From 0 Mon Sep 17 00:00:00 2001 From: Mikhail Efremov Date: Thu, 25 Oct 2012 17:17:14 +0400 Subject: [PATCH 14] Prevent file descriptors leak. Set close-on-exec flag for file descriptors. Based on dhcp-4.2.2-CLOEXEC.patch from Fedora. diff --git a/dhcp/client/clparse.c b/dhcp/client/clparse.c index defaced..defaced 100644 --- a/dhcp/client/clparse.c +++ b/dhcp/client/clparse.c @@ -281,7 +281,7 @@ int read_client_conf_file (const char *name, struct interface_info *ip, int token; isc_result_t status; - if ((file = open (name, O_RDONLY)) < 0) + if ((file = open (name, O_RDONLY | O_CLOEXEC)) < 0) return uerr2isc (errno); cfile = NULL; @@ -357,7 +357,7 @@ void read_client_leases () /* Open the lease file. If we can't open it, just return - we can safely trust the server to remember our state. */ - if ((file = open (path_dhclient_db, O_RDONLY)) < 0) + if ((file = open (path_dhclient_db, O_RDONLY | O_CLOEXEC)) < 0) return; cfile = NULL; diff --git a/dhcp/client/dhclient.c b/dhcp/client/dhclient.c index defaced..defaced 100644 --- a/dhcp/client/dhclient.c +++ b/dhcp/client/dhclient.c @@ -3997,7 +3997,7 @@ void rewrite_client_leases () if (leaseFile != NULL) fclose (leaseFile); - leaseFile = fopen (path_dhclient_db, "w"); + leaseFile = fopen (path_dhclient_db, "we"); if (leaseFile == NULL) { log_error ("can't create %s: %m", path_dhclient_db); return; @@ -4192,7 +4192,7 @@ write_duid(struct data_string *duid) return DHCP_R_INVALIDARG; if (leaseFile == NULL) { /* XXX? */ - leaseFile = fopen(path_dhclient_db, "w"); + leaseFile = fopen(path_dhclient_db, "we"); if (leaseFile == NULL) { log_error("can't create %s: %m", path_dhclient_db); return ISC_R_IOERROR; @@ -4396,7 +4396,7 @@ int write_client_lease (client, lease, rewrite, makesure) return 1; if (leaseFile == NULL) { /* XXX */ - leaseFile = fopen (path_dhclient_db, "w"); + leaseFile = fopen (path_dhclient_db, "we"); if (leaseFile == NULL) { log_error ("can't create %s: %m", path_dhclient_db); return 0; diff --git a/dhcp/common/bpf.c b/dhcp/common/bpf.c index defaced..defaced 100644 --- a/dhcp/common/bpf.c +++ b/dhcp/common/bpf.c @@ -94,7 +94,7 @@ int if_register_bpf (info) for (b = 0; 1; b++) { /* %Audit% 31 bytes max. %2004.06.17,Safe% */ snprintf(filename, sizeof(filename), BPF_FORMAT, b); - sock = open (filename, O_RDWR, 0); + sock = open (filename, O_RDWR | O_CLOEXEC, 0); if (sock < 0) { if (errno == EBUSY) { continue; diff --git a/dhcp/common/dlpi.c b/dhcp/common/dlpi.c index defaced..defaced 100644 --- a/dhcp/common/dlpi.c +++ b/dhcp/common/dlpi.c @@ -817,7 +817,7 @@ dlpiopen(const char *ifname) { } *dp = '\0'; - return open (devname, O_RDWR, 0); + return open (devname, O_RDWR | O_CLOEXEC, 0); } /* diff --git a/dhcp/common/nit.c b/dhcp/common/nit.c index defaced..defaced 100644 --- a/dhcp/common/nit.c +++ b/dhcp/common/nit.c @@ -75,7 +75,7 @@ int if_register_nit (info) struct strioctl sio; /* Open a NIT device */ - sock = open ("/dev/nit", O_RDWR); + sock = open ("/dev/nit", O_RDWR | O_CLOEXEC); if (sock < 0) log_fatal ("Can't open NIT device for %s: %m", info -> name); diff --git a/dhcp/common/resolv.c b/dhcp/common/resolv.c index defaced..defaced 100644 --- a/dhcp/common/resolv.c +++ b/dhcp/common/resolv.c @@ -43,7 +43,7 @@ void read_resolv_conf (parse_time) struct domain_search_list *dp, *dl, *nd; isc_result_t status; - if ((file = open (path_resolv_conf, O_RDONLY)) < 0) { + if ((file = open (path_resolv_conf, O_RDONLY | O_CLOEXEC)) < 0) { log_error ("Can't open %s: %m", path_resolv_conf); return; } diff --git a/dhcp/common/upf.c b/dhcp/common/upf.c index defaced..defaced 100644 --- a/dhcp/common/upf.c +++ b/dhcp/common/upf.c @@ -71,7 +71,7 @@ int if_register_upf (info) /* %Audit% Cannot exceed 36 bytes. %2004.06.17,Safe% */ snprintf(filename, sizeof(filename), "/dev/pf/pfilt%d", b); - sock = open (filename, O_RDWR, 0); + sock = open (filename, O_RDWR | O_CLOEXEC, 0); if (sock < 0) { if (errno == EBUSY) { continue; diff --git a/dhcp/omapip/trace.c b/dhcp/omapip/trace.c index defaced..defaced 100644 --- a/dhcp/omapip/trace.c +++ b/dhcp/omapip/trace.c @@ -136,10 +136,10 @@ isc_result_t trace_begin (const char *filename, return DHCP_R_INVALIDARG; } - traceoutfile = open (filename, O_CREAT | O_WRONLY | O_EXCL, 0600); + traceoutfile = open (filename, O_CREAT | O_WRONLY | O_EXCL | O_CLOEXEC, 0600); if (traceoutfile < 0 && errno == EEXIST) { log_error ("WARNING: Overwriting trace file \"%s\"", filename); - traceoutfile = open (filename, O_WRONLY | O_EXCL | O_TRUNC, + traceoutfile = open (filename, O_WRONLY | O_EXCL | O_TRUNC | O_CLOEXEC, 0600); } @@ -427,7 +427,7 @@ void trace_file_replay (const char *filename) isc_result_t result; int len; - traceinfile = fopen (filename, "r"); + traceinfile = fopen (filename, "re"); if (!traceinfile) { log_error("Can't open tracefile %s: %m", filename); return; diff --git a/dhcp/relay/dhcrelay.c b/dhcp/relay/dhcrelay.c index defaced..defaced 100644 --- a/dhcp/relay/dhcrelay.c +++ b/dhcp/relay/dhcrelay.c @@ -817,13 +817,13 @@ main(int argc, char **argv) { /* Create the pid file. */ if (no_pid_file == ISC_FALSE) { pfdesc = open(path_dhcrelay_pid, - O_CREAT | O_TRUNC | O_WRONLY, 0644); + O_CREAT | O_TRUNC | O_WRONLY | O_CLOEXEC, 0644); if (pfdesc < 0) { log_error("Can't create %s: %m", path_dhcrelay_pid); } else { - pf = fdopen(pfdesc, "w"); + pf = fdopen(pfdesc, "we"); if (!pf) log_error("Can't fdopen %s: %m", path_dhcrelay_pid); diff --git a/dhcp/server/confpars.c b/dhcp/server/confpars.c index defaced..defaced 100644 --- a/dhcp/server/confpars.c +++ b/dhcp/server/confpars.c @@ -118,7 +118,7 @@ isc_result_t read_conf_file (const char *filename, struct group *group, } #endif - if ((file = open (filename, O_RDONLY)) < 0) { + if ((file = open (filename, O_RDONLY | O_CLOEXEC)) < 0) { if (leasep) { log_error ("Can't open lease database %s: %m --", path_dhcpd_db); diff --git a/dhcp/server/db.c b/dhcp/server/db.c index defaced..defaced 100644 --- a/dhcp/server/db.c +++ b/dhcp/server/db.c @@ -1105,7 +1105,7 @@ void db_startup (int test_mode) * Therefore, in test mode we need to point db_file to a disposable * file to protect the original lease file. */ current_db_path = (test_mode ? "/dev/null" : path_dhcpd_db); - db_file = fopen (current_db_path, "a"); + db_file = fopen (current_db_path, "ae"); if (!db_file) { log_fatal ("Can't open %s for append.", current_db_path); } @@ -1154,7 +1154,7 @@ int new_lease_file (int test_mode) path_dhcpd_db, (int)t) >= sizeof newfname) log_fatal("new_lease_file: lease file path too long"); - db_fd = open (newfname, O_WRONLY | O_TRUNC | O_CREAT, 0664); + db_fd = open (newfname, O_WRONLY | O_TRUNC | O_CREAT | O_CLOEXEC, 0664); if (db_fd < 0) { log_error ("Can't create new lease file: %m"); return 0; @@ -1175,7 +1175,7 @@ int new_lease_file (int test_mode) } #endif /* PARANOIA */ - if ((new_db_file = fdopen(db_fd, "w")) == NULL) { + if ((new_db_file = fdopen(db_fd, "we")) == NULL) { log_error("Can't fdopen new lease file: %m"); close(db_fd); goto fdfail; diff --git a/dhcp/server/dhcpd.c b/dhcp/server/dhcpd.c index defaced..defaced 100644 --- a/dhcp/server/dhcpd.c +++ b/dhcp/server/dhcpd.c @@ -942,7 +942,7 @@ main(int argc, char **argv) { * appropriate. */ if (no_pid_file == ISC_FALSE) { - i = open(path_dhcpd_pid, O_WRONLY|O_CREAT|O_TRUNC, 0644); + i = open(path_dhcpd_pid, O_WRONLY|O_CREAT|O_TRUNC|O_CLOEXEC, 0644); if (i >= 0) { snprintf(pbuf, sizeof(pbuf), "%d\n", (int) getpid()); if (write (i, pbuf, strlen (pbuf)) != strlen (pbuf)) diff --git a/dhcp/server/ldap.c b/dhcp/server/ldap.c index defaced..defaced 100644 --- a/dhcp/server/ldap.c +++ b/dhcp/server/ldap.c @@ -1447,7 +1447,7 @@ ldap_start (void) if (ldap_debug_file != NULL && ldap_debug_fd == -1) { - if ((ldap_debug_fd = open (ldap_debug_file, O_CREAT | O_TRUNC | O_WRONLY, + if ((ldap_debug_fd = open (ldap_debug_file, O_CREAT | O_TRUNC | O_WRONLY | O_CLOEXEC, S_IRUSR | S_IWUSR)) < 0) log_error ("Error opening debug LDAP log file %s: %s", ldap_debug_file, strerror (errno));