/*
- * Copyright (c) 2004-2005 Todd C. Miller <Todd.Miller@courtesan.com>
+ * SPDX-License-Identifier: ISC
+ *
+ * Copyright (c) 2004-2005, 2007, 2010, 2012-2015, 2017-2018
+ * Todd C. Miller <Todd.Miller@sudo.ws>
*
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
-#include "includes.h"
+/*
+ * This is an open source non-commercial project. Dear PVS-Studio, please check it.
+ * PVS-Studio Static Code Analyzer for C, C++ and C#: http://www.viva64.com
+ */
+
+#include <config.h>
#ifndef HAVE_CLOSEFROM
#include <sys/types.h>
-#include <sys/param.h>
#include <unistd.h>
#include <stdio.h>
-#ifdef HAVE_FCNTL_H
-# include <fcntl.h>
-#endif
-#include <limits.h>
#include <stdlib.h>
-#include <stddef.h>
-#include <string.h>
-#include <unistd.h>
-#ifdef HAVE_DIRENT_H
-# include <dirent.h>
-# define NAMLEN(dirent) strlen((dirent)->d_name)
+#include <fcntl.h>
+#include <limits.h>
+#ifdef HAVE_PSTAT_GETPROC
+# include <sys/pstat.h>
#else
-# define dirent direct
-# define NAMLEN(dirent) (dirent)->d_namlen
-# ifdef HAVE_SYS_NDIR_H
-# include <sys/ndir.h>
-# endif
-# ifdef HAVE_SYS_DIR_H
-# include <sys/dir.h>
-# endif
-# ifdef HAVE_NDIR_H
-# include <ndir.h>
-# endif
+# include <dirent.h>
#endif
-#ifndef OPEN_MAX
-# define OPEN_MAX 256
-#endif
+#include "openbsd.h"
-#if 0
-__unused static const char rcsid[] = "$Sudo: closefrom.c,v 1.11 2006/08/17 15:26:54 millert Exp $";
-#endif /* lint */
+#ifndef _POSIX_OPEN_MAX
+# define _POSIX_OPEN_MAX 20
+#endif
/*
* Close all file descriptors greater than or equal to lowfd.
+ * This is the expensive (fallback) method.
*/
-#ifdef HAVE_FCNTL_CLOSEM
-void
-closefrom(int lowfd)
+static void
+closefrom_fallback(int lowfd)
{
- (void) fcntl(lowfd, F_CLOSEM, 0);
-}
+ long fd, maxfd;
+
+ /*
+ * Fall back on sysconf(_SC_OPEN_MAX). We avoid checking
+ * resource limits since it is possible to open a file descriptor
+ * and then drop the rlimit such that it is below the open fd.
+ */
+ maxfd = sysconf(_SC_OPEN_MAX);
+ if (maxfd < 0)
+ maxfd = _POSIX_OPEN_MAX;
+
+ for (fd = lowfd; fd < maxfd; fd++) {
+#ifdef __APPLE__
+ /* Avoid potential libdispatch crash when we close its fds. */
+ (void) fcntl((int) fd, F_SETFD, FD_CLOEXEC);
#else
+ (void) close((int) fd);
+#endif
+ }
+}
+
+/*
+ * Close all file descriptors greater than or equal to lowfd.
+ * We try the fast way first, falling back on the slow method.
+ */
void
closefrom(int lowfd)
{
- long fd, maxfd;
-#if defined(HAVE_PROC_PID)
- char fdpath[PATH_MAX], *endp;
- struct dirent *dent;
+#if defined(HAVE_PSTAT_GETPROC)
+ struct pst_status pstat;
+#elif defined(HAVE_DIRFD)
+ const char *path;
DIR *dirp;
- int len;
+#endif
- /* Check for a /proc/$$/fd directory. */
- len = snprintf(fdpath, sizeof(fdpath), "/proc/%ld/fd", (long)getpid());
- if (len > 0 && (size_t)len < sizeof(fdpath) && (dirp = opendir(fdpath))) {
+ /* Try the fast method first, if possible. */
+#if defined(HAVE_FCNTL_CLOSEM)
+ if (fcntl(lowfd, F_CLOSEM, 0) != -1)
+ return;
+#endif
+#if defined(HAVE_PSTAT_GETPROC)
+ /*
+ * EOVERFLOW is not a fatal error for the fields we use.
+ * See the "EOVERFLOW Error" section of pstat_getvminfo(3).
+ */
+ if (pstat_getproc(&pstat, sizeof(pstat), 0, getpid()) != -1 ||
+ errno == EOVERFLOW) {
+ int fd;
+
+ for (fd = lowfd; fd <= pstat.pst_highestfd; fd++)
+ (void) close(fd);
+ return;
+ }
+#elif defined(HAVE_DIRFD)
+ /* Use /proc/self/fd (or /dev/fd on macOS) if it exists. */
+# ifdef __APPLE__
+ path = _PATH_DEV "fd";
+# else
+ path = "/proc/self/fd";
+# endif
+ if ((dirp = opendir(path)) != NULL) {
+ struct dirent *dent;
while ((dent = readdir(dirp)) != NULL) {
- fd = strtol(dent->d_name, &endp, 10);
- if (dent->d_name != endp && *endp == '\0' &&
- fd >= 0 && fd < INT_MAX && fd >= lowfd && fd != dirfd(dirp))
- (void) close((int) fd);
+ const char *errstr;
+ int fd = strtonum(dent->d_name, lowfd, INT_MAX, &errstr);
+ if (errstr == NULL && fd != dirfd(dirp)) {
+# ifdef __APPLE__
+ /* Avoid potential libdispatch crash when we close its fds. */
+ (void) fcntl(fd, F_SETFD, FD_CLOEXEC);
+# else
+ (void) close(fd);
+# endif
+ }
}
(void) closedir(dirp);
- } else
-#endif
- {
- /*
- * Fall back on sysconf() or getdtablesize(). We avoid checking
- * resource limits since it is possible to open a file descriptor
- * and then drop the rlimit such that it is below the open fd.
- */
-#ifdef HAVE_SYSCONF
- maxfd = sysconf(_SC_OPEN_MAX);
-#else
- maxfd = getdtablesize();
-#endif /* HAVE_SYSCONF */
- if (maxfd < 0)
- maxfd = OPEN_MAX;
-
- for (fd = lowfd; fd < maxfd; fd++)
- (void) close((int) fd);
+ return;
}
+#endif /* HAVE_DIRFD */
+
+ /* Do things the slow way. */
+ closefrom_fallback(lowfd);
}
-#endif /* !HAVE_FCNTL_CLOSEM */
+
#endif /* HAVE_CLOSEFROM */