Mercurial > hg > octave-nkf > gnulib-hg

view lib/popen-safer.c @ 17334:bb52d9cece01

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
unsetenv etc.: port to Solaris 11 + GNU Emacs * lib/canonicalize-lgpl.c, lib/getaddrinfo.c, lib/getdelim.c: * lib/glob.c, lib/random_r.c, lib/setenv.c, lib/tsearch.c: * lib/unsetenv.c (_GL_ARG_NONNULL): Define before including <config.h>. GNU Emacs's <config.h> includes <stdlib.h> (which is not a great idea but is too painful to fix right now), and without this gnulib change <stdlib.h> was defining _GL_ARG_NONNULL incorrectly when compiling unsetenv.c on Solaris 11. Fix the problem for unsetenv.c, and fix other similar occurrences.
author Paul Eggert <eggert@cs.ucla.edu>
date Mon, 11 Feb 2013 14:58:56 -0800
parents e542fd46ad6f
children 344018b6e5d7
line wrap: on
line source

/* Invoke popen, but avoid some glitches.

   Copyright (C) 2009-2013 Free Software Foundation, Inc.

   This program is free software: you can redistribute it and/or modify
   it under the terms of the GNU General Public License as published by
   the Free Software Foundation; either version 3 of the License, or
   (at your option) any later version.

   This program is distributed in the hope that it will be useful,
   but WITHOUT ANY WARRANTY; without even the implied warranty of
   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
   GNU General Public License for more details.

   You should have received a copy of the GNU General Public License
   along with this program.  If not, see <http://www.gnu.org/licenses/>.  */

/* Written by Eric Blake.  */

#include <config.h>

#include "stdio-safer.h"

#include <errno.h>
#include <fcntl.h>
#include <unistd.h>

#include "cloexec.h"

/* Like open (name, flags | O_CLOEXEC), although not necessarily
   atomic.  FLAGS must not include O_CREAT.  */

static int
open_noinherit (char const *name, int flags)
{
  int fd;
#if O_CLOEXEC
  /* 0 = unknown, 1 = yes, -1 = no.  */
  static int have_cloexec;
  if (have_cloexec >= 0)
    {
      fd = open (name, flags | O_CLOEXEC);
      if (have_cloexec == 0 && (0 <= fd || errno == EINVAL))
        have_cloexec = (0 <= fd ? 1 : -1);
      if (have_cloexec == 1)
        return fd;
    }
#endif

  fd = open (name, flags);
  if (0 <= fd && set_cloexec_flag (fd, true) != 0)
    {
      int saved_errno = errno;
      close (fd);
      fd = -1;
      errno = saved_errno;
    }
  return fd;
}

/* Like popen, but do not return stdin, stdout, or stderr.  */

FILE *
popen_safer (char const *cmd, char const *mode)
{
  /* Unfortunately, we cannot use the fopen_safer approach of using
     fdopen (dup_safer (fileno (popen (cmd, mode)))), because stdio
     libraries maintain hidden state tying the original fd to the pid
     to wait on when using pclose (this hidden state is also used to
     avoid fd leaks in subsequent popen calls).  So, we instead
     guarantee that all standard streams are open prior to the popen
     call (even though this puts more pressure on open fds), so that
     the original fd created by popen is safe.  */
  FILE *fp;
  int fd = open_noinherit ("/dev/null", O_RDONLY);
  if (0 <= fd && fd <= STDERR_FILENO)
    {
      /* Maximum recursion depth is 3.  */
      int saved_errno;
      fp = popen_safer (cmd, mode);
      saved_errno = errno;
      close (fd);
      errno = saved_errno;
    }
  else
    {
      /* Either all fd's are tied up, or fd is safe and the real popen
         will reuse it.  */
      close (fd);
      fp = popen (cmd, mode);
    }
  return fp;
}