Date: Tue, 10 Sep 2013 11:46:11 GMT From: dpl@FreeBSD.org To: svn-soc-all@FreeBSD.org Subject: socsvn commit: r257194 - soc2013/dpl/head/contrib/xz/src/xz Message-ID: <201309101146.r8ABkBTk049594@socsvn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: dpl Date: Tue Sep 10 11:46:11 2013 New Revision: 257194 URL: http://svnweb.FreeBSD.org/socsvn/?view=rev&rev=257194 Log: Reverted back just to make sure this works. Also, added a check for malloc(). Modified: soc2013/dpl/head/contrib/xz/src/xz/file_io.c soc2013/dpl/head/contrib/xz/src/xz/main.c Modified: soc2013/dpl/head/contrib/xz/src/xz/file_io.c ============================================================================== --- soc2013/dpl/head/contrib/xz/src/xz/file_io.c Tue Sep 10 10:38:15 2013 (r257193) +++ soc2013/dpl/head/contrib/xz/src/xz/file_io.c Tue Sep 10 11:46:11 2013 (r257194) @@ -1020,68 +1020,73 @@ } #if defined(CAPSICUM) -void limitfd(int, cap_rights_t *rights); - extern void limitpair(file_pair *pair) { - cap_rights_t dir_cap; - cap_rights_t src_cap; - cap_rights_t dest_cap; - - cap_rights_init(&dir_cap, CAP_FSTATAT, CAP_UNLINKAT, CAP_LOOKUP); - cap_rights_init(&src_cap, CAP_READ, CAP_SEEK); - cap_rights_init(&dest_cap, CAP_WRITE, CAP_FSTAT, CAP_FCHOWN, CAP_FCHMOD, CAP_FUTIMES); - - if(pair->dir_fd != -1 ) - limitfd(pair->dir_fd, &dir_cap); + cap_rights_t rights; - if(pair->src_fd != -1 ) - limitfd(pair->src_fd, &src_cap); + if(pair->dir_fd != -1 ){ + rights = CAP_FSTATAT|CAP_UNLINKAT|CAP_LOOKUP; + if (cap_rights_limit(pair->dir_fd, rights) < 0 && errno != ENOSYS){ + message_error("%s: %s", pair->dest_name, strerror(errno)); + exit(E_ERROR); + } + } - if(pair->dest_fd != -1 ) - limitfd(pair->dest_fd, &dest_cap); + if(pair->src_fd != -1 ){ + rights = CAP_READ|CAP_SEEK; + if (cap_rights_limit(pair->src_fd, rights) < 0 && errno != ENOSYS){ + message_error("%s: %s", pair->src_name, strerror(errno)); + exit(E_ERROR); + } + } + if(pair->dest_fd != -1 ){ + rights = CAP_WRITE|CAP_FSTAT|CAP_FCHOWN + |CAP_FCHMOD|CAP_FUTIMES; + if (cap_rights_limit(pair->dest_fd, rights) < 0 && errno != ENOSYS){ + message_error("%s: %s", pair->dest_name, strerror(errno)); + exit(E_ERROR); + } + } return; } extern void capsicum_enter(void) { - cap_rights_t stdin_cap; - cap_rights_t stdout_cap; - cap_rights_t stderr_cap; - - cap_rights_init(&stdin_cap, CAP_READ); - cap_rights_init(&stdout_cap, CAP_WRITE); - cap_rights_init(&stderr_cap, CAP_WRITE); - - limitfd(&stdin_cap, CAP_READ); - limitfd(&stdout_cap, CAP_WRITE); - limitfd(&stderr_cap, CAP_WRITE); + cap_rights_t rights; - if (cap_enter() < 0 && errno != ENOSYS) { - message_error("cap_enter: %s", strerror(errno)); + if( cap_rights_get(STDIN_FILENO, &rights) < 0 && errno != ENOSYS) { + message_error("%d: %s", STDIN_FILENO, strerror(errno)); exit(E_ERROR); + } else if (rights == 0) { + if (cap_rights_limit(STDIN_FILENO, CAP_WRITE) < 0 && errno != ENOSYS){ + message_error("%d: %s", STDIN_FILENO, strerror(errno)); + exit(E_ERROR); + } } - return; -} - -void -limitfd(int fd, cap_rights_t *rights) -{ - int rightsget; + if( cap_rights_get(STDOUT_FILENO, &rights) < 0 && errno != ENOSYS) { + message_error("%d: %s", STDOUT_FILENO, strerror(errno)); + exit(E_ERROR); + } else if (rights == 0) { + if (cap_rights_limit(STDOUT_FILENO, CAP_WRITE) < 0 && errno != ENOSYS){ + message_error("%d: %s", STDOUT_FILENO, strerror(errno)); + exit(E_ERROR); + } + } - rightsget = cap_rights_get(fd, rights); - if( rightsget < 0 && errno != ENOSYS) { - message_error("%d: %s", fd, strerror(errno)); + if (cap_rights_limit(STDERR_FILENO, CAP_WRITE) < 0 && errno != ENOSYS){ + message_error("%d: %s", STDERR_FILENO, strerror(errno)); exit(E_ERROR); } - if (cap_rights_limit(fd, rights) < 0 && errno != ENOSYS) { - message_error("%d: %s", STDIN_FILENO, strerror(errno)); + if (cap_enter() < 0 && errno != ENOSYS){ + message_error("cap_enter: %s", strerror(errno)); exit(E_ERROR); } + + return; } -#endif /* CAPSICUM */ +#endif Modified: soc2013/dpl/head/contrib/xz/src/xz/main.c ============================================================================== --- soc2013/dpl/head/contrib/xz/src/xz/main.c Tue Sep 10 10:38:15 2013 (r257193) +++ soc2013/dpl/head/contrib/xz/src/xz/main.c Tue Sep 10 11:46:11 2013 (r257194) @@ -146,6 +146,10 @@ // If we get past of 8 elements, realloc 8 more. // XXX check char **files = malloc( 8*sizeof(char*) ); + if (files == NULL) { + message_error("malloc: %s", strerror(errno)); + exit(E_ERROR); + } #if defined(_WIN32) && !defined(__CYGWIN__) InitializeCriticalSection(&exit_status_cs);
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201309101146.r8ABkBTk049594>