summaryrefslogtreecommitdiff
path: root/system/vlock/10_fix-buffer-overflow.patch
blob: 2fe07386febfff2bb111eebea9f83d5b8bda77e0 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
Description: do not use fd_set with potentially large indices
Author: Helmut Grohne <helmut@subdivi.de>
Bug-Debian: http://bugs.debian.org/754594
Last-Update: 2014-07-15

--- vlock-2.2.2.orig/src/process.c
+++ vlock-2.2.2/src/process.c
@@ -107,7 +107,7 @@ void ensure_death(pid_t pid)
 
 /* Close all possibly open file descriptors except the ones specified in the
  * given set. */
-static void close_fds(fd_set *except_fds)
+static void close_fds(int except_fd)
 {
   struct rlimit r;
   int maxfd;
@@ -122,7 +122,8 @@ static void close_fds(fd_set *except_fds
   /* Close all possibly open file descriptors except STDIN_FILENO,
    * STDOUT_FILENO and STDERR_FILENO. */
   for (int fd = 0; fd < maxfd; fd++)
-    if (!FD_ISSET(fd, except_fds))
+    if(fd != STDIN_FILENO && fd != STDOUT_FILENO && fd != STDERR_FILENO
+        && fd != except_fd)
       (void) close(fd);
 }
 
@@ -175,7 +176,6 @@ bool create_child(struct child_process *
 
   if (child->pid == 0) {
     /* Child. */
-    fd_set except_fds;
 
     if (child->stdin_fd == REDIRECT_PIPE)
       (void) dup2(stdin_pipe[0], STDIN_FILENO);
@@ -198,13 +198,7 @@ bool create_child(struct child_process *
     else if (child->stderr_fd != NO_REDIRECT)
       (void) dup2(child->stderr_fd, STDERR_FILENO);
 
-    FD_ZERO(&except_fds);
-    FD_SET(STDIN_FILENO, &except_fds);
-    FD_SET(STDOUT_FILENO, &except_fds);
-    FD_SET(STDERR_FILENO, &except_fds);
-    FD_SET(status_pipe[1], &except_fds);
-
-    (void) close_fds(&except_fds);
+    (void) close_fds(status_pipe[1]);
 
     (void) setgid(getgid());
     (void) setuid(getuid());