slackbuilds/system/vlock/10_fix-buffer-overflow.patch

50 lines
1.6 KiB
Diff

Description: do not use fd_set with potentially large indices
Author: Helmut Grohne <helmut@subdivi.de>
Bug-Debian: http://bugs.debian.org/754594
Last-Update: 2014-07-15
--- vlock-2.2.2.orig/src/process.c
+++ vlock-2.2.2/src/process.c
@@ -107,7 +107,7 @@ void ensure_death(pid_t pid)
/* Close all possibly open file descriptors except the ones specified in the
* given set. */
-static void close_fds(fd_set *except_fds)
+static void close_fds(int except_fd)
{
struct rlimit r;
int maxfd;
@@ -122,7 +122,8 @@ static void close_fds(fd_set *except_fds
/* Close all possibly open file descriptors except STDIN_FILENO,
* STDOUT_FILENO and STDERR_FILENO. */
for (int fd = 0; fd < maxfd; fd++)
- if (!FD_ISSET(fd, except_fds))
+ if(fd != STDIN_FILENO && fd != STDOUT_FILENO && fd != STDERR_FILENO
+ && fd != except_fd)
(void) close(fd);
}
@@ -175,7 +176,6 @@ bool create_child(struct child_process *
if (child->pid == 0) {
/* Child. */
- fd_set except_fds;
if (child->stdin_fd == REDIRECT_PIPE)
(void) dup2(stdin_pipe[0], STDIN_FILENO);
@@ -198,13 +198,7 @@ bool create_child(struct child_process *
else if (child->stderr_fd != NO_REDIRECT)
(void) dup2(child->stderr_fd, STDERR_FILENO);
- FD_ZERO(&except_fds);
- FD_SET(STDIN_FILENO, &except_fds);
- FD_SET(STDOUT_FILENO, &except_fds);
- FD_SET(STDERR_FILENO, &except_fds);
- FD_SET(status_pipe[1], &except_fds);
-
- (void) close_fds(&except_fds);
+ (void) close_fds(status_pipe[1]);
(void) setgid(getgid());
(void) setuid(getuid());