Hi *,

some maintenance commits to use the gnulib *-safer wrappers more consistently
which avoid some stdin/stdout/stderr abuse cases.

* [PATCH 1/2] maint: use more *-safer gnulib modules
* [PATCH 2/2] maint: use gnulib *_safer functions consistently

Have a nice day,
Berny
>From 160e2f8258cb2a3f8cf055658b1840df5347bd6a Mon Sep 17 00:00:00 2001
From: Bernhard Voelker <m...@bernhard-voelker.de>
Date: Wed, 2 Dec 2020 01:12:16 +0100
Subject: [PATCH 1/2] maint: use more *-safer gnulib modules

See section "Handling closed standard file descriptors" in the gnulib
manual.

* bootstrip.conf (gnulib_modules): Add fcntl-safer, openat-safer
and unistd-safer.
* find/exec.c: Include "fcntl--.h" to use the *-safer variant of open()
or openat().
* find/pred.c: Likewise.
* locate/locate.c: Likewise.
* xargs/xargs.c: Likewise, and include "unustd--.h" to use the *-safer
variant of pipe().
---
 bootstrap.conf  | 3 +++
 find/exec.c     | 1 +
 find/pred.c     | 1 +
 locate/locate.c | 1 +
 xargs/xargs.c   | 2 ++
 5 files changed, 8 insertions(+)

diff --git a/bootstrap.conf b/bootstrap.conf
index 8e0dbcf1..a80e2897 100644
--- a/bootstrap.conf
+++ b/bootstrap.conf
@@ -93,6 +93,7 @@ gnulib_modules="
     faccessat
     fchdir
     fcntl
+    fcntl-safer
     fdopendir
     fflush
     fileblocks
@@ -131,6 +132,7 @@ gnulib_modules="
     mountlist
     nstrftime
     open
+    openat-safer
     parse-datetime
     pathmax
     perror
@@ -167,6 +169,7 @@ gnulib_modules="
     sys_wait
     timespec
     uname
+    unistd-safer
     unlinkat
     verify
     version-etc
diff --git a/find/exec.c b/find/exec.c
index 5551de56..e8f14d10 100644
--- a/find/exec.c
+++ b/find/exec.c
@@ -30,6 +30,7 @@
 #include "cloexec.h"
 #include "dirname.h"
 #include "error.h"
+#include "fcntl--.h"
 #include "save-cwd.h"
 #include "xalloc.h"
 
diff --git a/find/pred.c b/find/pred.c
index 9f2f159e..7a64a866 100644
--- a/find/pred.c
+++ b/find/pred.c
@@ -38,6 +38,7 @@
 #include "areadlink.h"
 #include "dirname.h"
 #include "error.h"
+#include "fcntl--.h"
 #include "fnmatch.h"
 #include "stat-size.h"
 #include "stat-time.h"
diff --git a/locate/locate.c b/locate/locate.c
index b3a49b84..bcd76103 100644
--- a/locate/locate.c
+++ b/locate/locate.c
@@ -84,6 +84,7 @@
 #include "progname.h"
 #include "xalloc.h"
 #include "error.h"
+#include "fcntl--.h"
 #include "human.h"
 #include "dirname.h"
 #include "closeout.h"
diff --git a/xargs/xargs.c b/xargs/xargs.c
index e9ef763c..1149999c 100644
--- a/xargs/xargs.c
+++ b/xargs/xargs.c
@@ -54,9 +54,11 @@
 /* gnulib headers. */
 #include "closein.h"
 #include "error.h"
+#include "fcntl--.h"
 #include "progname.h"
 #include "quotearg.h"
 #include "safe-read.h"
+#include "unistd--.h"
 #include "xalloc.h"
 
 /* find headers. */
-- 
2.29.2

>From dc1a69f6dc484e9ca72507f15e940ce3d060376e Mon Sep 17 00:00:00 2001
From: Bernhard Voelker <m...@bernhard-voelker.de>
Date: Wed, 2 Dec 2020 02:00:01 +0100
Subject: [PATCH 2/2] maint: use gnulib *_safer functions consistently

Avoid using fopen_safer and opendir_safer directly in favor of
letting gnulib transparently doing the work via "dirent--.h" and
"stdio--.h".

* find/oldfind.c (dirent-safer.h): Replace include ...
(dirent--.h): ... by this.
(process_dir): Change opendir_safer to the regular opendir call.
* find/sharefile.c (stdio-safer.h): Replace include ...
(stdio--.h): ... by this.
(sharefile_fopen): Change fopen_safer to regular fopen call.
* lib/fdleak.c (dirent-safer.h): Replace include ...
(dirent--.h): ... by this.
(get_proc_max_fd): Change opendir_safer to regular opendir call.
---
 find/oldfind.c   | 4 ++--
 find/sharefile.c | 4 ++--
 lib/fdleak.c     | 4 ++--
 3 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/find/oldfind.c b/find/oldfind.c
index d40bfb52..1da68037 100644
--- a/find/oldfind.c
+++ b/find/oldfind.c
@@ -35,7 +35,7 @@
 /* gnulib headers. */
 #include "canonicalize.h"
 #include "closein.h"
-#include "dirent-safer.h"
+#include "dirent--.h"
 #include "dirname.h"
 #include "error.h"
 #include "fcntl--.h"
@@ -1304,7 +1304,7 @@ process_dir (const char *pathname, const char *name, int pathlen, const struct s
     }
 
   errno = 0;
-  dirp = opendir_safer (name);
+  dirp = opendir (name);
 
   if (dirp == NULL)
     {
diff --git a/find/sharefile.c b/find/sharefile.c
index 2b2bff72..384432ff 100644
--- a/find/sharefile.c
+++ b/find/sharefile.c
@@ -29,7 +29,7 @@
 /* gnulib headers. */
 #include "cloexec.h"
 #include "hash.h"
-#include "stdio-safer.h"
+#include "stdio--.h"
 
 /* find headers. */
 #include "sharefile.h"
@@ -154,7 +154,7 @@ sharefile_fopen (sharefile_handle h, const char *filename)
       return NULL;
     }
 
-  if (NULL == (new_entry->fp = fopen_safer (filename, p->mode)))
+  if (NULL == (new_entry->fp = fopen (filename, p->mode)))
     {
       entry_free (new_entry);
       return NULL;
diff --git a/lib/fdleak.c b/lib/fdleak.c
index 269c860d..7509b8f5 100644
--- a/lib/fdleak.c
+++ b/lib/fdleak.c
@@ -34,7 +34,7 @@
 
 /* gnulib headers. */
 #include "cloexec.h"
-#include "dirent-safer.h"
+#include "dirent--.h"
 #include "error.h"
 #include "fcntl--.h"
 
@@ -66,7 +66,7 @@ get_proc_max_fd (void)
    * a given directory (the manpage for readdir_r claims this
    * is the approved method, but the manpage for pathconf indicates
    * that _PC_NAME_MAX is not an upper limit). */
-  DIR *dir = opendir_safer (path);
+  DIR *dir = opendir (path);
   if (dir)
     {
       int good = 0;
-- 
2.29.2

Reply via email to