Make create_pipe_* safer w.r.t. file descriptor conflicts.

diff --git a/ChangeLog b/ChangeLog
index f50e90f..508167a 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,9 @@
+2008-06-01  Bruno Haible  <bruno@clisp.org>
+
+       * lib/pipe.c: Include unistd-safer.h.
+       (create_pipe): Ensure the returned file descriptors are not in {0,1,2}.
+       * modules/pipe (Depends-on): Add unistd-safer.
+
 2008-05-30  Simon Josefsson  <simon@josefsson.org>
 
        * modules/autobuild (configure.ac): Call AB_INIT.

diff --git a/lib/pipe.c b/lib/pipe.c
index e62d137..a632e9d 100644 (file)
--- a/lib/pipe.c
+++ b/lib/pipe.c
@@ -29,6 +29,7 @@
 
 #include "error.h"
 #include "fatal-signal.h"
+#include "unistd-safer.h"
 #include "wait-process.h"
 #include "gettext.h"
 
@@ -147,10 +148,12 @@ create_pipe (const char *progname,
   prog_argv = prepare_spawn (prog_argv);
 
   if (pipe_stdout)
-    if (_pipe (ifd, 4096, O_BINARY | O_NOINHERIT) < 0)
+    if (_pipe (ifd, 4096, O_BINARY | O_NOINHERIT) < 0
+       || (ifd[0] = fd_safer (ifd[0])) < 0)
       error (EXIT_FAILURE, errno, _("cannot create pipe"));
   if (pipe_stdin)
-    if (_pipe (ofd, 4096, O_BINARY | O_NOINHERIT) < 0)
+    if (_pipe (ofd, 4096, O_BINARY | O_NOINHERIT) < 0
+       || (ofd[1] = fd_safer (ofd[1])) < 0)
       error (EXIT_FAILURE, errno, _("cannot create pipe"));
 /* Data flow diagram:
  *
@@ -254,10 +257,12 @@ create_pipe (const char *progname,
 # endif
 
   if (pipe_stdout)
-    if (pipe (ifd) < 0)
+    if (pipe (ifd) < 0
+       || (ifd[0] = fd_safer (ifd[0])) < 0)
       error (EXIT_FAILURE, errno, _("cannot create pipe"));
   if (pipe_stdin)
-    if (pipe (ofd) < 0)
+    if (pipe (ofd) < 0
+       || (ofd[1] = fd_safer (ofd[1])) < 0)
       error (EXIT_FAILURE, errno, _("cannot create pipe"));
 /* Data flow diagram:
  *

diff --git a/modules/pipe b/modules/pipe
index aef9389..8539a0e 100644 (file)
--- a/modules/pipe
+++ b/modules/pipe
@@ -16,6 +16,7 @@ gettext-h
 stdbool
 strpbrk
 unistd
+unistd-safer
 environ
 
 configure.ac: