Hi,
I stumbled upon the following code in tempname.c:
switch (kind) { case __GT_NOCREATE: { struct stat st; if (stat (tmpl, &st) < 0) { if (errno == ENOENT) { fd = 0; goto restore_and_ret; } else /* Give up now. */ return -1; } else fd = 0; } case __GT_FILE: fd = open (tmpl, O_RDWR | O_CREAT | O_EXCL | flags, mode); break;
I am baffled by the 'else' branch of the check of 'stat (tmpl, &st) < 0'. If I understand the whole thing correctly, this is an error case, where a file with the temporary name already exists. But instead, the whole execution falls through to the __GT_FILE branch, and actually opens the file.
If this happens, this file never seems to be closed again (see for example the usage in tmpnam_r.c:30:
char * tmpnam_r (char *s) { if (s == NULL) return NULL;
if (__path_search (s, L_tmpnam, NULL, NULL, 0)) return NULL; if (__gen_tempname (s, __GT_NOCREATE, 0, 0, 0)) return NULL;
return s; }
I would suppose that instead of falling to the next switch-case, we should return with a non-zero value (maybe '1' to distinguish it from the general error case?).
Am I missing something basic?
Cheers, Sven
Hi Sven,
do you have a small C test case which might show the failure? It would be a nice addition to uClibc-ng testsuite if it show the failure.
best regards Waldemar
Sven Linker wrote,
Hi,
I stumbled upon the following code in tempname.c:
switch (kind) { case __GT_NOCREATE: { struct stat st; if (stat (tmpl, &st) < 0) { if (errno == ENOENT) { fd = 0; goto restore_and_ret; } else /* Give up now. */ return -1; } else fd = 0; } case __GT_FILE: fd = open (tmpl, O_RDWR | O_CREAT | O_EXCL | flags, mode); break;
I am baffled by the 'else' branch of the check of 'stat (tmpl, &st) < 0'. If I understand the whole thing correctly, this is an error case, where a file with the temporary name already exists. But instead, the whole execution falls through to the __GT_FILE branch, and actually opens the file.
If this happens, this file never seems to be closed again (see for example the usage in tmpnam_r.c:30:
char * tmpnam_r (char *s) { if (s == NULL) return NULL;
if (__path_search (s, L_tmpnam, NULL, NULL, 0))return NULL; if (__gen_tempname (s, __GT_NOCREATE, 0, 0, 0)) return NULL;
return s;}
I would suppose that instead of falling to the next switch-case, we should return with a non-zero value (maybe '1' to distinguish it from the general error case?).
Am I missing something basic?
Cheers, Sven -- Sven Linker Tel.: +49 351 41883243 Kernkonzept GmbH at Dresden, Germany, HRB 31129, CEO Dr.-Ing. Michael Hohmuth
devel mailing list -- devel@uclibc-ng.org To unsubscribe send an email to devel-leave@uclibc-ng.org
Hi,
On 31.01.24 11:08, Waldemar Brodkorb wrote:
do you have a small C test case which might show the failure?
I unfortunately currently don't have a proper setup to test this, but I would expect that this simple loop would deplete all available file descriptors so that at some point, one can't call "open" anymore:
#include <stdlib.h>
do { puts("Still fds available\n"); } while(!strcmp(mktemp("test"),""))
if(open("somefile.txt") < 0) { puts("fds are depleted. This should not have happened.\n"); }
Best regards, Marius
Hi,
I'm not sure if this really tests the branch where the issue is, but I am also not able to come up with a simple test myself (since it basically relies on predicting the random instantiation of the template).
But this patch should avoid opening the file, if it already exists.
Cheers, Sven
On Tue, 2024-02-06 at 15:13 +0100, Marius Melzer wrote:
Hi,
On 31.01.24 11:08, Waldemar Brodkorb wrote:
do you have a small C test case which might show the failure?
I unfortunately currently don't have a proper setup to test this, but I would expect that this simple loop would deplete all available file descriptors so that at some point, one can't call "open" anymore:
#include <stdlib.h>
do { puts("Still fds available\n"); } while(!strcmp(mktemp("test"),""))
if(open("somefile.txt") < 0) { puts("fds are depleted. This should not have happened.\n"); }
Best regards, Marius
Hi Sven,
okay. Can you resent the patch with git format-patch -s origin? Please add a commit message.
Thanks a lot in advance. Waldemar
Sven Linker wrote,
Hi,
I'm not sure if this really tests the branch where the issue is, but I am also not able to come up with a simple test myself (since it basically relies on predicting the random instantiation of the template).
But this patch should avoid opening the file, if it already exists.
Cheers, Sven
On Tue, 2024-02-06 at 15:13 +0100, Marius Melzer wrote:
Hi,
On 31.01.24 11:08, Waldemar Brodkorb wrote:
do you have a small C test case which might show the failure?
I unfortunately currently don't have a proper setup to test this, but I would expect that this simple loop would deplete all available file descriptors so that at some point, one can't call "open" anymore:
#include <stdlib.h>
do { puts("Still fds available\n"); } while(!strcmp(mktemp("test"),""))
if(open("somefile.txt") < 0) { puts("fds are depleted. This should not have happened.\n"); }
Best regards, Marius
-- Sven Linker Tel.: +49 351 41883243 Kernkonzept GmbH at Dresden, Germany, HRB 31129, CEO Dr.-Ing. Michael Hohmuth
diff --git a/libc/misc/internals/tempname.c b/libc/misc/internals/tempname.c index d3a8ccbd8..f9b714a68 100644 --- a/libc/misc/internals/tempname.c +++ b/libc/misc/internals/tempname.c @@ -218,7 +218,8 @@ int attribute_hidden __gen_tempname (char *tmpl, int kind, int flags, /* Give up now. */ return -1; } else
fd = 0;
/* File already exists, so return with non-zero value */return -1;
devel mailing list -- devel@uclibc-ng.org To unsubscribe send an email to devel-leave@uclibc-ng.org
Hi Waldemar,
sure, please find the patch attached.
Cheers, Sven
On Sun, 2024-02-11 at 07:04 +0100, Waldemar Brodkorb wrote:
Hi Sven,
okay. Can you resent the patch with git format-patch -s origin? Please add a commit message.
Thanks a lot in advance. Waldemar
Sven Linker wrote,
Hi,
I'm not sure if this really tests the branch where the issue is, but I am also not able to come up with a simple test myself (since it basically relies on predicting the random instantiation of the template).
But this patch should avoid opening the file, if it already exists.
Cheers, Sven
On Tue, 2024-02-06 at 15:13 +0100, Marius Melzer wrote:
Hi,
On 31.01.24 11:08, Waldemar Brodkorb wrote:
do you have a small C test case which might show the failure?
I unfortunately currently don't have a proper setup to test this, but I would expect that this simple loop would deplete all available file descriptors so that at some point, one can't call "open" anymore:
#include <stdlib.h>
do { puts("Still fds available\n"); } while(!strcmp(mktemp("test"),""))
if(open("somefile.txt") < 0) { puts("fds are depleted. This should not have happened.\n"); }
Best regards, Marius
-- Sven Linker Tel.: +49 351 41883243 Kernkonzept GmbH at Dresden, Germany, HRB 31129, CEO Dr.-Ing. Michael Hohmuth
diff --git a/libc/misc/internals/tempname.c b/libc/misc/internals/tempname.c index d3a8ccbd8..f9b714a68 100644 --- a/libc/misc/internals/tempname.c +++ b/libc/misc/internals/tempname.c @@ -218,7 +218,8 @@ int attribute_hidden __gen_tempname (char *tmpl, int kind, int flags, /* Give up now. */ return -1; } else
fd = 0;
/* File already exists, so return withnon-zero value */
return -1;} case __GT_FILE: fd = open (tmpl, O_RDWR | O_CREAT | O_EXCL | flags, mode);
devel mailing list -- devel@uclibc-ng.org To unsubscribe send an email to devel-leave@uclibc-ng.org
Hi Sven,
thanks, applied and pushed.
best regards Waldemar
Sven Linker wrote,
Hi Waldemar,
sure, please find the patch attached.
Cheers, Sven
On Sun, 2024-02-11 at 07:04 +0100, Waldemar Brodkorb wrote:
Hi Sven,
okay. Can you resent the patch with git format-patch -s origin? Please add a commit message.
Thanks a lot in advance. Waldemar
Sven Linker wrote,
Hi,
I'm not sure if this really tests the branch where the issue is, but I am also not able to come up with a simple test myself (since it basically relies on predicting the random instantiation of the template).
But this patch should avoid opening the file, if it already exists.
Cheers, Sven
On Tue, 2024-02-06 at 15:13 +0100, Marius Melzer wrote:
Hi,
On 31.01.24 11:08, Waldemar Brodkorb wrote:
do you have a small C test case which might show the failure?
I unfortunately currently don't have a proper setup to test this, but I would expect that this simple loop would deplete all available file descriptors so that at some point, one can't call "open" anymore:
#include <stdlib.h>
do { puts("Still fds available\n"); } while(!strcmp(mktemp("test"),""))
if(open("somefile.txt") < 0) { puts("fds are depleted. This should not have happened.\n"); }
Best regards, Marius
-- Sven Linker Tel.: +49 351 41883243 Kernkonzept GmbH at Dresden, Germany, HRB 31129, CEO Dr.-Ing. Michael Hohmuth
diff --git a/libc/misc/internals/tempname.c b/libc/misc/internals/tempname.c index d3a8ccbd8..f9b714a68 100644 --- a/libc/misc/internals/tempname.c +++ b/libc/misc/internals/tempname.c @@ -218,7 +218,8 @@ int attribute_hidden __gen_tempname (char *tmpl, int kind, int flags, /* Give up now. */ return -1; } else
fd = 0;
/* File already exists, so return withnon-zero value */
return -1;} case __GT_FILE: fd = open (tmpl, O_RDWR | O_CREAT | O_EXCL | flags, mode);
devel mailing list -- devel@uclibc-ng.org To unsubscribe send an email to devel-leave@uclibc-ng.org
-- Sven Linker Tel.: +49 351 41883243 Kernkonzept GmbH at Dresden, Germany, HRB 31129, CEO Dr.-Ing. Michael Hohmuth
From fb56d9874751c51f493a3ce63080c8c320ef614a Mon Sep 17 00:00:00 2001 From: Sven Linker sven.linker@kernkonzept.com Date: Wed, 7 Feb 2024 10:27:58 +0100 Subject: [PATCH] Avoid fall-through if file matching temporary name exists
During checking whether a temporary name can be created, it may happen that a file with this name already exists. Avoid falling through to opening the file name in this case, and return with an error instead.
Signed-off-by: Sven Linker sven.linker@kernkonzept.com
libc/misc/internals/tempname.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/libc/misc/internals/tempname.c b/libc/misc/internals/tempname.c index d3a8ccbd8..f9b714a68 100644 --- a/libc/misc/internals/tempname.c +++ b/libc/misc/internals/tempname.c @@ -218,7 +218,8 @@ int attribute_hidden __gen_tempname (char *tmpl, int kind, int flags, /* Give up now. */ return -1; } else
fd = 0;
/* File already exists, so return with non-zero value */return -1;-- 2.43.0
devel mailing list -- devel@uclibc-ng.org To unsubscribe send an email to devel-leave@uclibc-ng.org
-
Marius Melzer -
Sven Linker -
Waldemar Brodkorb -
Waldemar Brodkorb