Tell copyfd if the caller wants the exact tofd to just fd >= tofd.

Fixes "echo foo > /rump/bar" in a rump hijacked shell.

reviewed by christos
This commit is contained in:
pooka 2011-02-17 15:13:49 +00:00
parent e96937f774
commit db28d5668c
5 changed files with 24 additions and 21 deletions

View File

@ -1,4 +1,4 @@
/* $NetBSD: cd.c,v 1.40 2010/01/01 19:34:59 dholland Exp $ */
/* $NetBSD: cd.c,v 1.41 2011/02/17 15:13:49 pooka Exp $ */
/*-
* Copyright (c) 1991, 1993
@ -37,7 +37,7 @@
#if 0
static char sccsid[] = "@(#)cd.c 8.2 (Berkeley) 5/4/95";
#else
__RCSID("$NetBSD: cd.c,v 1.40 2010/01/01 19:34:59 dholland Exp $");
__RCSID("$NetBSD: cd.c,v 1.41 2011/02/17 15:13:49 pooka Exp $");
#endif
#endif /* not lint */
@ -425,7 +425,7 @@ find_curdir(int noerror)
(void) close(pip[0]);
if (pip[1] != 1) {
close(1);
copyfd(pip[1], 1);
copyfd(pip[1], 1, 1);
close(pip[1]);
}
(void) execl("/bin/pwd", "pwd", (char *)0);

View File

@ -1,4 +1,4 @@
/* $NetBSD: eval.c,v 1.100 2010/06/03 16:14:13 christos Exp $ */
/* $NetBSD: eval.c,v 1.101 2011/02/17 15:13:49 pooka Exp $ */
/*-
* Copyright (c) 1993
@ -37,7 +37,7 @@
#if 0
static char sccsid[] = "@(#)eval.c 8.9 (Berkeley) 6/8/95";
#else
__RCSID("$NetBSD: eval.c,v 1.100 2010/06/03 16:14:13 christos Exp $");
__RCSID("$NetBSD: eval.c,v 1.101 2011/02/17 15:13:49 pooka Exp $");
#endif
#endif /* not lint */
@ -520,14 +520,14 @@ evalpipe(union node *n)
INTON;
if (prevfd > 0) {
close(0);
copyfd(prevfd, 0);
copyfd(prevfd, 0, 1);
close(prevfd);
}
if (pip[1] >= 0) {
close(pip[0]);
if (pip[1] != 1) {
close(1);
copyfd(pip[1], 1);
copyfd(pip[1], 1, 1);
close(pip[1]);
}
}
@ -591,7 +591,7 @@ evalbackcmd(union node *n, struct backcmd *result)
close(pip[0]);
if (pip[1] != 1) {
close(1);
copyfd(pip[1], 1);
copyfd(pip[1], 1, 1);
close(pip[1]);
}
eflag = 0;
@ -905,7 +905,7 @@ normal_fork:
close(pip[0]);
if (pip[1] != 1) {
close(1);
copyfd(pip[1], 1);
copyfd(pip[1], 1, 1);
close(pip[1]);
}
}

View File

@ -1,4 +1,4 @@
/* $NetBSD: input.c,v 1.43 2010/08/30 06:27:14 christos Exp $ */
/* $NetBSD: input.c,v 1.44 2011/02/17 15:13:49 pooka Exp $ */
/*-
* Copyright (c) 1991, 1993
@ -37,7 +37,7 @@
#if 0
static char sccsid[] = "@(#)input.c 8.3 (Berkeley) 6/9/95";
#else
__RCSID("$NetBSD: input.c,v 1.43 2010/08/30 06:27:14 christos Exp $");
__RCSID("$NetBSD: input.c,v 1.44 2011/02/17 15:13:49 pooka Exp $");
#endif
#endif /* not lint */
@ -405,7 +405,7 @@ setinputfile(const char *fname, int push)
}
if (fd < 10) {
fd2 = copyfd(fd, 10);
fd2 = copyfd(fd, 10, 0);
close(fd);
if (fd2 < 0)
error("Out of file descriptors");

View File

@ -1,4 +1,4 @@
/* $NetBSD: redir.c,v 1.30 2008/01/21 06:43:03 msaitoh Exp $ */
/* $NetBSD: redir.c,v 1.31 2011/02/17 15:13:49 pooka Exp $ */
/*-
* Copyright (c) 1991, 1993
@ -37,7 +37,7 @@
#if 0
static char sccsid[] = "@(#)redir.c 8.2 (Berkeley) 5/4/95";
#else
__RCSID("$NetBSD: redir.c,v 1.30 2008/01/21 06:43:03 msaitoh Exp $");
__RCSID("$NetBSD: redir.c,v 1.31 2011/02/17 15:13:49 pooka Exp $");
#endif
#endif /* not lint */
@ -222,7 +222,7 @@ openredirect(union node *redir, char memory[10], int flags)
if (memory[redir->ndup.dupfd])
memory[fd] = 1;
else
copyfd(redir->ndup.dupfd, fd);
copyfd(redir->ndup.dupfd, fd, 1);
}
INTON;
return;
@ -235,7 +235,7 @@ openredirect(union node *redir, char memory[10], int flags)
}
if (f != fd) {
copyfd(f, fd);
copyfd(f, fd, 1);
close(f);
}
INTON;
@ -308,7 +308,7 @@ popredir(void)
fd0_redirected--;
close(i);
if (rp->renamed[i] >= 0) {
copyfd(rp->renamed[i], i);
copyfd(rp->renamed[i], i, 1);
close(rp->renamed[i]);
}
}
@ -375,11 +375,14 @@ clearredir(vforked)
*/
int
copyfd(int from, int to)
copyfd(int from, int to, int equal)
{
int newfd;
newfd = fcntl(from, F_DUPFD, to);
if (equal)
newfd = dup2(from, to);
else
newfd = fcntl(from, F_DUPFD, to);
if (newfd < 0) {
if (errno == EMFILE)
return EMPTY;

View File

@ -1,4 +1,4 @@
/* $NetBSD: redir.h,v 1.15 2003/08/07 09:05:37 agc Exp $ */
/* $NetBSD: redir.h,v 1.16 2011/02/17 15:13:49 pooka Exp $ */
/*-
* Copyright (c) 1991, 1993
@ -44,5 +44,5 @@ void redirect(union node *, int);
void popredir(void);
int fd0_redirected_p(void);
void clearredir(int);
int copyfd(int, int);
int copyfd(int, int, int);