← Back to branch summary

~ubuntu-branches/ubuntu/vivid/musl/vivid

« back to all changes in this revision

Viewing changes to src/process/posix_spawn.c

  • Committer: Package Import Robot
  • Author(s): Kevin Bortis
  • Date: 2014-05-26 22:45:52 UTC
  • mfrom: (4.1.4 sid)
  • Revision ID: package-import@ubuntu.com-20140526224552-qrtsct934q29xo0x
Tags: 1.1.4-1
http://bugs.debian.org/754758
http://bugs.debian.org/750815
* Import upstream version 1.1.4. (Closes: #754758)
* Fixes possible stack-based buffer overflow CVE-2014-3484 (Closes: #750815) 
* Includes fix for build regression on armhf and armel

Show diffs side-by-side

added added

removed removed

Lines of Context:
src/process/posix_spawn.c
22
22
 
23
23
void __get_handler_set(sigset_t *);
24
24
 
 
25
static int __sys_dup2(int old, int new)
 
26
{
 
27
#ifdef SYS_dup2
 
28
        return __syscall(SYS_dup2, old, new);
 
29
#else
 
30
        if (old==new) {
 
31
                int r = __syscall(SYS_fcntl, old, F_GETFD);
 
32
                return r<0 ? r : old;
 
33
        } else {
 
34
                return __syscall(SYS_dup3, old, new, 0);
 
35
        }
 
36
#endif
 
37
}
 
38
 
25
39
static int child(void *args_vp)
26
40
{
27
41
        int i, ret;
63
77
                if ((ret=__syscall(SYS_setpgid, 0, attr->__pgrp)))
64
78
                        goto fail;
65
79
 
66
 
        /* Use syscalls directly because pthread state because the
67
 
         * library functions attempt to do a multi-threaded synchronized
68
 
         * id-change, which would trash the parent's state. */
 
80
        /* Use syscalls directly because the library functions attempt
 
81
         * to do a multi-threaded synchronized id-change, which would
 
82
         * trash the parent's state. */
69
83
        if (attr->__flags & POSIX_SPAWN_RESETIDS)
70
84
                if ((ret=__syscall(SYS_setgid, __syscall(SYS_getgid))) ||
71
85
                    (ret=__syscall(SYS_setuid, __syscall(SYS_getuid))) )
92
106
                                        goto fail;
93
107
                                break;
94
108
                        case FDOP_DUP2:
95
 
                                if ((ret=__syscall(SYS_dup2, op->srcfd, op->fd))<0)
 
109
                                if ((ret=__sys_dup2(op->srcfd, op->fd))<0)
96
110
                                        goto fail;
97
111
                                break;
98
112
                        case FDOP_OPEN:
99
 
                                fd = __syscall(SYS_open, op->path,
100
 
                                        op->oflag | O_LARGEFILE, op->mode);
 
113
                                fd = __sys_open(op->path, op->oflag, op->mode);
101
114
                                if ((ret=fd) < 0) goto fail;
102
115
                                if (fd != op->fd) {
103
 
                                        if ((ret=__syscall(SYS_dup2, fd, op->fd))<0)
 
116
                                        if ((ret=__sys_dup2(fd, op->fd))<0)
104
117
                                                goto fail;
105
118
                                        __syscall(SYS_close, fd);
106
119
                                }