This is the mail archive of the
libc-alpha@sourceware.org
mailing list for the glibc project.
Re: [PATCH] Ensure __libc_message does not blindly write toSTDERR_FILENO.
- From: Marek Polacek <polacek at redhat dot com>
- To: William Pitcock <nenolod at dereferenced dot org>
- Cc: libc-alpha at sourceware dot org
- Date: Mon, 16 Apr 2012 11:41:13 +0200
- Subject: Re: [PATCH] Ensure __libc_message does not blindly write toSTDERR_FILENO.
- References: <20120416092702.20874CE01E@carpathia.dereferenced.org>
On Mon, Apr 16, 2012 at 09:20:52AM +0000, William Pitcock wrote:
> diff --git a/ChangeLog b/ChangeLog
> index 95c737f..dec88f7 100644
> --- a/ChangeLog
> +++ b/ChangeLog
> @@ -1,3 +1,12 @@
> +2012-04-16 William Pitcock <nenolod@dereferenced.org>
> +
> + [BZ #13983]
> + * sysdeps/posix/libc_fatal.c (__libc_message): In the event that
> + stderr has been closed using fclose(), we should not try to use
> + STDERR_FILENO.
> + Doing so may result in blind private information leaks.
> + * sysdeps/unix/sysv/linux/libc_fatal.c (__libc_message): Likewise.
CL entry shouldn't be a part of the patch.
> diff --git a/sysdeps/posix/libc_fatal.c b/sysdeps/posix/libc_fatal.c
> index 62acb9b..863d978 100644
> --- a/sysdeps/posix/libc_fatal.c
> +++ b/sysdeps/posix/libc_fatal.c
> @@ -65,8 +65,14 @@ __libc_message (int do_abort, const char *fmt, ...)
> if (on_2 == NULL || *on_2 == '\0')
> fd = open_not_cancel_2 (_PATH_TTY, O_RDWR | O_NOCTTY | O_NDELAY);
>
> - if (fd == -1)
> - fd = STDERR_FILENO;
> + /* _IO_stderr stays around forever even through fclose(), use it to learn
> + if stderr is still opened or not. if stderr is not opened, then _fileno
Capital `I' at the start of the sentence.
> + is -1. We *must* use _IO_stderr and not stderr, as stderr can be overriden
> + by the application. */
Two spaces after `.'.
> + if (fd == -1 && _IO_stderr->_fileno == STDERR_FILENO)
Wonder whether we shouldn't guard the second condition like this:
__builtin_expect (_IO_stderr->_fileno == STDERR_FILENO, 1)
as closed stderr is quite a rare case.
Marek