Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-ID: <2dd69ee3939f469ab98a07d5337a8bf0@huawei.com>
Date: Wed, 19 Feb 2020 06:47:53 +0000
From: zhangtianci <zhangtianci1@...wei.com>
To: "musl@...ts.openwall.com" <musl@...ts.openwall.com>
CC: "Songyunlong (Euler)" <yunlong.song@...wei.com>
Subject: Re: [PATCH] stdio: Fix fdopen bug

> On Wed, Feb 19, 2020 at 10:37:29AM +0800, Zhang Tianci wrote:
> > Currently, in musl the fdopen doesn't check the consistence between
> > fd's mode and corresponding file's mode.
> >
> > For example,
> >
> > int fd = open("file1", O_RDONLY);
> > FILE *f = fdopen(fd, "W")
> >
> > In musl, above code will be Okay.
> > While according to POSIX, above code (fdopen) will return EINVAL.
> >
> > Signed-off-by: Zhang Tianci <zhangtianci1@...wei.com>
> > ---
> >  src/stdio/__fdopen.c | 10 ++++++++++
> >  1 file changed, 10 insertions(+)
> >
> > diff --git a/src/stdio/__fdopen.c b/src/stdio/__fdopen.c index
> > 116e78e..23c4ffd 100644
> > --- a/src/stdio/__fdopen.c
> > +++ b/src/stdio/__fdopen.c
> > @@ -26,6 +26,16 @@ FILE *__fdopen(int fd, const char *mode)
> >  	/* Impose mode restrictions */
> >  	if (!strchr(mode, '+')) f->flags = (*mode == 'r') ? F_NOWR : F_NORD;
> >
> > +	int fd_flag = __syscall(SYS_fcntl, fd, F_GETFL);
> > +
> > +	if (fd_flag == -1) return 0;
> > +
> > +	if (((fd_flag & O_ACCMODE) == O_RDONLY && !(f->flags & F_NORD))
> ||
> > +	    ((fd_flag & O_ACCMODE) == O_WRONLY && !(f->flags &
> F_NOWR))) {
> > +		errno = EINVAL;
> > +		return 0;
> > +	}
> > +
> >  	/* Apply close-on-exec flag */
> >  	if (strchr(mode, 'e')) __syscall(SYS_fcntl, fd, F_SETFD,
> > FD_CLOEXEC);
> >
> > --
> > 2.17.1
> 
> Per POSIX this is a "may fail" not a "shall fail". Testing for this is more costly
> (see added code/syscalls in the patch) and serves no purpose, which is why
> it's not done.
> 
> Rich

POSIX's require on fdopen:

     The application shall ensure that the mode of the stream as expressed by the
     mode argument is allowed by the file access mode of the open file description 
     to which fildes refers.

So I think the example above should return EINVAL.

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.