提交 4dbd6e96 编写于 作者: E Eric Blake

build: prefer mkostemp for multi-thread safety

https://bugzilla.redhat.com/show_bug.cgi?id=871756

Commit cd1e8d1c assumed that systems new enough to have journald
also have mkostemp; but this is not true for uclibc.

For that matter, use of mkstemp[s] is unsafe in a multi-threaded
program.  We should prefer mkostemp[s] in the first place.

* bootstrap.conf (gnulib_modules): Add mkostemp, mkostemps; drop
mkstemp and mkstemps.
* cfg.mk (sc_prohibit_mkstemp): New syntax check.
* tools/virsh.c (vshEditWriteToTempFile): Adjust caller.
* src/qemu/qemu_driver.c (qemuDomainScreenshot)
(qemudDomainMemoryPeek): Likewise.
* src/secret/secret_driver.c (replaceFile): Likewise.
* src/vbox/vbox_tmpl.c (vboxDomainScreenshot): Likewise.
上级 ffa62d06
...@@ -69,8 +69,8 @@ listen ...@@ -69,8 +69,8 @@ listen
localeconv localeconv
maintainer-makefile maintainer-makefile
manywarnings manywarnings
mkstemp mkostemp
mkstemps mkostemps
mktempd mktempd
net_if net_if
netdb netdb
......
...@@ -339,6 +339,12 @@ sc_prohibit_fork_wrappers: ...@@ -339,6 +339,12 @@ sc_prohibit_fork_wrappers:
halt='use virCommand for child processes' \ halt='use virCommand for child processes' \
$(_sc_search_regexp) $(_sc_search_regexp)
# Prefer mkostemp with O_CLOEXEC.
sc_prohibit_mkstemp:
@prohibit='[^"]\<mkstemps? *\(' \
halt='use mkostemp with O_CLOEXEC instead of mkstemp' \
$(_sc_search_regexp)
# access with X_OK accepts directories, but we can't exec() those. # access with X_OK accepts directories, but we can't exec() those.
# access with F_OK or R_OK is okay, though. # access with F_OK or R_OK is okay, though.
sc_prohibit_access_xok: sc_prohibit_access_xok:
......
...@@ -3485,8 +3485,8 @@ qemuDomainScreenshot(virDomainPtr dom, ...@@ -3485,8 +3485,8 @@ qemuDomainScreenshot(virDomainPtr dom,
goto endjob; goto endjob;
} }
if ((tmp_fd = mkstemp(tmp)) == -1) { if ((tmp_fd = mkostemp(tmp, O_CLOEXEC)) == -1) {
virReportSystemError(errno, _("mkstemp(\"%s\") failed"), tmp); virReportSystemError(errno, _("mkostemp(\"%s\") failed"), tmp);
goto endjob; goto endjob;
} }
unlink_tmp = true; unlink_tmp = true;
...@@ -9230,9 +9230,9 @@ qemudDomainMemoryPeek (virDomainPtr dom, ...@@ -9230,9 +9230,9 @@ qemudDomainMemoryPeek (virDomainPtr dom,
} }
/* Create a temporary filename. */ /* Create a temporary filename. */
if ((fd = mkstemp (tmp)) == -1) { if ((fd = mkostemp(tmp, O_CLOEXEC)) == -1) {
virReportSystemError(errno, virReportSystemError(errno,
_("mkstemp(\"%s\") failed"), tmp); _("mkostemp(\"%s\") failed"), tmp);
goto endjob; goto endjob;
} }
......
...@@ -171,9 +171,9 @@ replaceFile(const char *filename, void *data, size_t size) ...@@ -171,9 +171,9 @@ replaceFile(const char *filename, void *data, size_t size)
virReportOOMError(); virReportOOMError();
goto cleanup; goto cleanup;
} }
fd = mkstemp (tmp_path); fd = mkostemp(tmp_path, O_CLOEXEC);
if (fd == -1) { if (fd == -1) {
virReportSystemError(errno, _("mkstemp('%s') failed"), tmp_path); virReportSystemError(errno, _("mkostemp('%s') failed"), tmp_path);
goto cleanup; goto cleanup;
} }
if (fchmod(fd, S_IRUSR | S_IWUSR) != 0) { if (fchmod(fd, S_IRUSR | S_IWUSR) != 0) {
......
...@@ -9157,8 +9157,8 @@ vboxDomainScreenshot(virDomainPtr dom, ...@@ -9157,8 +9157,8 @@ vboxDomainScreenshot(virDomainPtr dom,
return NULL; return NULL;
} }
if ((tmp_fd = mkstemp(tmp)) == -1) { if ((tmp_fd = mkostemp(tmp, O_CLOEXEC)) == -1) {
virReportSystemError(errno, _("mkstemp(\"%s\") failed"), tmp); virReportSystemError(errno, _("mkostemp(\"%s\") failed"), tmp);
VIR_FREE(tmp); VIR_FREE(tmp);
VBOX_RELEASE(machine); VBOX_RELEASE(machine);
return NULL; return NULL;
......
...@@ -565,9 +565,9 @@ vshEditWriteToTempFile(vshControl *ctl, const char *doc) ...@@ -565,9 +565,9 @@ vshEditWriteToTempFile(vshControl *ctl, const char *doc)
vshError(ctl, "%s", _("out of memory")); vshError(ctl, "%s", _("out of memory"));
return NULL; return NULL;
} }
fd = mkstemps(ret, 4); fd = mkostemps(ret, 4, O_CLOEXEC);
if (fd == -1) { if (fd == -1) {
vshError(ctl, _("mkstemps: failed to create temporary file: %s"), vshError(ctl, _("mkostemps: failed to create temporary file: %s"),
virStrerror(errno, ebuf, sizeof(ebuf))); virStrerror(errno, ebuf, sizeof(ebuf)));
VIR_FREE(ret); VIR_FREE(ret);
return NULL; return NULL;
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册