FD-related fixes for wide-dhcpv6, part of a diff from Brad.

Mostly from Debian.
2016-01-10 16:23:17 +00:00 · 2016-01-10 16:23:17 +00:00 · 86caf8c1af
commit 86caf8c1af
parent a54af771c9
8 changed files with 196 additions and 10 deletions
--- a/net/wide-dhcpv6/Makefile
+++ b/net/wide-dhcpv6/Makefile
@ -1,9 +1,9 @@
-# $OpenBSD: Makefile,v 1.11 2016/01/04 03:30:39 sthen Exp $
+# $OpenBSD: Makefile,v 1.12 2016/01/10 16:23:17 sthen Exp $

 COMMENT=	client and servers for the WIDE DHCPv6 protocol

 DISTNAME=	wide-dhcpv6-20080615
-REVISION=	5
+REVISION=	6
 CATEGORIES=	net
 MASTER_SITES=	${MASTER_SITE_SOURCEFORGE:=wide-dhcpv6/}

--- a/net/wide-dhcpv6/patches/patch-cftoken_c
+++ b/net/wide-dhcpv6/patches/patch-cftoken_c
@ -0,0 +1,26 @@
+$OpenBSD: patch-cftoken_c,v 1.1 2016/01/10 16:23:17 sthen Exp $
+
+Close file descriptors on exec
+
+Avoid FD leakage to children.
+
+--- cftoken.c.orig	Sun Jan 10 00:42:37 2016
+++ cftoken.c	Sun Jan 10 00:43:29 2016
+@@ -2539,7 +2539,7 @@ cfswitch_buffer(incl)
+ 	incstack[incstackp].state = YY_CURRENT_BUFFER;
+ 	incstack[incstackp].lineno = lineno;
+ 
+-	fp = fopen(path, "r");
+	fp = fopen(path, "re");
+ 	if (fp == NULL) {
+ 		dprintf(LOG_ERR, FNAME, "cfparse: fopen(%s): %s",
+ 			path, strerror(errno));
+@@ -2562,7 +2562,7 @@ cfparse(conf)
+ 	char *conf;
+ {
+ 	configfilename = conf;
+-	if ((yyin = fopen(configfilename, "r")) == NULL) {
+	if ((yyin = fopen(configfilename, "re")) == NULL) {
+ 		dprintf(LOG_ERR, FNAME, "cfparse: fopen(%s): %s",
+ 			configfilename, strerror(errno));
+ 		if (errno == ENOENT)
--- a/net/wide-dhcpv6/patches/patch-cftoken_l
+++ b/net/wide-dhcpv6/patches/patch-cftoken_l
@ -0,0 +1,26 @@
+$OpenBSD: patch-cftoken_l,v 1.1 2016/01/10 16:23:17 sthen Exp $
+
+- Close file descriptors on exec
+
+Avoid FD leakage to children.
+
+--- cftoken.l.orig	Sun Jan 10 00:43:41 2016
+++ cftoken.l	Sun Jan 10 00:44:07 2016
+@@ -404,7 +404,7 @@ cfswitch_buffer(incl)
+ 	incstack[incstackp].state = YY_CURRENT_BUFFER;
+ 	incstack[incstackp].lineno = lineno;
+ 
+-	fp = fopen(path, "r");
+	fp = fopen(path, "re");
+ 	if (fp == NULL) {
+ 		dprintf(LOG_ERR, FNAME, "cfparse: fopen(%s): %s",
+ 			path, strerror(errno));
+@@ -427,7 +427,7 @@ cfparse(conf)
+ 	char *conf;
+ {
+ 	configfilename = conf;
+-	if ((yyin = fopen(configfilename, "r")) == NULL) {
+	if ((yyin = fopen(configfilename, "re")) == NULL) {
+ 		dprintf(LOG_ERR, FNAME, "cfparse: fopen(%s): %s",
+ 			configfilename, strerror(errno));
+ 		if (errno == ENOENT)
--- a/net/wide-dhcpv6/patches/patch-common_c
+++ b/net/wide-dhcpv6/patches/patch-common_c
@ -0,0 +1,35 @@
+$OpenBSD: patch-common_c,v 1.1 2016/01/10 16:23:17 sthen Exp $
+
+- Close file descriptors on exec
+
+Avoid FD leakage to children.
+
+--- common.c.orig	Sun Jan 10 00:44:14 2016
+++ common.c	Sun Jan 10 00:46:53 2016
+@@ -1115,7 +1115,7 @@ getifhwaddr(const char *ifname, char *buf, u_int16_t *
+ 		(void) snprintf(fname, sizeof (fname), "/dev/%s", ifname);
+ 	getctl.maxlen = sizeof (getbuf);
+ 	getctl.buf = (char *)getbuf;
+-	if ((fd = open(fname, O_RDWR)) == -1) {
+	if ((fd = open(fname, O_RDWR | O_CLOEXEC)) == -1) {
+ 		dl_attach_req_t dlar;
+ 
+ 		cp = fname + strlen(fname) - 1;
+@@ -1131,7 +1131,7 @@ getifhwaddr(const char *ifname, char *buf, u_int16_t *
+ 		cp++;
+ 		dlar.dl_ppa = atoi(cp);
+ 		*cp = '\0';
+-		if ((fd = open(fname, O_RDWR)) == -1)
+		if ((fd = open(fname, O_RDWR | O_CLOEXEC)) == -1)
+ 			return (-1);
+ 		dlar.dl_primitive = DL_ATTACH_REQ;
+ 		putctl.len = sizeof (dlar);
+@@ -3292,7 +3292,7 @@ ifaddrconf(cmd, ifname, addr, plen, pltime, vltime)
+ 		return (-1);
+ 	}
+ 
+-	if ((s = socket(PF_INET6, SOCK_DGRAM, IPPROTO_UDP)) < 0) {
+	if ((s = socket(PF_INET6, SOCK_DGRAM | SOCK_CLOEXEC, IPPROTO_UDP)) < 0) {
+ 		dprintf(LOG_ERR, FNAME, "can't open a temporary socket: %s",
+ 		    strerror(errno));
+ 		return (-1);
--- a/net/wide-dhcpv6/patches/patch-dhcp6_ctl_c
+++ b/net/wide-dhcpv6/patches/patch-dhcp6_ctl_c
@ -0,0 +1,16 @@
+$OpenBSD: patch-dhcp6_ctl_c,v 1.1 2016/01/10 16:23:17 sthen Exp $
+
+Close file descriptors on exec
+
+Avoid FD leakage to children.
+
+--- dhcp6_ctl.c.orig	Sun Jan 10 00:47:08 2016
+++ dhcp6_ctl.c	Sun Jan 10 00:47:47 2016
+@@ -97,6 +97,7 @@ dhcp6_ctl_init(addr, port, max, sockp)
+ 		    gai_strerror(error));
+ 		return (-1);
+ 	}
+	res->ai_socktype |= SOCK_CLOEXEC;
+ 	ctlsock = socket(res->ai_family, res->ai_socktype, res->ai_protocol);
+ 	if (ctlsock < 0) {
+ 		dprintf(LOG_ERR, FNAME, "socket(control sock): %s",
--- a/net/wide-dhcpv6/patches/patch-dhcp6_ctlclient_c
+++ b/net/wide-dhcpv6/patches/patch-dhcp6_ctlclient_c
@ -0,0 +1,16 @@
+$OpenBSD: patch-dhcp6_ctlclient_c,v 1.1 2016/01/10 16:23:17 sthen Exp $
+
+Close file descriptors on exec
+
+Avoid FD leakage to children.
+
+--- dhcp6_ctlclient.c.orig	Sun Jan 10 00:47:57 2016
+++ dhcp6_ctlclient.c	Sun Jan 10 00:48:32 2016
+@@ -169,6 +169,7 @@ main(argc, argv)
+ 
+ 	s = -1;
+ 	for (res = res0; res != NULL; res = res->ai_next) {
+		res->ai_socktype |= SOCK_CLOEXEC;
+ 		s = socket(res->ai_family, res->ai_socktype,
+ 		    res->ai_protocol);
+ 		if (s < 0) {
--- a/net/wide-dhcpv6/patches/patch-dhcp6c_c
+++ b/net/wide-dhcpv6/patches/patch-dhcp6c_c
@ -1,4 +1,4 @@
-$OpenBSD: patch-dhcp6c_c,v 1.3 2016/01/04 03:30:39 sthen Exp $
+$OpenBSD: patch-dhcp6c_c,v 1.4 2016/01/10 16:23:17 sthen Exp $

 - Close inherited file descriptors

@ -8,8 +8,14 @@ wide-dhcpv6 binaries should close inherited fds.

 Interface ID may have changed between a stop and start.

--- dhcp6c.c.orig	Sat Jan  2 20:48:18 2016
-+++ dhcp6c.c	Sat Jan  2 20:48:25 2016
+- Close file descriptors on exec
+
+Avoid FD leakage to children.
+
+- Call client script after interfaces have been updated
+
+--- dhcp6c.c.orig	Sun Jun 15 03:48:41 2008
+++ dhcp6c.c	Sun Jan 10 00:59:31 2016
@@ -88,7 +88,6 @@ static sig_atomic_t sig_flags = 0;
 const dhcp6_mode_t dhcp6_mode = DHCP6_MODE_CLIENT;
 
@ -40,7 +46,16 @@ Interface ID may have changed between a stop and start.
 
 	setloglevel(debug);
 
-@@ -337,13 +341,6 @@ client6_init()
+@@ -282,6 +286,8 @@ client6_init()
+ 		    gai_strerror(error));
+ 		exit(1);
+ 	}
+	/* Force socket to be closed on execve */
+	res->ai_socktype |= SOCK_CLOEXEC;
+ 	sock = socket(res->ai_family, res->ai_socktype, res->ai_protocol);
+ 	if (sock < 0) {
+ 		dprintf(LOG_ERR, FNAME, "socket");
+@@ -337,13 +343,6 @@ client6_init()
 	}
 	freeaddrinfo(res);
 
@ -54,7 +69,7 @@ Interface ID may have changed between a stop and start.
 	memset(&hints, 0, sizeof(hints));
 	hints.ai_family = PF_INET6;
 	hints.ai_socktype = SOCK_DGRAM;
-@@ -763,6 +760,15 @@ client6_ifctl(ifname, command)
+@@ -763,6 +762,15 @@ client6_ifctl(ifname, command)
 
 	switch(command) {
 	case DHCP6CTL_COMMAND_START:
@ -70,3 +85,35 @@ Interface ID may have changed between a stop and start.
 		free_resources(ifp);
 		if (client6_start(ifp)) {
 			dprintf(LOG_NOTICE, FNAME, "failed to restart %s",
+@@ -1828,15 +1836,6 @@ client6_recvreply(ifp, dh6, len, optinfo)
+ 	}
+ 
+ 	/*
+-	 * Call the configuration script, if specified, to handle various
+-	 * configuration parameters.
+-	 */
+-	if (ifp->scriptpath != NULL && strlen(ifp->scriptpath) != 0) {
+-		dprintf(LOG_DEBUG, FNAME, "executes %s", ifp->scriptpath);
+-		client6_script(ifp->scriptpath, state, optinfo);
+-	}
+-
+-	/*
+ 	 * Set refresh timer for configuration information specified in
+ 	 * information-request.  If the timer value is specified by the server
+ 	 * in an information refresh time option, use it; use the protocol
+@@ -1899,6 +1898,15 @@ client6_recvreply(ifp, dh6, len, optinfo)
+ 		 * [RFC3315 Section 18.1.8]
+ 		 */
+ 		check_exit();
+	}
+
+	/*
+	 * Call the configuration script, if specified, to handle various
+	 * configuration parameters.
+	 */
+	if (ifp->scriptpath != NULL && strlen(ifp->scriptpath) != 0) {
+		dprintf(LOG_DEBUG, FNAME, "executes %s", ifp->scriptpath);
+		client6_script(ifp->scriptpath, state, optinfo);
+ 	}
+ 
+ 	dprintf(LOG_DEBUG, FNAME, "got an expected reply, sleeping.");
--- a/net/wide-dhcpv6/patches/patch-dhcp6relay_c
+++ b/net/wide-dhcpv6/patches/patch-dhcp6relay_c
@ -1,11 +1,15 @@
-$OpenBSD: patch-dhcp6relay_c,v 1.1 2016/01/04 03:30:39 sthen Exp $
+$OpenBSD: patch-dhcp6relay_c,v 1.2 2016/01/10 16:23:17 sthen Exp $

-Close inherited file descriptors
+- Close inherited file descriptors

 wide-dhcpv6 binaries should close inherited fds.

+- Close file descriptors on exec
+
+Avoid FD leakage to children.
+
 --- dhcp6relay.c.orig	Sun Jun 15 03:48:41 2008
-+++ dhcp6relay.c	Sat Jan  2 20:48:25 2016
+++ dhcp6relay.c	Sun Jan 10 00:50:57 2016
@@ -207,8 +207,14 @@ main(argc, argv)
 	}
 
@ -21,3 +25,19 @@ wide-dhcpv6 binaries should close inherited fds.
 		openlog(progname, LOG_NDELAY|LOG_PID, LOG_DAEMON);
 	}
 	setloglevel(debug);
+@@ -353,6 +359,7 @@ relay6_init(int ifnum, char *iflist[])
+ 		    gai_strerror(error));
+ 		goto failexit;
+ 	}
+	res->ai_socktype |= SOCK_CLOEXEC;
+ 	csock = socket(res->ai_family, res->ai_socktype, res->ai_protocol);
+ 	if (csock < 0) {
+ 		dprintf(LOG_ERR, FNAME, "socket(csock): %s", strerror(errno));
+@@ -459,6 +466,7 @@ relay6_init(int ifnum, char *iflist[])
+ 		goto failexit;
+ 	}
+ 	memcpy(&sa6_client, res->ai_addr, sizeof (sa6_client));
+	res->ai_socktype |= SOCK_CLOEXEC;
+ 	ssock = socket(res->ai_family, res->ai_socktype, res->ai_protocol);
+ 	if (ssock < 0) {
+ 		dprintf(LOG_ERR, FNAME, "socket(outsock): %s",