup(devnull_fd);
|
||||
if (devnull_fd == -1)
|
||||
die_errno("opening /dev/null failed");
|
||||
close (devnull_fd);
|
||||
sanitize_stdfds();
|
||||
|
||||
/*
|
||||
* Special hack to pretend to be a CVS server
|
||||
|
|
|
|||
Loading…
Reference in New Issue