From e2381ffe756fc97488937032bb105b86f402ab60 Mon Sep 17 00:00:00 2001 From: David Cantrell Date: Wed, 29 Oct 2008 23:35:06 +0000 Subject: [PATCH] - Use O_CLOEXEC in open(2) calls and "e" mode in fopen(3) calls, build with -D_GNU_SOURCE so we pick up O_CLOEXEC (#468984) - Add missing prototype for validate_port() in common/inet.c --- dhcp-4.0.0-CLOEXEC.patch | 455 +++++++++++++++++++++++++++++++ dhcp-4.0.0-FD_CLOEXEC.patch | 133 --------- dhcp-4.0.0-port-validation.patch | 26 +- dhcp.spec | 11 +- 4 files changed, 480 insertions(+), 145 deletions(-) create mode 100644 dhcp-4.0.0-CLOEXEC.patch delete mode 100644 dhcp-4.0.0-FD_CLOEXEC.patch diff --git a/dhcp-4.0.0-CLOEXEC.patch b/dhcp-4.0.0-CLOEXEC.patch new file mode 100644 index 0000000..5a7bc69 --- /dev/null +++ b/dhcp-4.0.0-CLOEXEC.patch @@ -0,0 +1,455 @@ +diff -up dhcp-4.0.0/client/clparse.c.cloexec dhcp-4.0.0/client/clparse.c +--- dhcp-4.0.0/client/clparse.c.cloexec 2008-10-29 12:59:29.000000000 -1000 ++++ dhcp-4.0.0/client/clparse.c 2008-10-29 13:11:34.000000000 -1000 +@@ -221,7 +221,7 @@ int read_client_conf_file (const char *n + int token; + isc_result_t status; + +- if ((file = open (name, O_RDONLY)) < 0) ++ if ((file = open (name, O_RDONLY | O_CLOEXEC)) < 0) + return uerr2isc (errno); + + cfile = (struct parse *)0; +@@ -258,7 +258,7 @@ void read_client_leases () + + /* Open the lease file. If we can't open it, just return - + we can safely trust the server to remember our state. */ +- if ((file = open (path_dhclient_db, O_RDONLY)) < 0) ++ if ((file = open (path_dhclient_db, O_RDONLY | O_CLOEXEC)) < 0) + return; + cfile = (struct parse *)0; + /* new_parse() may fail if the file is of zero length. */ +diff -up dhcp-4.0.0/client/dhclient.c.cloexec dhcp-4.0.0/client/dhclient.c +--- dhcp-4.0.0/client/dhclient.c.cloexec 2008-10-29 12:59:29.000000000 -1000 ++++ dhcp-4.0.0/client/dhclient.c 2008-10-29 13:26:16.000000000 -1000 +@@ -125,11 +125,11 @@ main(int argc, char **argv) { + /* Make sure that file descriptors 0 (stdin), 1, (stdout), and + 2 (stderr) are open. To do this, we assume that when we + open a file the lowest available file descriptor is used. */ +- fd = open("/dev/null", O_RDWR); ++ fd = open("/dev/null", O_RDWR | O_CLOEXEC); + if (fd == 0) +- fd = open("/dev/null", O_RDWR); ++ fd = open("/dev/null", O_RDWR | O_CLOEXEC); + if (fd == 1) +- fd = open("/dev/null", O_RDWR); ++ fd = open("/dev/null", O_RDWR | O_CLOEXEC); + if (fd == 2) + log_perror = 0; /* No sense logging to /dev/null. */ + else if (fd != -1) +@@ -403,7 +403,7 @@ main(int argc, char **argv) { + int e; + + oldpid = 0; +- if ((pidfd = fopen(path_dhclient_pid, "r")) != NULL) { ++ if ((pidfd = fopen(path_dhclient_pid, "re")) != NULL) { + e = fscanf(pidfd, "%ld\n", &temp); + oldpid = (pid_t)temp; + +@@ -445,7 +445,7 @@ main(int argc, char **argv) { + strncpy(new_path_dhclient_pid, path_dhclient_pid, pfx); + sprintf(new_path_dhclient_pid + pfx, "-%s.pid", ip->name); + +- if ((pidfd = fopen(new_path_dhclient_pid, "r")) != NULL) { ++ if ((pidfd = fopen(new_path_dhclient_pid, "re")) != NULL) { + e = fscanf(pidfd, "%ld\n", &temp); + oldpid = (pid_t)temp; + +@@ -470,7 +470,7 @@ main(int argc, char **argv) { + int dhc_running = 0; + char procfn[256] = ""; + +- if ((pidfp = fopen(path_dhclient_pid, "r")) != NULL) { ++ if ((pidfp = fopen(path_dhclient_pid, "re")) != NULL) { + if ((fscanf(pidfp, "%ld", &temp)==1) && ((dhcpid=(pid_t)temp) > 0)) { + snprintf(procfn,256,"/proc/%u",dhcpid); + dhc_running = (access(procfn, F_OK) == 0); +@@ -2702,7 +2702,7 @@ void rewrite_client_leases () + + if (leaseFile != NULL) + fclose (leaseFile); +- leaseFile = fopen (path_dhclient_db, "w"); ++ leaseFile = fopen (path_dhclient_db, "we"); + if (leaseFile == NULL) { + log_error ("can't create %s: %m", path_dhclient_db); + return; +@@ -2806,7 +2806,7 @@ write_duid(struct data_string *duid) + return ISC_R_INVALIDARG; + + if (leaseFile == NULL) { /* XXX? */ +- leaseFile = fopen(path_dhclient_db, "w"); ++ leaseFile = fopen(path_dhclient_db, "we"); + if (leaseFile == NULL) { + log_error("can't create %s: %m", path_dhclient_db); + return ISC_R_IOERROR; +@@ -2853,7 +2853,7 @@ write_client6_lease(struct client_state + return ISC_R_INVALIDARG; + + if (leaseFile == NULL) { /* XXX? */ +- leaseFile = fopen(path_dhclient_db, "w"); ++ leaseFile = fopen(path_dhclient_db, "we"); + if (leaseFile == NULL) { + log_error("can't create %s: %m", path_dhclient_db); + return ISC_R_IOERROR; +@@ -2956,7 +2956,7 @@ int write_client_lease (client, lease, r + return 1; + + if (leaseFile == NULL) { /* XXX */ +- leaseFile = fopen (path_dhclient_db, "w"); ++ leaseFile = fopen (path_dhclient_db, "we"); + if (leaseFile == NULL) { + log_error ("can't create %s: %m", path_dhclient_db); + return 0; +@@ -3402,9 +3402,9 @@ void go_daemon () + close(2); + + /* Reopen them on /dev/null. */ +- open("/dev/null", O_RDWR); +- open("/dev/null", O_RDWR); +- open("/dev/null", O_RDWR); ++ open("/dev/null", O_RDWR | O_CLOEXEC); ++ open("/dev/null", O_RDWR | O_CLOEXEC); ++ open("/dev/null", O_RDWR | O_CLOEXEC); + + write_client_pid_file (); + +@@ -3416,14 +3416,14 @@ void write_client_pid_file () + FILE *pf; + int pfdesc; + +- pfdesc = open (path_dhclient_pid, O_CREAT | O_TRUNC | O_WRONLY, 0644); ++ pfdesc = open (path_dhclient_pid, O_CREAT | O_TRUNC | O_WRONLY | O_CLOEXEC, 0644); + + if (pfdesc < 0) { + log_error ("Can't create %s: %m", path_dhclient_pid); + return; + } + +- pf = fdopen (pfdesc, "w"); ++ pf = fdopen (pfdesc, "we"); + if (!pf) + log_error ("Can't fdopen %s: %m", path_dhclient_pid); + else { +diff -up dhcp-4.0.0/common/bpf.c.cloexec dhcp-4.0.0/common/bpf.c +--- dhcp-4.0.0/common/bpf.c.cloexec 2008-10-29 12:59:29.000000000 -1000 ++++ dhcp-4.0.0/common/bpf.c 2008-10-29 13:03:48.000000000 -1000 +@@ -94,7 +94,7 @@ int if_register_bpf (info) + for (b = 0; 1; b++) { + /* %Audit% 31 bytes max. %2004.06.17,Safe% */ + sprintf(filename, BPF_FORMAT, b); +- sock = open (filename, O_RDWR, 0); ++ sock = open (filename, O_RDWR | O_CLOEXEC, 0); + if (sock < 0) { + if (errno == EBUSY) { + continue; +diff -up dhcp-4.0.0/common/discover.c.cloexec dhcp-4.0.0/common/discover.c +--- dhcp-4.0.0/common/discover.c.cloexec 2007-10-05 12:29:51.000000000 -1000 ++++ dhcp-4.0.0/common/discover.c 2008-10-29 13:04:07.000000000 -1000 +@@ -388,7 +388,7 @@ begin_iface_scan(struct iface_conf_list + int len; + int i; + +- ifaces->fp = fopen("/proc/net/dev", "r"); ++ ifaces->fp = fopen("/proc/net/dev", "re"); + if (ifaces->fp == NULL) { + log_error("Error opening '/proc/net/dev' to list interfaces"); + return 0; +@@ -422,7 +422,7 @@ begin_iface_scan(struct iface_conf_list + } + + #ifdef DHCPv6 +- ifaces->fp6 = fopen("/proc/net/if_inet6", "r"); ++ ifaces->fp6 = fopen("/proc/net/if_inet6", "re"); + if (ifaces->fp6 == NULL) { + log_error("Error opening '/proc/net/if_inet6' to " + "list IPv6 interfaces; %m"); +diff -up dhcp-4.0.0/common/dlpi.c.cloexec dhcp-4.0.0/common/dlpi.c +--- dhcp-4.0.0/common/dlpi.c.cloexec 2008-10-29 12:59:29.000000000 -1000 ++++ dhcp-4.0.0/common/dlpi.c 2008-10-29 13:04:35.000000000 -1000 +@@ -795,7 +795,7 @@ dlpiopen(const char *ifname) { + } + *dp = '\0'; + +- return open (devname, O_RDWR, 0); ++ return open (devname, O_RDWR | O_CLOEXEC, 0); + } + + /* +diff -up dhcp-4.0.0/common/nit.c.cloexec dhcp-4.0.0/common/nit.c +--- dhcp-4.0.0/common/nit.c.cloexec 2008-10-29 12:59:29.000000000 -1000 ++++ dhcp-4.0.0/common/nit.c 2008-10-29 13:04:53.000000000 -1000 +@@ -81,7 +81,7 @@ int if_register_nit (info) + struct strioctl sio; + + /* Open a NIT device */ +- sock = open ("/dev/nit", O_RDWR); ++ sock = open ("/dev/nit", O_RDWR | O_CLOEXEC); + if (sock < 0) + log_fatal ("Can't open NIT device for %s: %m", info -> name); + +diff -up dhcp-4.0.0/common/resolv.c.cloexec dhcp-4.0.0/common/resolv.c +--- dhcp-4.0.0/common/resolv.c.cloexec 2007-11-30 11:51:43.000000000 -1000 ++++ dhcp-4.0.0/common/resolv.c 2008-10-29 13:05:08.000000000 -1000 +@@ -48,7 +48,7 @@ void read_resolv_conf (parse_time) + struct name_server *sp, *sl, *ns; + struct domain_search_list *dp, *dl, *nd; + +- if ((file = open (path_resolv_conf, O_RDONLY)) < 0) { ++ if ((file = open (path_resolv_conf, O_RDONLY | O_CLOEXEC)) < 0) { + log_error ("Can't open %s: %m", path_resolv_conf); + return; + } +diff -up dhcp-4.0.0/common/upf.c.cloexec dhcp-4.0.0/common/upf.c +--- dhcp-4.0.0/common/upf.c.cloexec 2008-10-29 12:59:29.000000000 -1000 ++++ dhcp-4.0.0/common/upf.c 2008-10-29 13:05:27.000000000 -1000 +@@ -77,7 +77,7 @@ int if_register_upf (info) + /* %Audit% Cannot exceed 36 bytes. %2004.06.17,Safe% */ + sprintf(filename, "/dev/pf/pfilt%d", b); + +- sock = open (filename, O_RDWR, 0); ++ sock = open (filename, O_RDWR | O_CLOEXEC, 0); + if (sock < 0) { + if (errno == EBUSY) { + continue; +diff -up dhcp-4.0.0/dst/dst_api.c.cloexec dhcp-4.0.0/dst/dst_api.c +--- dhcp-4.0.0/dst/dst_api.c.cloexec 2007-11-30 11:51:43.000000000 -1000 ++++ dhcp-4.0.0/dst/dst_api.c 2008-10-29 13:06:22.000000000 -1000 +@@ -436,7 +436,7 @@ dst_s_write_private_key(const DST_KEY *k + PRIVATE_KEY, PATH_MAX); + + /* Do not overwrite an existing file */ +- if ((fp = dst_s_fopen(file, "w", 0600)) != NULL) { ++ if ((fp = dst_s_fopen(file, "we", 0600)) != NULL) { + int nn; + if ((nn = fwrite(encoded_block, 1, len, fp)) != len) { + EREPORT(("dst_write_private_key(): Write failure on %s %d != %d errno=%d\n", +@@ -493,7 +493,7 @@ dst_s_read_public_key(const char *in_nam + * flags, proto, alg stored as decimal (or hex numbers FIXME). + * (FIXME: handle parentheses for line continuation.) + */ +- if ((fp = dst_s_fopen(name, "r", 0)) == NULL) { ++ if ((fp = dst_s_fopen(name, "re", 0)) == NULL) { + EREPORT(("dst_read_public_key(): Public Key not found %s\n", + name)); + return (NULL); +@@ -615,7 +615,7 @@ dst_s_write_public_key(const DST_KEY *ke + return (0); + } + /* create public key file */ +- if ((fp = dst_s_fopen(filename, "w+", 0644)) == NULL) { ++ if ((fp = dst_s_fopen(filename, "w+e", 0644)) == NULL) { + EREPORT(("DST_write_public_key: open of file:%s failed (errno=%d)\n", + filename, errno)); + return (0); +@@ -849,7 +849,7 @@ dst_s_read_private_key_file(char *name, + return (0); + } + /* first check if we can find the key file */ +- if ((fp = dst_s_fopen(filename, "r", 0)) == NULL) { ++ if ((fp = dst_s_fopen(filename, "re", 0)) == NULL) { + EREPORT(("dst_s_read_private_key_file: Could not open file %s in directory %s\n", + filename, dst_path[0] ? dst_path : + (char *) getcwd(NULL, PATH_MAX - 1))); +diff -up dhcp-4.0.0/dst/prandom.c.cloexec dhcp-4.0.0/dst/prandom.c +--- dhcp-4.0.0/dst/prandom.c.cloexec 2007-11-30 11:51:43.000000000 -1000 ++++ dhcp-4.0.0/dst/prandom.c 2008-10-29 13:06:50.000000000 -1000 +@@ -267,7 +267,7 @@ get_dev_random(u_char *output, unsigned + + s = stat("/dev/random", &st); + if (s == 0 && S_ISCHR(st.st_mode)) { +- if ((fd = open("/dev/random", O_RDONLY | O_NONBLOCK)) != -1) { ++ if ((fd = open("/dev/random", O_RDONLY | O_NONBLOCK | O_CLOEXEC)) != -1) { + if ((n = read(fd, output, size)) < 0) + n = 0; + close(fd); +@@ -478,7 +478,7 @@ digest_file(dst_work *work) + work->file_digest = dst_free_key(work->file_digest); + return (0); + } +- if ((fp = fopen(name, "r")) == NULL) ++ if ((fp = fopen(name, "re")) == NULL) + return (0); + for (no = 0; (i = fread(buf, sizeof(*buf), sizeof(buf), fp)) > 0; + no += i) +diff -up dhcp-4.0.0/minires/res_init.c.cloexec dhcp-4.0.0/minires/res_init.c +--- dhcp-4.0.0/minires/res_init.c.cloexec 2007-10-01 04:47:35.000000000 -1000 ++++ dhcp-4.0.0/minires/res_init.c 2008-10-29 13:07:12.000000000 -1000 +@@ -234,7 +234,7 @@ minires_vinit(res_state statp, int prein + (line[sizeof(name) - 1] == ' ' || \ + line[sizeof(name) - 1] == '\t')) + +- if ((fp = fopen(_PATH_RESCONF, "r")) != NULL) { ++ if ((fp = fopen(_PATH_RESCONF, "re")) != NULL) { + /* read the config file */ + while (fgets(buf, sizeof(buf), fp) != NULL) { + /* skip comments */ +diff -up dhcp-4.0.0/minires/res_query.c.cloexec dhcp-4.0.0/minires/res_query.c +--- dhcp-4.0.0/minires/res_query.c.cloexec 2007-09-05 07:32:10.000000000 -1000 ++++ dhcp-4.0.0/minires/res_query.c 2008-10-29 13:07:30.000000000 -1000 +@@ -391,7 +391,7 @@ res_hostalias(const res_state statp, con + if (statp->options & RES_NOALIASES) + return (NULL); + file = getenv("HOSTALIASES"); +- if (file == NULL || (fp = fopen(file, "r")) == NULL) ++ if (file == NULL || (fp = fopen(file, "re")) == NULL) + return (NULL); + setbuf(fp, NULL); + buf[sizeof(buf) - 1] = '\0'; +diff -up dhcp-4.0.0/omapip/trace.c.cloexec dhcp-4.0.0/omapip/trace.c +--- dhcp-4.0.0/omapip/trace.c.cloexec 2007-07-12 20:43:42.000000000 -1000 ++++ dhcp-4.0.0/omapip/trace.c 2008-10-29 13:08:04.000000000 -1000 +@@ -140,10 +140,10 @@ isc_result_t trace_begin (const char *fi + return ISC_R_INVALIDARG; + } + +- traceoutfile = open (filename, O_CREAT | O_WRONLY | O_EXCL, 0600); ++ traceoutfile = open (filename, O_CREAT | O_WRONLY | O_EXCL | O_CLOEXEC, 0600); + if (traceoutfile < 0 && errno == EEXIST) { + log_error ("WARNING: Overwriting trace file \"%s\"", filename); +- traceoutfile = open (filename, O_WRONLY | O_EXCL, 0600); ++ traceoutfile = open (filename, O_WRONLY | O_EXCL | O_CLOEXEC, 0600); + } + + if (traceoutfile < 0) { +@@ -429,7 +429,7 @@ void trace_file_replay (const char *file + isc_result_t result; + int len; + +- traceinfile = fopen (filename, "r"); ++ traceinfile = fopen (filename, "re"); + if (!traceinfile) { + log_error ("Can't open tracefile %s: %m", filename); + return; +diff -up dhcp-4.0.0/relay/dhcrelay.c.cloexec dhcp-4.0.0/relay/dhcrelay.c +--- dhcp-4.0.0/relay/dhcrelay.c.cloexec 2007-11-30 11:51:43.000000000 -1000 ++++ dhcp-4.0.0/relay/dhcrelay.c 2008-10-29 13:08:49.000000000 -1000 +@@ -112,11 +112,11 @@ main(int argc, char **argv) { + /* Make sure that file descriptors 0 (stdin), 1, (stdout), and + 2 (stderr) are open. To do this, we assume that when we + open a file the lowest available file descriptor is used. */ +- fd = open("/dev/null", O_RDWR); ++ fd = open("/dev/null", O_RDWR | O_CLOEXEC); + if (fd == 0) +- fd = open("/dev/null", O_RDWR); ++ fd = open("/dev/null", O_RDWR | O_CLOEXEC); + if (fd == 1) +- fd = open("/dev/null", O_RDWR); ++ fd = open("/dev/null", O_RDWR | O_CLOEXEC); + if (fd == 2) + log_perror = 0; /* No sense logging to /dev/null. */ + else if (fd != -1) +@@ -288,12 +288,12 @@ main(int argc, char **argv) { + exit (0); + + pfdesc = open (path_dhcrelay_pid, +- O_CREAT | O_TRUNC | O_WRONLY, 0644); ++ O_CREAT | O_TRUNC | O_WRONLY | O_CLOEXEC, 0644); + + if (pfdesc < 0) { + log_error ("Can't create %s: %m", path_dhcrelay_pid); + } else { +- pf = fdopen (pfdesc, "w"); ++ pf = fdopen (pfdesc, "we"); + if (!pf) + log_error ("Can't fdopen %s: %m", + path_dhcrelay_pid); +diff -up dhcp-4.0.0/server/confpars.c.cloexec dhcp-4.0.0/server/confpars.c +--- dhcp-4.0.0/server/confpars.c.cloexec 2008-10-29 12:59:28.000000000 -1000 ++++ dhcp-4.0.0/server/confpars.c 2008-10-29 13:09:17.000000000 -1000 +@@ -115,7 +115,7 @@ isc_result_t read_conf_file (const char + } + #endif + +- if ((file = open (filename, O_RDONLY)) < 0) { ++ if ((file = open (filename, O_RDONLY | O_CLOEXEC)) < 0) { + if (leasep) { + log_error ("Can't open lease database %s: %m --", + path_dhcpd_db); +diff -up dhcp-4.0.0/server/db.c.cloexec dhcp-4.0.0/server/db.c +--- dhcp-4.0.0/server/db.c.cloexec 2007-10-05 12:29:51.000000000 -1000 ++++ dhcp-4.0.0/server/db.c 2008-10-29 13:09:39.000000000 -1000 +@@ -974,7 +974,7 @@ void db_startup (testp) + } + #endif + if (!testp) { +- db_file = fopen (path_dhcpd_db, "a"); ++ db_file = fopen (path_dhcpd_db, "ae"); + if (!db_file) + log_fatal ("Can't open %s for append.", path_dhcpd_db); + expire_all_pools (); +@@ -1022,12 +1022,12 @@ int new_lease_file () + path_dhcpd_db, (int)t) >= sizeof newfname) + log_fatal("new_lease_file: lease file path too long"); + +- db_fd = open (newfname, O_WRONLY | O_TRUNC | O_CREAT, 0664); ++ db_fd = open (newfname, O_WRONLY | O_TRUNC | O_CREAT | O_CLOEXEC, 0664); + if (db_fd < 0) { + log_error ("Can't create new lease file: %m"); + return 0; + } +- if ((new_db_file = fdopen(db_fd, "w")) == NULL) { ++ if ((new_db_file = fdopen(db_fd, "we")) == NULL) { + log_error("Can't fdopen new lease file: %m"); + close(db_fd); + goto fdfail; +diff -up dhcp-4.0.0/server/dhcpd.c.cloexec dhcp-4.0.0/server/dhcpd.c +--- dhcp-4.0.0/server/dhcpd.c.cloexec 2008-10-29 12:59:28.000000000 -1000 ++++ dhcp-4.0.0/server/dhcpd.c 2008-10-29 13:10:42.000000000 -1000 +@@ -225,11 +225,11 @@ main(int argc, char **argv) { + /* Make sure that file descriptors 0 (stdin), 1, (stdout), and + 2 (stderr) are open. To do this, we assume that when we + open a file the lowest available file descriptor is used. */ +- fd = open("/dev/null", O_RDWR); ++ fd = open("/dev/null", O_RDWR | O_CLOEXEC); + if (fd == 0) +- fd = open("/dev/null", O_RDWR); ++ fd = open("/dev/null", O_RDWR | O_CLOEXEC); + if (fd == 1) +- fd = open("/dev/null", O_RDWR); ++ fd = open("/dev/null", O_RDWR | O_CLOEXEC); + if (fd == 2) + log_perror = 0; /* No sense logging to /dev/null. */ + else if (fd != -1) +@@ -658,7 +658,7 @@ main(int argc, char **argv) { + } + + /* Read previous pid file. */ +- if ((i = open (path_dhcpd_pid, O_RDONLY)) >= 0) { ++ if ((i = open (path_dhcpd_pid, O_RDONLY | O_CLOEXEC)) >= 0) { + status = read(i, pbuf, (sizeof pbuf) - 1); + close (i); + if (status > 0) { +@@ -676,7 +676,7 @@ main(int argc, char **argv) { + } + + /* Write new pid file. */ +- if ((i = open(path_dhcpd_pid, O_WRONLY|O_CREAT|O_TRUNC, 0644)) >= 0) { ++ if ((i = open(path_dhcpd_pid, O_WRONLY|O_CREAT|O_TRUNC|O_CLOEXEC, 0644)) >= 0) { + sprintf(pbuf, "%d\n", (int) getpid()); + write(i, pbuf, strlen(pbuf)); + close(i); +@@ -702,9 +702,9 @@ main(int argc, char **argv) { + close(2); + + /* Reopen them on /dev/null. */ +- open("/dev/null", O_RDWR); +- open("/dev/null", O_RDWR); +- open("/dev/null", O_RDWR); ++ open("/dev/null", O_RDWR | O_CLOEXEC); ++ open("/dev/null", O_RDWR | O_CLOEXEC); ++ open("/dev/null", O_RDWR | O_CLOEXEC); + log_perror = 0; /* No sense logging to /dev/null. */ + + chdir("/"); +diff -up dhcp-4.0.0/server/ldap.c.cloexec dhcp-4.0.0/server/ldap.c +--- dhcp-4.0.0/server/ldap.c.cloexec 2008-10-29 12:59:28.000000000 -1000 ++++ dhcp-4.0.0/server/ldap.c 2008-10-29 13:11:10.000000000 -1000 +@@ -685,7 +685,7 @@ ldap_start (void) + + if (ldap_debug_file != NULL && ldap_debug_fd == -1) + { +- if ((ldap_debug_fd = open (ldap_debug_file, O_CREAT | O_TRUNC | O_WRONLY, ++ if ((ldap_debug_fd = open (ldap_debug_file, O_CREAT | O_TRUNC | O_WRONLY | O_CLOEXEC, + S_IRUSR | S_IWUSR)) < 0) + log_error ("Error opening debug LDAP log file %s: %s", ldap_debug_file, + strerror (errno)); diff --git a/dhcp-4.0.0-FD_CLOEXEC.patch b/dhcp-4.0.0-FD_CLOEXEC.patch deleted file mode 100644 index 9ad9190..0000000 --- a/dhcp-4.0.0-FD_CLOEXEC.patch +++ /dev/null @@ -1,133 +0,0 @@ -diff -up dhcp-4.0.0/client/dhclient.c.FD_CLOEXEC dhcp-4.0.0/client/dhclient.c ---- dhcp-4.0.0/client/dhclient.c.FD_CLOEXEC 2008-08-01 11:02:35.000000000 -1000 -+++ dhcp-4.0.0/client/dhclient.c 2008-08-01 11:14:01.000000000 -1000 -@@ -2696,6 +2696,7 @@ int leases_written = 0; - - void rewrite_client_leases () - { -+ int fd, flags; - struct interface_info *ip; - struct client_state *client; - struct client_lease *lp; -@@ -2708,6 +2709,23 @@ void rewrite_client_leases () - return; - } - -+ if ((fd = fileno(leaseFile)) == -1) { -+ log_error ("could not determine fd for %s: %s", path_dhclient_db, strerror(errno)); -+ return; -+ } -+ -+ if ((flags = fcntl(fd, F_GETFD)) == -1) { -+ log_error ("failed to get flags for %s: %s", path_dhclient_db, strerror(errno)); -+ return; -+ } -+ -+ flags |= FD_CLOEXEC; -+ -+ if (fcntl(fd, F_SETFD, flags) == -1) { -+ log_error ("failed to set close-on-exec for %s", path_dhclient_db); -+ return; -+ } -+ - /* If there is a default duid, write it out. */ - if (default_duid.len != 0) - write_duid(&default_duid); -@@ -2800,7 +2818,7 @@ static isc_result_t - write_duid(struct data_string *duid) - { - char *str; -- int stat; -+ int stat, flags, fd; - - if ((duid == NULL) || (duid->len <= 2)) - return ISC_R_INVALIDARG; -@@ -2811,6 +2829,23 @@ write_duid(struct data_string *duid) - log_error("can't create %s: %m", path_dhclient_db); - return ISC_R_IOERROR; - } -+ -+ if ((fd = fileno(leaseFile)) == -1) { -+ log_error ("could not determine fd for %s: %s", path_dhclient_db, strerror(errno)); -+ return ISC_R_IOERROR; -+ } -+ -+ if ((flags = fcntl(fd, F_GETFD)) == -1) { -+ log_error ("failed to get flags for %s: %s", path_dhclient_db, strerror(errno)); -+ return ISC_R_IOERROR; -+ } -+ -+ flags |= FD_CLOEXEC; -+ -+ if (fcntl(fd, F_SETFD, flags) == -1) { -+ log_error ("failed to set close-on-exec for %s", path_dhclient_db); -+ return ISC_R_IOERROR; -+ } - } - - /* It would make more sense to write this as a hex string, -@@ -2840,7 +2875,7 @@ write_client6_lease(struct client_state - { - struct dhc6_ia *ia; - struct dhc6_addr *addr; -- int stat; -+ int stat, flags, fd; - - /* This should include the current lease. */ - if (!rewrite && (leases_written++ > 20)) { -@@ -2858,6 +2893,23 @@ write_client6_lease(struct client_state - log_error("can't create %s: %m", path_dhclient_db); - return ISC_R_IOERROR; - } -+ -+ if ((fd = fileno(leaseFile)) == -1) { -+ log_error ("could not determine fd for %s: %s", path_dhclient_db, strerror(errno)); -+ return ISC_R_IOERROR; -+ } -+ -+ if ((flags = fcntl(fd, F_GETFD)) == -1) { -+ log_error ("failed to get flags for %s: %s", path_dhclient_db, strerror(errno)); -+ return ISC_R_IOERROR; -+ } -+ -+ flags |= FD_CLOEXEC; -+ -+ if (fcntl(fd, F_SETFD, flags) == -1) { -+ log_error ("failed to set close-on-exec for %s", path_dhclient_db); -+ return ISC_R_IOERROR; -+ } - } - - stat = fprintf(leaseFile, "lease6 {\n"); -@@ -2940,6 +2992,7 @@ int write_client_lease (client, lease, r - { - struct data_string ds; - int errors = 0; -+ int flags, fd; - char *s; - const char *tval; - -@@ -2961,6 +3014,23 @@ int write_client_lease (client, lease, r - log_error ("can't create %s: %m", path_dhclient_db); - return 0; - } -+ -+ if ((fd = fileno(leaseFile)) == -1) { -+ log_error ("could not determine fd for %s: %s", path_dhclient_db, strerror(errno)); -+ return ISC_R_IOERROR; -+ } -+ -+ if ((flags = fcntl(fd, F_GETFD)) == -1) { -+ log_error ("failed to get flags for %s: %s", path_dhclient_db, strerror(errno)); -+ return ISC_R_IOERROR; -+ } -+ -+ flags |= FD_CLOEXEC; -+ -+ if (fcntl(fd, F_SETFD, flags) == -1) { -+ log_error ("failed to set close-on-exec for %s", path_dhclient_db); -+ return ISC_R_IOERROR; -+ } - } - - errno = 0; diff --git a/dhcp-4.0.0-port-validation.patch b/dhcp-4.0.0-port-validation.patch index 59b22c6..4804816 100644 --- a/dhcp-4.0.0-port-validation.patch +++ b/dhcp-4.0.0-port-validation.patch @@ -1,6 +1,6 @@ diff -up dhcp-4.0.0/client/dhclient.c.port dhcp-4.0.0/client/dhclient.c ---- dhcp-4.0.0/client/dhclient.c.port 2008-09-30 16:27:28.000000000 -1000 -+++ dhcp-4.0.0/client/dhclient.c 2008-09-30 16:27:28.000000000 -1000 +--- dhcp-4.0.0/client/dhclient.c.port 2008-10-29 13:27:33.000000000 -1000 ++++ dhcp-4.0.0/client/dhclient.c 2008-10-29 13:27:33.000000000 -1000 @@ -218,7 +218,7 @@ int main(int argc, char **argv, char **e } else if (!strcmp (argv [i], "-p")) { if (++i == argc) @@ -12,7 +12,7 @@ diff -up dhcp-4.0.0/client/dhclient.c.port dhcp-4.0.0/client/dhclient.c } else if (!strcmp (argv [i], "-d")) { diff -up dhcp-4.0.0/common/inet.c.port dhcp-4.0.0/common/inet.c --- dhcp-4.0.0/common/inet.c.port 2007-07-12 20:43:41.000000000 -1000 -+++ dhcp-4.0.0/common/inet.c 2008-09-30 16:27:28.000000000 -1000 ++++ dhcp-4.0.0/common/inet.c 2008-10-29 13:27:33.000000000 -1000 @@ -604,3 +604,20 @@ piaddrcidr(const struct iaddr *addr, uns return ret; } @@ -35,8 +35,8 @@ diff -up dhcp-4.0.0/common/inet.c.port dhcp-4.0.0/common/inet.c + return htons(local_port); +} diff -up dhcp-4.0.0/includes/dhcpd.h.port dhcp-4.0.0/includes/dhcpd.h ---- dhcp-4.0.0/includes/dhcpd.h.port 2008-09-30 16:27:28.000000000 -1000 -+++ dhcp-4.0.0/includes/dhcpd.h 2008-09-30 16:27:54.000000000 -1000 +--- dhcp-4.0.0/includes/dhcpd.h.port 2008-10-29 13:27:33.000000000 -1000 ++++ dhcp-4.0.0/includes/dhcpd.h 2008-10-29 13:28:57.000000000 -1000 @@ -64,6 +64,7 @@ #endif @@ -45,9 +45,17 @@ diff -up dhcp-4.0.0/includes/dhcpd.h.port dhcp-4.0.0/includes/dhcpd.h #include "cdefs.h" #include "osdep.h" +@@ -2432,6 +2433,7 @@ isc_result_t free_iaddrcidrnetlist(struc + const char *piaddr PROTO ((struct iaddr)); + char *piaddrmask(struct iaddr *, struct iaddr *); + char *piaddrcidr(const struct iaddr *, unsigned int); ++u_int16_t validate_port(char *port); + + /* dhclient.c */ + extern int nowait; diff -up dhcp-4.0.0/relay/dhcrelay.c.port dhcp-4.0.0/relay/dhcrelay.c ---- dhcp-4.0.0/relay/dhcrelay.c.port 2007-11-30 11:51:43.000000000 -1000 -+++ dhcp-4.0.0/relay/dhcrelay.c 2008-09-30 16:27:28.000000000 -1000 +--- dhcp-4.0.0/relay/dhcrelay.c.port 2008-10-29 13:27:33.000000000 -1000 ++++ dhcp-4.0.0/relay/dhcrelay.c 2008-10-29 13:27:33.000000000 -1000 @@ -141,7 +141,7 @@ main(int argc, char **argv) { if (!strcmp (argv [i], "-p")) { if (++i == argc) @@ -58,8 +66,8 @@ diff -up dhcp-4.0.0/relay/dhcrelay.c.port dhcp-4.0.0/relay/dhcrelay.c ntohs (local_port)); } else if (!strcmp (argv [i], "-d")) { diff -up dhcp-4.0.0/server/dhcpd.c.port dhcp-4.0.0/server/dhcpd.c ---- dhcp-4.0.0/server/dhcpd.c.port 2008-09-30 16:27:28.000000000 -1000 -+++ dhcp-4.0.0/server/dhcpd.c 2008-09-30 16:27:28.000000000 -1000 +--- dhcp-4.0.0/server/dhcpd.c.port 2008-10-29 13:27:33.000000000 -1000 ++++ dhcp-4.0.0/server/dhcpd.c 2008-10-29 13:27:33.000000000 -1000 @@ -257,15 +257,7 @@ main(int argc, char **argv) { if (!strcmp (argv [i], "-p")) { if (++i == argc) diff --git a/dhcp.spec b/dhcp.spec index 01639e4..2dc27c1 100644 --- a/dhcp.spec +++ b/dhcp.spec @@ -4,7 +4,7 @@ Summary: DHCP (Dynamic Host Configuration Protocol) server and relay agent Name: dhcp Version: 4.0.0 -Release: 30%{?dist} +Release: 31%{?dist} # NEVER CHANGE THE EPOCH on this package. The previous maintainer (prior to # dcantrell maintaining the package) made incorrect use of the epoch and # that's why it is at 12 now. It should have never been used, but it was. @@ -43,7 +43,7 @@ Patch13: %{name}-4.0.0-dhclient-anycast.patch Patch14: %{name}-4.0.0-manpages.patch Patch15: %{name}-4.0.0-paths.patch Patch16: %{name}-4.0.0-NetworkManager-crash.patch -Patch17: %{name}-4.0.0-FD_CLOEXEC.patch +Patch17: %{name}-4.0.0-CLOEXEC.patch Patch18: %{name}-4.0.0-libdhcp4client.patch Patch19: %{name}-4.0.0-inherit-leases.patch Patch20: %{name}-4.0.0-garbage-chars.patch @@ -278,7 +278,7 @@ autoheader automake --foreign --add-missing --copy %build -CFLAGS="%{optflags} -fPIC" \ +CFLAGS="%{optflags} -fPIC -D_GNU_SOURCE" \ %configure \ --disable-dhcpv6 \ --with-srv-lease-file=%{_localstatedir}/lib/dhcpd/dhcpd.leases \ @@ -449,6 +449,11 @@ fi %{_libdir}/libdhcp4client.so %changelog +* Wed Oct 29 2008 David Cantrell - 12:4.0.0-31 +- Use O_CLOEXEC in open(2) calls and "e" mode in fopen(3) calls, build + with -D_GNU_SOURCE so we pick up O_CLOEXEC (#468984) +- Add missing prototype for validate_port() in common/inet.c + * Thu Oct 23 2008 David Cantrell - 12:4.0.0-30 - Fix dhclient.conf man page and sample config file to say 'supersede domain-search', which is what was actually demonstrated (#467955)