Change the unix VFS so that it refuses to open a database file using
a file descriptor less than 3. FossilOrigin-Name: 66dddda06898abbf97fe0ac6a10ce1527ca8605e
This commit is contained in:
drh
parent
0c9a8e345e
commit
35a0379a05
15
manifest
15
manifest
@ -1,5 +1,5 @@
|
|||||||
C Never\sleave\san\sopen\sfile\sdescriptor\spointing\sinto\sthe\smiddle\sof\sthe\ndatabase\sfile\sif\sthe\sfile\sdescriptor\snumber\sis\s2\sor\sless.
|
C Change\sthe\sunix\sVFS\sso\sthat\sit\srefuses\sto\sopen\sa\sdatabase\sfile\susing\na\sfile\sdescriptor\sless\sthan\s3.
|
||||||
D 2013-08-29T21:26:26.071
|
D 2013-08-29T23:34:53.402
|
||||||
F Makefile.arm-wince-mingw32ce-gcc d6df77f1f48d690bd73162294bbba7f59507c72f
|
F Makefile.arm-wince-mingw32ce-gcc d6df77f1f48d690bd73162294bbba7f59507c72f
|
||||||
F Makefile.in 5e41da95d92656a5004b03d3576e8b226858a28e
|
F Makefile.in 5e41da95d92656a5004b03d3576e8b226858a28e
|
||||||
F Makefile.linux-gcc 91d710bdc4998cb015f39edf3cb314ec4f4d7e23
|
F Makefile.linux-gcc 91d710bdc4998cb015f39edf3cb314ec4f4d7e23
|
||||||
@ -202,7 +202,7 @@ F src/notify.c 976dd0f6171d4588e89e874fcc765e92914b6d30
|
|||||||
F src/os.c b4ad71336fd96f97776f75587cd9e8218288f5be
|
F src/os.c b4ad71336fd96f97776f75587cd9e8218288f5be
|
||||||
F src/os.h 4a46270a64e9193af4a0aaa3bc2c66dc07c29b3f
|
F src/os.h 4a46270a64e9193af4a0aaa3bc2c66dc07c29b3f
|
||||||
F src/os_common.h 92815ed65f805560b66166e3583470ff94478f04
|
F src/os_common.h 92815ed65f805560b66166e3583470ff94478f04
|
||||||
F src/os_unix.c 94c7edbd75b0fb4fe477ccb3ba73a9bddaff9592
|
F src/os_unix.c 45d425550a86e6464b494574df43b6e2efc98003
|
||||||
F src/os_win.c 26d752736dff0c7e4e384ab65b353cce1e7e19c5
|
F src/os_win.c 26d752736dff0c7e4e384ab65b353cce1e7e19c5
|
||||||
F src/pager.c 2aa4444ffe86e9282d03bc349a4a5e49bd77c0e8
|
F src/pager.c 2aa4444ffe86e9282d03bc349a4a5e49bd77c0e8
|
||||||
F src/pager.h f094af9f6ececfaa8a1e93876905a4f34233fb0c
|
F src/pager.h f094af9f6ececfaa8a1e93876905a4f34233fb0c
|
||||||
@ -1109,10 +1109,7 @@ F tool/warnings-clang.sh f6aa929dc20ef1f856af04a730772f59283631d4
|
|||||||
F tool/warnings.sh fbc018d67fd7395f440c28f33ef0f94420226381
|
F tool/warnings.sh fbc018d67fd7395f440c28f33ef0f94420226381
|
||||||
F tool/wherecosttest.c f407dc4c79786982a475261866a161cd007947ae
|
F tool/wherecosttest.c f407dc4c79786982a475261866a161cd007947ae
|
||||||
F tool/win/sqlite.vsix 97894c2790eda7b5bce3cc79cb2a8ec2fde9b3ac
|
F tool/win/sqlite.vsix 97894c2790eda7b5bce3cc79cb2a8ec2fde9b3ac
|
||||||
P d4b6ad3333cc3bad500c2ebf7a6ea552b6762b69
|
P 3426673e4659eb68dbd14a3e41d4620d748432db
|
||||||
R 97c4ef1fd2ecd2ffa8c4e00f7258a86d
|
R fe0bcec8f0ab9128b1355459470b05e0
|
||||||
T *branch * overwrite-avoidance
|
|
||||||
T *sym-overwrite-avoidance *
|
|
||||||
T -sym-trunk *
|
|
||||||
U drh
|
U drh
|
||||||
Z c59ed8dd8c6786bd9c8e9cf6a1823506
|
Z 4edcc0d4a963da6c4b3d4505d80b9383
|
||||||
|
|||||||
@ -1 +1 @@
|
|||||||
3426673e4659eb68dbd14a3e41d4620d748432db
|
66dddda06898abbf97fe0ac6a10ce1527ca8605e
|
||||||
@ -551,6 +551,31 @@ static const char *unixNextSystemCall(sqlite3_vfs *p, const char *zName){
|
|||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/*
|
||||||
|
** If fd is a file descriptor that would be dangerous to use for an
|
||||||
|
** ordinary file, the close it, reopen it as /dev/null to get it out
|
||||||
|
** of the way, then return true.
|
||||||
|
**
|
||||||
|
** If fd is safe, return 0.
|
||||||
|
**
|
||||||
|
** It is dangerous to have a database file open of file descriptors 1 or
|
||||||
|
** 2 because those normally mean standard output and standard error. Other
|
||||||
|
** components of the system might write directly to those file descriptors
|
||||||
|
** and overwrite parts of the database file. Something like this happened
|
||||||
|
** on 2013-08-29 to the canonical Fossil repository when some error caused
|
||||||
|
** the database file to be opened on file descriptor 2 and later an assert()
|
||||||
|
** fired and wrote error message text into file descriptor 2, corrupting
|
||||||
|
** the repository.
|
||||||
|
*/
|
||||||
|
static int isReservedFd(int fd, const char *z, int f, int m){
|
||||||
|
if( fd<0 || fd>2 ) return 0;
|
||||||
|
sqlite3_log(SQLITE_WARNING,
|
||||||
|
"attempt to open \"%s\" as file descriptor %d", z, fd);
|
||||||
|
osClose(fd);
|
||||||
|
(void)osOpen("/dev/null",f,m);
|
||||||
|
return 1;
|
||||||
|
}
|
||||||
|
|
||||||
/*
|
/*
|
||||||
** Invoke open(). Do so multiple times, until it either succeeds or
|
** Invoke open(). Do so multiple times, until it either succeeds or
|
||||||
** fails for some reason other than EINTR.
|
** fails for some reason other than EINTR.
|
||||||
@ -577,7 +602,7 @@ static int robust_open(const char *z, int f, mode_t m){
|
|||||||
#else
|
#else
|
||||||
fd = osOpen(z,f,m2);
|
fd = osOpen(z,f,m2);
|
||||||
#endif
|
#endif
|
||||||
}while( fd<0 && errno==EINTR );
|
}while( (fd<0 && errno==EINTR) || isReservedFd(fd,z,f,m2) );
|
||||||
if( fd>=0 ){
|
if( fd>=0 ){
|
||||||
if( m!=0 ){
|
if( m!=0 ){
|
||||||
struct stat statbuf;
|
struct stat statbuf;
|
||||||
@ -588,7 +613,6 @@ static int robust_open(const char *z, int f, mode_t m){
|
|||||||
osFchmod(fd, m);
|
osFchmod(fd, m);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
if( fd<=2 ) lseek(fd, 0, SEEK_END);
|
|
||||||
#if defined(FD_CLOEXEC) && (!defined(O_CLOEXEC) || O_CLOEXEC==0)
|
#if defined(FD_CLOEXEC) && (!defined(O_CLOEXEC) || O_CLOEXEC==0)
|
||||||
osFcntl(fd, F_SETFD, osFcntl(fd, F_GETFD, 0) | FD_CLOEXEC);
|
osFcntl(fd, F_SETFD, osFcntl(fd, F_GETFD, 0) | FD_CLOEXEC);
|
||||||
#endif
|
#endif
|
||||||
@ -3100,6 +3124,7 @@ static int seekAndRead(unixFile *id, sqlite3_int64 offset, void *pBuf, int cnt){
|
|||||||
#endif
|
#endif
|
||||||
TIMER_START;
|
TIMER_START;
|
||||||
assert( cnt==(cnt&0x1ffff) );
|
assert( cnt==(cnt&0x1ffff) );
|
||||||
|
assert( id->h>2 );
|
||||||
cnt &= 0x1ffff;
|
cnt &= 0x1ffff;
|
||||||
do{
|
do{
|
||||||
#if defined(USE_PREAD)
|
#if defined(USE_PREAD)
|
||||||
@ -3134,7 +3159,6 @@ static int seekAndRead(unixFile *id, sqlite3_int64 offset, void *pBuf, int cnt){
|
|||||||
pBuf = (void*)(got + (char*)pBuf);
|
pBuf = (void*)(got + (char*)pBuf);
|
||||||
}
|
}
|
||||||
}while( got>0 );
|
}while( got>0 );
|
||||||
if( id->h<=2 ) lseek(id->h, 0, SEEK_END);
|
|
||||||
TIMER_END;
|
TIMER_END;
|
||||||
OSTRACE(("READ %-3d %5d %7lld %llu\n",
|
OSTRACE(("READ %-3d %5d %7lld %llu\n",
|
||||||
id->h, got+prior, offset-prior, TIMER_ELAPSED));
|
id->h, got+prior, offset-prior, TIMER_ELAPSED));
|
||||||
@ -3215,6 +3239,7 @@ static int seekAndWriteFd(
|
|||||||
int rc = 0; /* Value returned by system call */
|
int rc = 0; /* Value returned by system call */
|
||||||
|
|
||||||
assert( nBuf==(nBuf&0x1ffff) );
|
assert( nBuf==(nBuf&0x1ffff) );
|
||||||
|
assert( fd>2 );
|
||||||
nBuf &= 0x1ffff;
|
nBuf &= 0x1ffff;
|
||||||
TIMER_START;
|
TIMER_START;
|
||||||
|
|
||||||
@ -3234,7 +3259,6 @@ static int seekAndWriteFd(
|
|||||||
rc = osWrite(fd, pBuf, nBuf);
|
rc = osWrite(fd, pBuf, nBuf);
|
||||||
}while( rc<0 && errno==EINTR );
|
}while( rc<0 && errno==EINTR );
|
||||||
#endif
|
#endif
|
||||||
if( fd<=2 ) lseek(fd, 0, SEEK_END);
|
|
||||||
|
|
||||||
TIMER_END;
|
TIMER_END;
|
||||||
OSTRACE(("WRITE %-3d %5d %7lld %llu\n", fd, rc, iOff, TIMER_ELAPSED));
|
OSTRACE(("WRITE %-3d %5d %7lld %llu\n", fd, rc, iOff, TIMER_ELAPSED));
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user