diff --git a/xsane-0.995-close-fds.patch b/xsane-0.995-close-fds.patch index fddbab0..b922bfc 100644 --- a/xsane-0.995-close-fds.patch +++ b/xsane-0.995-close-fds.patch @@ -1,29 +1,80 @@ diff -up xsane-0.995/src/xsane.c.close-fds xsane-0.995/src/xsane.c --- xsane-0.995/src/xsane.c.close-fds 2007-09-28 17:24:56.000000000 +0200 -+++ xsane-0.995/src/xsane.c 2008-07-15 17:48:17.000000000 +0200 -@@ -3681,6 +3681,8 @@ static void xsane_show_doc_via_nsr(GtkWi - char *arg[5]; - struct stat st; - char netscape_lock_path[PATH_MAX]; ++++ xsane-0.995/src/xsane.c 2008-07-18 16:10:30.000000000 +0200 +@@ -48,6 +48,8 @@ + + #include + ++#include ++ + /* ---------------------------------------------------------------------------------------------------------------------- */ + + struct option long_options[] = +@@ -3673,6 +3675,41 @@ static void xsane_show_gpl(GtkWidget *wi + + /* ---------------------------------------------------------------------------------------------------------------------- */ + ++static void xsane_close_fds_for_exec(signed int first_fd_to_leave_open, ...) ++{ + int open_max; -+ int i; - - DBG(DBG_proc, "xsane_show_doc_via_nsr(%s)\n", name); - -@@ -3725,6 +3727,17 @@ static void xsane_show_doc_via_nsr(GtkWi ++ signed int i; ++ ++ va_list ap; ++ unsigned char *close_fds; ++ ++ open_max = (int) sysconf (_SC_OPEN_MAX); ++ ++ close_fds = malloc (open_max); ++ ++ memset (close_fds, 1, open_max); ++ ++ va_start (ap, first_fd_to_leave_open); ++ ++ for (i = first_fd_to_leave_open; i >= 0; i = va_arg (ap, signed int)) { ++ if (i < open_max) ++ close_fds[i] = 0; ++ } ++ ++ va_end (ap); ++ ++ DBG(DBG_info, "closing unneeded file descriptors\n"); ++ ++ for (i = 0; i < open_max; i++) { ++ if (close_fds[i]) ++ close (i); ++ } ++ ++ free (close_fds); ++} ++ ++/* ---------------------------------------------------------------------------------------------------------------------- */ ++ + static void xsane_show_doc_via_nsr(GtkWidget *widget, gpointer data) /* show via netscape remote */ + { + char *name = (char *) data; +@@ -3725,6 +3762,8 @@ static void xsane_show_doc_via_nsr(GtkWi ipc_file = fdopen(xsane.ipc_pipefd[1], "w"); } -+ open_max = (int) sysconf (_SC_OPEN_MAX); -+ -+ DBG(DBG_info, "closing unneeded file descriptors\n"); -+ -+ /* leave stdin, stdout, stderr alone */ -+ for (i = 3; i < open_max; i++) { -+ /* xsane.ipc_pipefd[0] is closed by now */ -+ if (i != xsane.ipc_pipefd[1]) -+ close (i); -+ } ++ xsane_close_fds_for_exec (1, 2, xsane.ipc_pipefd[1], -1); ++ + DBG(DBG_info, "trying to change user id for new subprocess:\n"); + DBG(DBG_info, "old effective uid = %d\n", (int) geteuid()); + setuid(getuid()); +@@ -3767,6 +3806,8 @@ static void xsane_show_doc_via_nsr(GtkWi + ipc_file = fdopen(xsane.ipc_pipefd[1], "w"); + } + ++ xsane_close_fds_for_exec (1, 2, xsane.ipc_pipefd[1], -1); ++ + DBG(DBG_info, "trying to change user id for new subprocess:\n"); + DBG(DBG_info, "old effective uid = %d\n", (int) geteuid()); + setuid(getuid()); +@@ -3888,6 +3929,8 @@ static void xsane_show_doc(GtkWidget *wi + ipc_file = fdopen(xsane.ipc_pipefd[1], "w"); + } + ++ xsane_close_fds_for_exec (1, 2, xsane.ipc_pipefd[1], -1); + DBG(DBG_info, "trying to change user id for new subprocess:\n"); DBG(DBG_info, "old effective uid = %d\n", (int) geteuid()); diff --git a/xsane.spec b/xsane.spec index fb7cb2e..6862cac 100644 --- a/xsane.spec +++ b/xsane.spec @@ -3,7 +3,7 @@ Name: xsane Summary: X Window System front-end for the SANE scanner interface Version: 0.995 -Release: 4%{?dist} +Release: 5%{?dist} Source0: http://www.xsane.org/download/%{name}-%{version}.tar.gz Source1: xsane.desktop Source2: xsane.conf.in @@ -107,6 +107,9 @@ fi %config(noreplace) %{_sysconfdir}/gimp/plugins.d/xsane.conf %changelog +* Fri Jul 18 2008 Nils Philippsen - 0.995-5 +- fix fd leak prevention (#455450) + * Tue Jul 15 2008 Nils Philippsen - 0.995-4 - don't leak file descriptors to help browser process (#455450)