From 033a2c0bc96c406bf324bff51891cfdefe42183e Mon Sep 17 00:00:00 2001 From: Werner Koch Date: Mon, 3 Dec 2007 13:05:15 +0000 Subject: [PATCH] Try to make sure that the standard descriptors are connected when calling gpgsm. --- common/ChangeLog | 4 +++ common/sysutils.c | 76 ++++++++++++++++++++++++++++++++++++++++++++++- common/sysutils.h | 1 + g10/ChangeLog | 7 +++++ g10/gpg.c | 75 +--------------------------------------------- sm/ChangeLog | 4 +++ sm/gpgsm.c | 1 + 7 files changed, 93 insertions(+), 75 deletions(-) diff --git a/common/ChangeLog b/common/ChangeLog index 1ebfe2984..867eeb57d 100644 --- a/common/ChangeLog +++ b/common/ChangeLog @@ -1,3 +1,7 @@ +2007-12-03 Werner Koch + + * sysutils.c (gnupg_reopen_std): New. Taken from ../g10/gpg.c. + 2007-11-27 Werner Koch * Makefile.am (CLEANFILES): New. diff --git a/common/sysutils.c b/common/sysutils.c index 7c8a3be2e..869dc2a10 100644 --- a/common/sysutils.c +++ b/common/sysutils.c @@ -48,6 +48,7 @@ #ifdef HAVE_PTH # include #endif +#include #include "util.h" #include "i18n.h" @@ -119,7 +120,7 @@ enable_core_dumps (void) return 1; limit.rlim_cur = limit.rlim_max; setrlimit (RLIMIT_CORE, &limit); - return 1; /* We always return true because trhis function is + return 1; /* We always return true because this function is merely a debugging aid. */ # endif return 1; @@ -397,3 +398,76 @@ gnupg_tmpfile (void) return tmpfile (); #endif /*!HAVE_W32_SYSTEM*/ } + + +/* Make sure that the standard file descriptors are opened. Obviously + some folks close them before an exec and the next file we open will + get one of them assigned and thus any output (i.e. diagnostics) end + up in that file (e.g. the trustdb). Not actually a gpg problem as + this will hapen with almost all utilities when called in a wrong + way. However we try to minimize the damage here and raise + awareness of the problem. + + Must be called before we open any files! */ +void +gnupg_reopen_std (const char *pgmname) +{ +#if defined(HAVE_STAT) && !defined(HAVE_W32_SYSTEM) + struct stat statbuf; + int did_stdin = 0; + int did_stdout = 0; + int did_stderr = 0; + FILE *complain; + + if (fstat (STDIN_FILENO, &statbuf) == -1 && errno ==EBADF) + { + if (open ("/dev/null",O_RDONLY) == STDIN_FILENO) + did_stdin = 1; + else + did_stdin = 2; + } + + if (fstat (STDOUT_FILENO, &statbuf) == -1 && errno == EBADF) + { + if (open ("/dev/null",O_WRONLY) == STDOUT_FILENO) + did_stdout = 1; + else + did_stdout = 2; + } + + if (fstat (STDERR_FILENO, &statbuf)==-1 && errno==EBADF) + { + if (open ("/dev/null", O_WRONLY) == STDERR_FILENO) + did_stderr = 1; + else + did_stderr = 2; + } + + /* It's hard to log this sort of thing since the filehandle we would + complain to may be closed... */ + if (!did_stderr) + complain = stderr; + else if (!did_stdout) + complain = stdout; + else + complain = NULL; + + if (complain) + { + if (did_stdin == 1) + fprintf (complain, "%s: WARNING: standard input reopened\n", pgmname); + if (did_stdout == 1) + fprintf (complain, "%s: WARNING: standard output reopened\n", pgmname); + if (did_stderr == 1) + fprintf (complain, "%s: WARNING: standard error reopened\n", pgmname); + + if (did_stdin == 2 || did_stdout == 2 || did_stderr == 2) + fprintf(complain,"%s: fatal: unable to reopen standard input," + " output, or error\n", pgmname); + } + + if (did_stdin == 2 || did_stdout == 2 || did_stderr == 2) + exit (3); +#endif /* HAVE_STAT && !HAVE_W32_SYSTEM */ +} + diff --git a/common/sysutils.h b/common/sysutils.h index c053e8fb9..44f7ca68c 100644 --- a/common/sysutils.h +++ b/common/sysutils.h @@ -46,6 +46,7 @@ void gnupg_sleep (unsigned int seconds); int translate_sys2libc_fd (gnupg_fd_t fd, int for_write); int translate_sys2libc_fd_int (int fd, int for_write); FILE *gnupg_tmpfile (void); +void gnupg_reopen_std (const char *pgmname); #ifdef HAVE_W32_SYSTEM diff --git a/g10/ChangeLog b/g10/ChangeLog index decbc8ca0..211cff97f 100644 --- a/g10/ChangeLog +++ b/g10/ChangeLog @@ -1,3 +1,10 @@ +2007-12-03 Werner Koch + + * gpg.c (reopen_std): Moved to ../common and renamed to + gnupg_reopen_std. + + * gpg.c: Remove second inclusion of fcntl.h. + 2007-11-19 Werner Koch * keyedit.c (keyedit_menu): String grammar fix. diff --git a/g10/gpg.c b/g10/gpg.c index b548cdf25..38b5fadb5 100644 --- a/g10/gpg.c +++ b/g10/gpg.c @@ -26,9 +26,6 @@ #include #include #include -#ifdef HAVE_DOSISH_SYSTEM -#include /* for setmode() */ -#endif #ifdef HAVE_STAT #include /* for stat() */ #endif @@ -1687,76 +1684,6 @@ parse_trust_model(const char *model) } - -/* Make sure that the standard file descriptors are opened. Obviously - some folks close them before an exec and the next file we open will - get one of them assigned and thus any output (i.e. diagnostics) end - up in that file (e.g. the trustdb). Not actually a gpg problem as - this will hapenn with almost all utilities when called in a wrong - way. However we try to minimize the damage here and raise - awareness of the problem. - - Must be called before we open any files! */ -static void -reopen_std(void) -{ -#if defined(HAVE_STAT) && !defined(HAVE_W32_SYSTEM) - struct stat statbuf; - int did_stdin=0,did_stdout=0,did_stderr=0; - FILE *complain; - - if(fstat(STDIN_FILENO,&statbuf)==-1 && errno==EBADF) - { - if(open("/dev/null",O_RDONLY)==STDIN_FILENO) - did_stdin=1; - else - did_stdin=2; - } - - if(fstat(STDOUT_FILENO,&statbuf)==-1 && errno==EBADF) - { - if(open("/dev/null",O_WRONLY)==STDOUT_FILENO) - did_stdout=1; - else - did_stdout=2; - } - - if(fstat(STDERR_FILENO,&statbuf)==-1 && errno==EBADF) - { - if(open("/dev/null",O_WRONLY)==STDERR_FILENO) - did_stderr=1; - else - did_stderr=2; - } - - /* It's hard to log this sort of thing since the filehandle we would - complain to may be closed... */ - if(did_stderr==0) - complain=stderr; - else if(did_stdout==0) - complain=stdout; - else - complain=NULL; - - if(complain) - { - if(did_stdin==1) - fprintf(complain,"gpg: WARNING: standard input reopened\n"); - if(did_stdout==1) - fprintf(complain,"gpg: WARNING: standard output reopened\n"); - if(did_stderr==1) - fprintf(complain,"gpg: WARNING: standard error reopened\n"); - - if(did_stdin==2 || did_stdout==2 || did_stderr==2) - fprintf(complain,"gpg: fatal: unable to reopen standard input," - " output, or error\n"); - } - - if(did_stdin==2 || did_stdout==2 || did_stderr==2) - exit(3); -#endif /* HAVE_STAT && !HAVE_W32_SYSTEM */ -} - /* Pack an s2k iteration count into the form specified in 2440. If we're in between valid values, round up. */ static unsigned char @@ -1855,7 +1782,7 @@ main (int argc, char **argv ) /* Please note that we may running SUID(ROOT), so be very CAREFUL when adding any stuff between here and the call to secmem_init() somewhere after the option parsing. */ - reopen_std (); + gnupg_reopen_std ("gpg"); trap_unaligned (); gnupg_rl_initialize (); set_strusage (my_strusage); diff --git a/sm/ChangeLog b/sm/ChangeLog index d53740463..5f03b86c5 100644 --- a/sm/ChangeLog +++ b/sm/ChangeLog @@ -1,3 +1,7 @@ +2007-12-03 Werner Koch + + * gpgsm.c (main): All gnupg_reopen_std. + h2007-11-22 Werner Koch * server.c (cmd_getauditlog): New. diff --git a/sm/gpgsm.c b/sm/gpgsm.c index 9958a8138..21a29bee5 100644 --- a/sm/gpgsm.c +++ b/sm/gpgsm.c @@ -851,6 +851,7 @@ main ( int argc, char **argv) /*mtrace();*/ + gnupg_reopen_std ("gpgsm"); /* trap_unaligned ();*/ gnupg_rl_initialize (); set_strusage (my_strusage);