* modules/openat-safer: New file.
* lib/openat-safer.c: Likewise.
* m4/fcntl-safer.m4 (gl_OPENAT_SAFER): New macro.
* lib/fcntl-safer.h (openat_safer): Declare.
* lib/fcntl--.h (openat): Override.
* MODULES.html.sh (File descriptor based I/O): Mention it.
* lib/openat.h: Add double-inclusion guards.
* lib/openat.c (includes): Only include "fcntl-safer.h", not
"fcntl--.h", so we can implement openat.
* modules/openat-safer-tests: New test.
* tests/test-openat-safer.c: New file.
Signed-off-by: Eric Blake <ebb9@byu.net>
2009-09-02 Eric Blake <ebb9@byu.net>
+ openat-safer: new module
+ * modules/openat-safer: New file.
+ * lib/openat-safer.c: Likewise.
+ * m4/fcntl-safer.m4 (gl_OPENAT_SAFER): New macro.
+ * lib/fcntl-safer.h (openat_safer): Declare.
+ * lib/fcntl--.h (openat): Override.
+ * MODULES.html.sh (File descriptor based I/O): Mention it.
+ * lib/openat.h: Add double-inclusion guards.
+ * lib/openat.c (includes): Only include "fcntl-safer.h", not
+ "fcntl--.h", so we can implement openat.
+ * modules/openat-safer-tests: New test.
+ * tests/test-openat-safer.c: New file.
+
dirent-safer: new module
* modules/dirent-safer: New file.
* lib/dirent--.h: Likewise.
func_begin_table
func_module fcntl-safer
+ func_module openat-safer
func_module safe-read
func_module safe-write
func_module full-read
/* Like fcntl.h, but redefine some names to avoid glitches.
- Copyright (C) 2005 Free Software Foundation, Inc.
+ Copyright (C) 2005, 2009 Free Software Foundation, Inc.
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
#undef creat
#define creat creat_safer
+
+#if GNULIB_OPENAT_SAFER
+# include "openat.h" /* FIXME - <fcntl.h> should be sufficient. */
+# undef openat
+# define openat openat_safer
+#endif
/* Invoke fcntl-like functions, but avoid some glitches.
- Copyright (C) 2005 Free Software Foundation, Inc.
+ Copyright (C) 2005, 2009 Free Software Foundation, Inc.
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
int open_safer (char const *, int, ...);
int creat_safer (char const *, mode_t);
+
+#if GNULIB_OPENAT_SAFER
+int openat_safer (int, char const *, int, ...);
+#endif
--- /dev/null
+/* Invoke openat, but avoid some glitches.
+
+ Copyright (C) 2005, 2006, 2008-2009 Free Software Foundation, Inc.
+
+ This program is free software: you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>. */
+
+/* Written by Paul Eggert for open, ported by Eric Blake for openat. */
+
+#include <config.h>
+
+#include "fcntl-safer.h"
+
+#include <fcntl.h>
+#include "openat.h" /* FIXME - <fcntl.h> should be sufficient. */
+#include <stdarg.h>
+#include "unistd-safer.h"
+
+int
+openat_safer (int fd, char const *file, int flags, ...)
+{
+ mode_t mode = 0;
+
+ if (flags & O_CREAT)
+ {
+ va_list ap;
+ va_start (ap, flags);
+
+ /* We have to use PROMOTED_MODE_T instead of mode_t, otherwise GCC 4
+ creates crashing code when 'mode_t' is smaller than 'int'. */
+ mode = va_arg (ap, PROMOTED_MODE_T);
+
+ va_end (ap);
+ }
+
+ return fd_safer (openat (fd, file, flags, mode));
+}
#include <sys/stat.h>
#include "dirname.h" /* solely for definition of IS_ABSOLUTE_FILE_NAME */
-#include "fcntl--.h"
#include "openat-priv.h"
#include "save-cwd.h"
+/* We can't use "fcntl--.h", so that openat_safer does not interfere. */
+#if GNULIB_FCNTL_SAFER
+# include "fcntl-safer.h"
+# undef open
+# define open open_safer
+#endif
+
/* Replacement for Solaris' openat function.
<http://www.google.com/search?q=openat+site:docs.sun.com>
First, try to simulate it via open ("/proc/self/fd/FD/FILE").
/* written by Jim Meyering */
+#ifndef _GL_HEADER_OPENAT
+#define _GL_HEADER_OPENAT
+
#include <fcntl.h>
#include <sys/types.h>
{
return fchmodat (fd, file, mode, AT_SYMLINK_NOFOLLOW);
}
+
+#endif /* _GL_HEADER_OPENAT */
-#serial 6
+#serial 7
dnl Copyright (C) 2005-2007, 2009 Free Software Foundation, Inc.
dnl This file is free software; the Free Software Foundation
dnl gives unlimited permission to copy and/or distribute it,
# Prerequisites of lib/open-safer.c.
AC_REQUIRE([gl_PROMOTED_TYPE_MODE_T])
])
+
+AC_DEFUN([gl_OPENAT_SAFER],
+[
+ AC_REQUIRE([gl_FCNTL_SAFER])
+ AC_LIBOBJ([openat-safer])
+])
--- /dev/null
+Description:
+openat function that avoids clobbering std{in,out,err}.
+
+Files:
+lib/fcntl--.h
+lib/fcntl-safer.h
+lib/openat-safer.c
+m4/fcntl-safer.m4
+
+Depends-on:
+fcntl-safer
+openat
+unistd-safer
+
+configure.ac:
+gl_OPENAT_SAFER
+gl_MODULE_INDICATOR([openat-safer])
+
+Makefile.am:
+
+Include:
+"fcntl-safer.h"
+
+License:
+GPL
+
+Maintainer:
+Eric Blake
--- /dev/null
+Files:
+tests/test-openat-safer.c
+
+Depends-on:
+
+configure.ac:
+
+Makefile.am:
+TESTS += test-openat-safer
+check_PROGRAMS += test-openat-safer
+test_openat_safer_LDADD = $(LDADD) @LIBINTL@
--- /dev/null
+/* Test that openat_safer leave standard fds alone.
+ Copyright (C) 2009 Free Software Foundation, Inc.
+
+ This program is free software: you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>. */
+
+/* Written by Eric Blake <ebb9@byu.net>, 2009. */
+
+#include <config.h>
+
+#include "fcntl--.h"
+
+#include <errno.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <sys/stat.h>
+#include <unistd.h>
+
+/* This test intentionally closes stderr. So, we arrange to have fd 10
+ (outside the range of interesting fd's during the test) set up to
+ duplicate the original stderr. */
+
+#define BACKUP_STDERR_FILENO 10
+static FILE *myerr;
+
+#define ASSERT(expr) \
+ do \
+ { \
+ if (!(expr)) \
+ { \
+ fprintf (myerr, "%s:%d: assertion failed\n", __FILE__, __LINE__); \
+ fflush (myerr); \
+ abort (); \
+ } \
+ } \
+ while (0)
+
+int
+main ()
+{
+ int i;
+ int j;
+ int dfd;
+ int fd;
+ char buf[2];
+ const char *witness = "test-openat-safer.txt";
+
+ /* We close fd 2 later, so save it in fd 10. */
+ if (dup2 (STDERR_FILENO, BACKUP_STDERR_FILENO) != BACKUP_STDERR_FILENO
+ || (myerr = fdopen (BACKUP_STDERR_FILENO, "w")) == NULL)
+ return 2;
+
+ /* Create handle for future use. */
+ dfd = openat (AT_FDCWD, ".", O_RDONLY);
+ ASSERT (STDERR_FILENO < dfd);
+
+ /* Create file for later checks. */
+ remove (witness);
+ fd = openat (dfd, witness, O_WRONLY | O_CREAT | O_EXCL, 0600);
+ ASSERT (STDERR_FILENO < fd);
+ ASSERT (write (fd, "hi", 2) == 2);
+ ASSERT (close (fd) == 0);
+
+ /* Four iterations, with progressively more standard descriptors
+ closed. */
+ for (i = -1; i <= STDERR_FILENO; i++)
+ {
+ ASSERT (fchdir (dfd) == 0);
+ if (0 <= i)
+ ASSERT (close (i) == 0);
+
+ /* Execute once in ".", once in "..". */
+ for (j = 0; j <= 1; j++)
+ {
+ if (j)
+ ASSERT (chdir ("..") == 0);
+
+ /* Check for error detection. */
+ errno = 0;
+ ASSERT (openat (AT_FDCWD, "", O_RDONLY) == -1);
+ ASSERT (errno == ENOENT);
+ errno = 0;
+ ASSERT (openat (dfd, "", O_RDONLY) == -1);
+ ASSERT (errno == ENOENT);
+
+ /* Check for trailing slash and /dev/null handling; the
+ particular errno might be ambiguous. */
+ errno = 0;
+ ASSERT (openat (dfd, "nonexist.ent/", O_CREAT | O_RDONLY,
+ S_IRUSR | S_IWUSR) == -1);
+ /* ASSERT (errno == ENOTDIR); */
+ errno = 0;
+ ASSERT (openat (dfd, "/dev/null/", O_RDONLY) == -1);
+ /* ASSERT (errno == ENOTDIR); */
+ fd = openat (dfd, "/dev/null", O_RDONLY);
+ ASSERT (STDERR_FILENO < fd);
+ ASSERT (close (fd) == 0);
+
+ /* Check for our witness file. */
+ fd = openat (dfd, witness, O_RDONLY | O_NOFOLLOW);
+ ASSERT (STDERR_FILENO < fd);
+ ASSERT (read (fd, buf, 2) == 2);
+ ASSERT (buf[0] == 'h' && buf[1] == 'i');
+ ASSERT (close (fd) == 0);
+ }
+ }
+ ASSERT (fchdir (dfd) == 0);
+ ASSERT (unlink (witness) == 0);
+ ASSERT (close (dfd) == 0);
+
+ return 0;
+}
projects / gnulib.git / commitdiff