From e8dc1417b19e6f52e1f39f9696f27cb021633dc7 Mon Sep 17 00:00:00 2001
From: Bruno Haible <bruno@clisp.org>
Date: Sun, 1 Jun 2008 11:57:27 +0200
Subject: [PATCH] Make create_pipe_* safer w.r.t. file descriptor conflicts.

---
 ChangeLog    |  6 ++++++
 lib/pipe.c   | 13 +++++++++----
 modules/pipe |  1 +
 3 files changed, 16 insertions(+), 4 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index f50e90f9f..508167a50 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,9 @@
+2008-06-01  Bruno Haible  <bruno@clisp.org>
+
+	* lib/pipe.c: Include unistd-safer.h.
+	(create_pipe): Ensure the returned file descriptors are not in {0,1,2}.
+	* modules/pipe (Depends-on): Add unistd-safer.
+
 2008-05-30  Simon Josefsson  <simon@josefsson.org>
 
 	* modules/autobuild (configure.ac): Call AB_INIT.
diff --git a/lib/pipe.c b/lib/pipe.c
index e62d137e0..a632e9dd2 100644
--- a/lib/pipe.c
+++ b/lib/pipe.c
@@ -29,6 +29,7 @@
 
 #include "error.h"
 #include "fatal-signal.h"
+#include "unistd-safer.h"
 #include "wait-process.h"
 #include "gettext.h"
 
@@ -147,10 +148,12 @@ create_pipe (const char *progname,
   prog_argv = prepare_spawn (prog_argv);
 
   if (pipe_stdout)
-    if (_pipe (ifd, 4096, O_BINARY | O_NOINHERIT) < 0)
+    if (_pipe (ifd, 4096, O_BINARY | O_NOINHERIT) < 0
+	|| (ifd[0] = fd_safer (ifd[0])) < 0)
       error (EXIT_FAILURE, errno, _("cannot create pipe"));
   if (pipe_stdin)
-    if (_pipe (ofd, 4096, O_BINARY | O_NOINHERIT) < 0)
+    if (_pipe (ofd, 4096, O_BINARY | O_NOINHERIT) < 0
+	|| (ofd[1] = fd_safer (ofd[1])) < 0)
       error (EXIT_FAILURE, errno, _("cannot create pipe"));
 /* Data flow diagram:
  *
@@ -254,10 +257,12 @@ create_pipe (const char *progname,
 # endif
 
   if (pipe_stdout)
-    if (pipe (ifd) < 0)
+    if (pipe (ifd) < 0
+	|| (ifd[0] = fd_safer (ifd[0])) < 0)
       error (EXIT_FAILURE, errno, _("cannot create pipe"));
   if (pipe_stdin)
-    if (pipe (ofd) < 0)
+    if (pipe (ofd) < 0
+	|| (ofd[1] = fd_safer (ofd[1])) < 0)
       error (EXIT_FAILURE, errno, _("cannot create pipe"));
 /* Data flow diagram:
  *
diff --git a/modules/pipe b/modules/pipe
index aef9389aa..8539a0e8f 100644
--- a/modules/pipe
+++ b/modules/pipe
@@ -16,6 +16,7 @@ gettext-h
 stdbool
 strpbrk
 unistd
+unistd-safer
 environ
 
 configure.ac:
-- 
2.11.0