socsvn commit: r257194 - soc2013/dpl/head/contrib/xz/src/xz
dpl at FreeBSD.org
dpl at FreeBSD.org
Tue Sep 10 11:46:11 UTC 2013
Author: dpl
Date: Tue Sep 10 11:46:11 2013
New Revision: 257194
URL: http://svnweb.FreeBSD.org/socsvn/?view=rev&rev=257194
Log:
Reverted back just to make sure this works. Also, added a check for malloc().
Modified:
soc2013/dpl/head/contrib/xz/src/xz/file_io.c
soc2013/dpl/head/contrib/xz/src/xz/main.c
Modified: soc2013/dpl/head/contrib/xz/src/xz/file_io.c
==============================================================================
--- soc2013/dpl/head/contrib/xz/src/xz/file_io.c Tue Sep 10 10:38:15 2013 (r257193)
+++ soc2013/dpl/head/contrib/xz/src/xz/file_io.c Tue Sep 10 11:46:11 2013 (r257194)
@@ -1020,68 +1020,73 @@
}
#if defined(CAPSICUM)
-void limitfd(int, cap_rights_t *rights);
-
extern void
limitpair(file_pair *pair)
{
- cap_rights_t dir_cap;
- cap_rights_t src_cap;
- cap_rights_t dest_cap;
-
- cap_rights_init(&dir_cap, CAP_FSTATAT, CAP_UNLINKAT, CAP_LOOKUP);
- cap_rights_init(&src_cap, CAP_READ, CAP_SEEK);
- cap_rights_init(&dest_cap, CAP_WRITE, CAP_FSTAT, CAP_FCHOWN, CAP_FCHMOD, CAP_FUTIMES);
-
- if(pair->dir_fd != -1 )
- limitfd(pair->dir_fd, &dir_cap);
+ cap_rights_t rights;
- if(pair->src_fd != -1 )
- limitfd(pair->src_fd, &src_cap);
+ if(pair->dir_fd != -1 ){
+ rights = CAP_FSTATAT|CAP_UNLINKAT|CAP_LOOKUP;
+ if (cap_rights_limit(pair->dir_fd, rights) < 0 && errno != ENOSYS){
+ message_error("%s: %s", pair->dest_name, strerror(errno));
+ exit(E_ERROR);
+ }
+ }
- if(pair->dest_fd != -1 )
- limitfd(pair->dest_fd, &dest_cap);
+ if(pair->src_fd != -1 ){
+ rights = CAP_READ|CAP_SEEK;
+ if (cap_rights_limit(pair->src_fd, rights) < 0 && errno != ENOSYS){
+ message_error("%s: %s", pair->src_name, strerror(errno));
+ exit(E_ERROR);
+ }
+ }
+ if(pair->dest_fd != -1 ){
+ rights = CAP_WRITE|CAP_FSTAT|CAP_FCHOWN
+ |CAP_FCHMOD|CAP_FUTIMES;
+ if (cap_rights_limit(pair->dest_fd, rights) < 0 && errno != ENOSYS){
+ message_error("%s: %s", pair->dest_name, strerror(errno));
+ exit(E_ERROR);
+ }
+ }
return;
}
extern void
capsicum_enter(void)
{
- cap_rights_t stdin_cap;
- cap_rights_t stdout_cap;
- cap_rights_t stderr_cap;
-
- cap_rights_init(&stdin_cap, CAP_READ);
- cap_rights_init(&stdout_cap, CAP_WRITE);
- cap_rights_init(&stderr_cap, CAP_WRITE);
-
- limitfd(&stdin_cap, CAP_READ);
- limitfd(&stdout_cap, CAP_WRITE);
- limitfd(&stderr_cap, CAP_WRITE);
+ cap_rights_t rights;
- if (cap_enter() < 0 && errno != ENOSYS) {
- message_error("cap_enter: %s", strerror(errno));
+ if( cap_rights_get(STDIN_FILENO, &rights) < 0 && errno != ENOSYS) {
+ message_error("%d: %s", STDIN_FILENO, strerror(errno));
exit(E_ERROR);
+ } else if (rights == 0) {
+ if (cap_rights_limit(STDIN_FILENO, CAP_WRITE) < 0 && errno != ENOSYS){
+ message_error("%d: %s", STDIN_FILENO, strerror(errno));
+ exit(E_ERROR);
+ }
}
- return;
-}
-
-void
-limitfd(int fd, cap_rights_t *rights)
-{
- int rightsget;
+ if( cap_rights_get(STDOUT_FILENO, &rights) < 0 && errno != ENOSYS) {
+ message_error("%d: %s", STDOUT_FILENO, strerror(errno));
+ exit(E_ERROR);
+ } else if (rights == 0) {
+ if (cap_rights_limit(STDOUT_FILENO, CAP_WRITE) < 0 && errno != ENOSYS){
+ message_error("%d: %s", STDOUT_FILENO, strerror(errno));
+ exit(E_ERROR);
+ }
+ }
- rightsget = cap_rights_get(fd, rights);
- if( rightsget < 0 && errno != ENOSYS) {
- message_error("%d: %s", fd, strerror(errno));
+ if (cap_rights_limit(STDERR_FILENO, CAP_WRITE) < 0 && errno != ENOSYS){
+ message_error("%d: %s", STDERR_FILENO, strerror(errno));
exit(E_ERROR);
}
- if (cap_rights_limit(fd, rights) < 0 && errno != ENOSYS) {
- message_error("%d: %s", STDIN_FILENO, strerror(errno));
+ if (cap_enter() < 0 && errno != ENOSYS){
+ message_error("cap_enter: %s", strerror(errno));
exit(E_ERROR);
}
+
+ return;
}
-#endif /* CAPSICUM */
+#endif
Modified: soc2013/dpl/head/contrib/xz/src/xz/main.c
==============================================================================
--- soc2013/dpl/head/contrib/xz/src/xz/main.c Tue Sep 10 10:38:15 2013 (r257193)
+++ soc2013/dpl/head/contrib/xz/src/xz/main.c Tue Sep 10 11:46:11 2013 (r257194)
@@ -146,6 +146,10 @@
// If we get past of 8 elements, realloc 8 more.
// XXX check
char **files = malloc( 8*sizeof(char*) );
+ if (files == NULL) {
+ message_error("malloc: %s", strerror(errno));
+ exit(E_ERROR);
+ }
#if defined(_WIN32) && !defined(__CYGWIN__)
InitializeCriticalSection(&exit_status_cs);
More information about the svn-soc-all
mailing list