Fossil

Check-in [6dbaa674]
Login

Many hyperlinks are disabled.
Use anonymous login to enable hyperlinks.

Overview
Comment:Further improvements to the defenses against being invoked without file descriptor 2 being open.
Downloads: Tarball | ZIP archive | SQL archive
Timelines: family | ancestors | descendants | both | trunk
Files: files | file ages | folders
SHA1:6dbaa67420c7c732b47a77fb59b0eab079203677
User & Date: drh 2015-02-07 21:14:45
Context
2015-02-08
00:22
Fix formatting issues on the object description in /artifact check-in: ca30907b user: drh tags: trunk
2015-02-07
21:14
Further improvements to the defenses against being invoked without file descriptor 2 being open. check-in: 6dbaa674 user: drh tags: trunk
20:40
Put the output into CGI or inetd mode prior to failing with a "file-descriptor 2 not open" error. check-in: 35ab16bc user: drh tags: trunk
Changes
Hide Diffs Unified Diffs Ignore Whitespace Patch

Changes to src/main.c.

687
688
689
690
691
692
693





694

695

696


697
698
699
700
701
702
703
704
      zNewArgv[1] = "help";
      g.argc++;
      g.argv = zNewArgv;
    }
    zCmdName = g.argv[1];
  }
#ifndef _WIN32





  /* Make sure open() will not return file descriptor 2. */

  { int nTry = 0;

    while( !is_valid_fd(2) && nTry++ < 2 && open("/dev/null",O_WRONLY)>=0 ){}


    if( !is_valid_fd(2) ){
      g.cgiOutput = 1;
      g.httpOut = stdout;
      g.fullHttpReply = !g.isHTTP;
      fossil_fatal("file descriptor 2 is not open");
    }
  }
#endif







>
>
>
>
>
|
>
|
>
|
>
>
|







687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
      zNewArgv[1] = "help";
      g.argc++;
      g.argv = zNewArgv;
    }
    zCmdName = g.argv[1];
  }
#ifndef _WIN32
  /* There is a bug in stunnel4 in which it sometimes starts up client
  ** processes without first opening file descriptor 2 (standard error).
  ** If this happens, and a subsequent open() of a database returns file
  ** descriptor 2, and then an assert() fires and writes on fd 2, that
  ** can corrupt the data file.  To avoid this problem, make sure open()
  ** will never return file descriptor 2 or less. */
  if( !is_valid_fd(2) ){
    int nTry = 0;
    int fd = 0;
    while( !is_valid_fd(2)
        && (nTry++)<2
        && (fd = open("/dev/null",O_WRONLY))>=0 && fd<2 ){}
    if( fd<2 && !is_valid_fd(2) ){
      g.cgiOutput = 1;
      g.httpOut = stdout;
      g.fullHttpReply = !g.isHTTP;
      fossil_fatal("file descriptor 2 is not open");
    }
  }
#endif