svn commit: r184301 - in stable/6/lib: libc/stdlib libutil

[Ed Schouten]

Author: ed
Date: Sun Oct 26 21:56:06 2008
New Revision: 184301
URL: http://svn.freebsd.org/changeset/base/184301

Log:
  MFC r183565:
  
    Small cleanups to openpty().
  
    - Pass O_NOCTTY to posix_openpt(2). This makes the implementation work
      consistently on implementations that make the PTY the controlling TTY
      by default.
  
    - Call unlockpt() before opening the slave device. POSIX mentions that
      de slave device should only be opened after grantpt() and unlockpt()
      have been called.
  
    - Replace some redundant code by a label.
  
  As a safety net, add a call to revoke() to unlockpt(). All applications
  out there use openpty(), explicitly call revoke() or implement their own
  PTY allocation routines. Adding the call to unlockpt() won't hurt, but
  will prevent foot-shooting.
  
  Reviewed by:	jhb, kib
  Approved by:	re

Modified:
  stable/6/lib/libc/stdlib/grantpt.3
  stable/6/lib/libc/stdlib/grantpt.c
  stable/6/lib/libutil/pty.c

Modified: stable/6/lib/libc/stdlib/grantpt.3
==============================================================================
--- stable/6/lib/libc/stdlib/grantpt.3	Sun Oct 26 21:55:19 2008	(r184300)
+++ stable/6/lib/libc/stdlib/grantpt.3	Sun Oct 26 21:56:06 2008	(r184301)
@@ -212,11 +212,6 @@ and
 functions appeared in
 .Fx 5.0 .
 .Sh NOTES
-The purpose of the
-.Fn unlockpt
-function has no meaning in
-.Fx .
-.Pp
 The flag
 .Dv O_NOCTTY
 is included for compatibility; in

Modified: stable/6/lib/libc/stdlib/grantpt.c
==============================================================================
--- stable/6/lib/libc/stdlib/grantpt.c	Sun Oct 26 21:55:19 2008	(r184300)
+++ stable/6/lib/libc/stdlib/grantpt.c	Sun Oct 26 21:56:06 2008	(r184301)
@@ -237,14 +237,20 @@ invalid:
 int
 unlockpt(int fildes)
 {
+	const char *slave;
 
 	/*
-	 * Unlocking a master/slave pseudo-terminal pair has no meaning in a
-	 * non-streams PTY environment.  However, we do ensure fildes is a
-	 * valid master pseudo-terminal device.
+	 * Even though unlocking a PTY has no meaning in a non-streams
+	 * PTY environment, make this function call revoke() to ensure
+	 * the PTY slave device is not being evesdropped.
 	 */
-	if (ptsname(fildes) == NULL)
+	if ((slave = ptsname(fildes)) == NULL)
 		return (-1);
 
+	if (revoke(slave) == -1) {
+		errno = EINVAL;
+		return (-1);
+	}
+
 	return (0);
 }

Modified: stable/6/lib/libutil/pty.c
==============================================================================
--- stable/6/lib/libutil/pty.c	Sun Oct 26 21:55:19 2008	(r184300)
+++ stable/6/lib/libutil/pty.c	Sun Oct 26 21:56:06 2008	(r184301)
@@ -60,37 +60,26 @@ openpty(int *amaster, int *aslave, char 
 	const char *slavename;
 	int master, slave;
 
-	master = posix_openpt(O_RDWR);
+	master = posix_openpt(O_RDWR|O_NOCTTY);
 	if (master == -1)
 		return (-1);
 
-	if (grantpt(master) == -1) {
-		close(master);
-		return (-1);
-	}
+	if (grantpt(master) == -1)
+		goto bad;
+
+	if (unlockpt(master) == -1)
+		goto bad;
 
 	slavename = ptsname(master);
-	if (slavename == NULL) {
-		close(master);
-		return (-1);
-	}
+	if (slavename == NULL)
+		goto bad;
 
-	if (revoke(slavename) == -1) {
-		close(master);
-		return (-1);
-	}
+	if (revoke(slavename) == -1)
+		goto bad;
 
 	slave = open(slavename, O_RDWR);
-	if (slave == -1) {
-		close(master);
-		return (-1);
-	}
-
-	if (unlockpt(master) == -1) {
-		close(master);
-		close(slave);
-		return (-1);
-	}
+	if (slave == -1)
+		goto bad;
 
 	*amaster = master;
 	*aslave = slave;
@@ -103,6 +92,9 @@ openpty(int *amaster, int *aslave, char 
 		ioctl(slave, TIOCSWINSZ, (char *)winp);
 
 	return (0);
+
+bad:	close(master);
+	return (-1);
 }
 
 int