doc/share/security/patches/SA-08:01/pty6stable.patch

182 lines
4.2 KiB
Diff
Raw Normal View History

Index: lib/libc/stdlib/grantpt.c
===================================================================
RCS file: /home/ncvs/src/lib/libc/stdlib/grantpt.c,v
retrieving revision 1.4.2.1
diff -u -I__FBSDID -I$FreeBSD -r1.4.2.1 grantpt.c
--- lib/libc/stdlib/grantpt.c 18 Dec 2007 00:35:53 -0000 1.4.2.1
+++ lib/libc/stdlib/grantpt.c 10 Jan 2008 20:53:54 -0000
@@ -214,24 +214,30 @@
ptsname(int fildes)
{
static char slave[] = _PATH_DEV PTS_PREFIX "XY";
- char *retval;
+ const char *master;
struct stat sbuf;
- retval = NULL;
-
- if (_fstat(fildes, &sbuf) == 0) {
- if (!ISPTM(sbuf))
- errno = EINVAL;
- else {
- (void)snprintf(slave, sizeof(slave),
- _PATH_DEV PTS_PREFIX "%s",
- devname(sbuf.st_rdev, S_IFCHR) +
- strlen(PTM_PREFIX));
- retval = slave;
- }
- }
-
- return (retval);
+ /* All master pty's must be char devices. */
+ if (_fstat(fildes, &sbuf) == -1)
+ goto invalid;
+ if (!S_ISCHR(sbuf.st_mode))
+ goto invalid;
+
+ /* Check to see if this device is a pty(4) master. */
+ master = devname(sbuf.st_rdev, S_IFCHR);
+ if (strlen(master) != strlen(PTM_PREFIX "XY"))
+ goto invalid;
+ if (strncmp(master, PTM_PREFIX, strlen(PTM_PREFIX)) != 0)
+ goto invalid;
+
+ /* It is, so generate the corresponding pty(4) slave name. */
+ (void)snprintf(slave, sizeof(slave), _PATH_DEV PTS_PREFIX "%s",
+ master + strlen(PTM_PREFIX));
+ return (slave);
+
+invalid:
+ errno = EINVAL;
+ return (NULL);
}
/*
@@ -240,18 +246,14 @@
int
unlockpt(int fildes)
{
- int retval;
- struct stat sbuf;
/*
* Unlocking a master/slave pseudo-terminal pair has no meaning in a
* non-streams PTY environment. However, we do ensure fildes is a
* valid master pseudo-terminal device.
*/
- if ((retval = _fstat(fildes, &sbuf)) == 0 && !ISPTM(sbuf)) {
- errno = EINVAL;
- retval = -1;
- }
+ if (ptsname(fildes) == NULL)
+ return (-1);
- return (retval);
+ return (0);
}
Index: lib/libutil/pty.c
===================================================================
RCS file: /home/ncvs/src/lib/libutil/pty.c,v
retrieving revision 1.15.10.1
diff -u -I__FBSDID -I$FreeBSD -r1.15.10.1 pty.c
--- lib/libutil/pty.c 27 Nov 2007 18:41:52 -0000 1.15.10.1
+++ lib/libutil/pty.c 10 Jan 2008 20:53:54 -0000
@@ -54,50 +54,55 @@
#include <unistd.h>
int
-openpty(int *amaster, int *aslave, char *name, struct termios *termp, struct winsize *winp)
+openpty(int *amaster, int *aslave, char *name, struct termios *termp,
+ struct winsize *winp)
{
- char line[] = "/dev/ptyXX";
- const char *cp1, *cp2;
- int master, slave, ttygid;
- struct group *gr;
-
- if ((gr = getgrnam("tty")) != NULL)
- ttygid = gr->gr_gid;
- else
- ttygid = -1;
-
- for (cp1 = "pqrsPQRSlmnoLMNO"; *cp1; cp1++) {
- line[8] = *cp1;
- for (cp2 = "0123456789abcdefghijklmnopqrstuv"; *cp2; cp2++) {
- line[5] = 'p';
- line[9] = *cp2;
- if ((master = open(line, O_RDWR, 0)) == -1) {
- if (errno == ENOENT)
- break; /* try the next pty group */
- } else {
- line[5] = 't';
- (void) chown(line, getuid(), ttygid);
- (void) chmod(line, S_IRUSR|S_IWUSR|S_IWGRP);
- (void) revoke(line);
- if ((slave = open(line, O_RDWR, 0)) != -1) {
- *amaster = master;
- *aslave = slave;
- if (name)
- strcpy(name, line);
- if (termp)
- (void) tcsetattr(slave,
- TCSAFLUSH, termp);
- if (winp)
- (void) ioctl(slave, TIOCSWINSZ,
- (char *)winp);
- return (0);
- }
- (void) close(master);
- }
- }
+ const char *slavename;
+ int master, slave;
+
+ master = posix_openpt(O_RDWR);
+ if (master == -1)
+ return (-1);
+
+ if (grantpt(master) == -1) {
+ close(master);
+ return (-1);
+ }
+
+ slavename = ptsname(master);
+ if (slavename == NULL) {
+ close(master);
+ return (-1);
+ }
+
+ if (revoke(slavename) == -1) {
+ close(master);
+ return (-1);
}
- errno = ENOENT; /* out of ptys */
- return (-1);
+
+ slave = open(slavename, O_RDWR);
+ if (slave == -1) {
+ close(master);
+ return (-1);
+ }
+
+ if (unlockpt(master) == -1) {
+ close(master);
+ close(slave);
+ return (-1);
+ }
+
+ *amaster = master;
+ *aslave = slave;
+
+ if (name)
+ strcpy(name, slavename);
+ if (termp)
+ tcsetattr(slave, TCSAFLUSH, termp);
+ if (winp)
+ ioctl(slave, TIOCSWINSZ, (char *)winp);
+
+ return (0);
}
int