diff options
Diffstat (limited to 'src/filelock.c')
| -rw-r--r-- | src/filelock.c | 24 |
1 files changed, 9 insertions, 15 deletions
diff --git a/src/filelock.c b/src/filelock.c index 244663ad20a..b9c991e4baf 100644 --- a/src/filelock.c +++ b/src/filelock.c | |||
| @@ -257,18 +257,14 @@ void | |||
| 257 | get_boot_time_1 (const char *filename, bool newest) | 257 | get_boot_time_1 (const char *filename, bool newest) |
| 258 | { | 258 | { |
| 259 | struct utmp ut, *utp; | 259 | struct utmp ut, *utp; |
| 260 | int desc; | ||
| 261 | 260 | ||
| 262 | if (filename) | 261 | if (filename) |
| 263 | { | 262 | { |
| 264 | /* On some versions of IRIX, opening a nonexistent file name | 263 | /* On some versions of IRIX, opening a nonexistent file name |
| 265 | is likely to crash in the utmp routines. */ | 264 | is likely to crash in the utmp routines. */ |
| 266 | desc = emacs_open (filename, O_RDONLY, 0); | 265 | if (faccessat (AT_FDCWD, filename, R_OK, AT_EACCESS) != 0) |
| 267 | if (desc < 0) | ||
| 268 | return; | 266 | return; |
| 269 | 267 | ||
| 270 | emacs_close (desc); | ||
| 271 | |||
| 272 | utmpname (filename); | 268 | utmpname (filename); |
| 273 | } | 269 | } |
| 274 | 270 | ||
| @@ -412,8 +408,6 @@ create_lock_file (char *lfname, char *lock_info_str, bool force) | |||
| 412 | USE_SAFE_ALLOCA; | 408 | USE_SAFE_ALLOCA; |
| 413 | char *nonce = SAFE_ALLOCA (lfdirlen + sizeof nonce_base); | 409 | char *nonce = SAFE_ALLOCA (lfdirlen + sizeof nonce_base); |
| 414 | int fd; | 410 | int fd; |
| 415 | bool need_fchmod; | ||
| 416 | mode_t world_readable = S_IRUSR | S_IRGRP | S_IROTH; | ||
| 417 | memcpy (nonce, lfname, lfdirlen); | 411 | memcpy (nonce, lfname, lfdirlen); |
| 418 | strcpy (nonce + lfdirlen, nonce_base); | 412 | strcpy (nonce + lfdirlen, nonce_base); |
| 419 | 413 | ||
| @@ -421,17 +415,14 @@ create_lock_file (char *lfname, char *lock_info_str, bool force) | |||
| 421 | /* Prefer mkostemp to mkstemp, as it avoids a window where FD is | 415 | /* Prefer mkostemp to mkstemp, as it avoids a window where FD is |
| 422 | temporarily open without close-on-exec. */ | 416 | temporarily open without close-on-exec. */ |
| 423 | fd = mkostemp (nonce, O_BINARY | O_CLOEXEC); | 417 | fd = mkostemp (nonce, O_BINARY | O_CLOEXEC); |
| 424 | need_fchmod = 1; | ||
| 425 | #elif HAVE_MKSTEMP | 418 | #elif HAVE_MKSTEMP |
| 426 | /* Prefer mkstemp to mktemp, as it avoids a race between | 419 | /* Prefer mkstemp to mktemp, as it avoids a race between |
| 427 | mktemp and emacs_open. */ | 420 | mktemp and emacs_open. */ |
| 428 | fd = mkstemp (nonce); | 421 | fd = mkstemp (nonce); |
| 429 | need_fchmod = 1; | ||
| 430 | #else | 422 | #else |
| 431 | mktemp (nonce); | 423 | mktemp (nonce); |
| 432 | fd = emacs_open (nonce, O_WRONLY | O_CREAT | O_EXCL | O_BINARY, | 424 | fd = emacs_open (nonce, O_WRONLY | O_CREAT | O_EXCL | O_BINARY, |
| 433 | world_readable); | 425 | S_IRUSR | S_IWUSR); |
| 434 | need_fchmod = 0; | ||
| 435 | #endif | 426 | #endif |
| 436 | 427 | ||
| 437 | if (fd < 0) | 428 | if (fd < 0) |
| @@ -439,13 +430,15 @@ create_lock_file (char *lfname, char *lock_info_str, bool force) | |||
| 439 | else | 430 | else |
| 440 | { | 431 | { |
| 441 | ptrdiff_t lock_info_len; | 432 | ptrdiff_t lock_info_len; |
| 442 | #if ! HAVE_MKOSTEMP | 433 | #if ! (HAVE_MKOSTEMP && O_CLOEXEC) |
| 443 | fcntl (fd, F_SETFD, FD_CLOEXEC); | 434 | fcntl (fd, F_SETFD, FD_CLOEXEC); |
| 444 | #endif | 435 | #endif |
| 445 | lock_info_len = strlen (lock_info_str); | 436 | lock_info_len = strlen (lock_info_str); |
| 446 | err = 0; | 437 | err = 0; |
| 447 | if (emacs_write (fd, lock_info_str, lock_info_len) != lock_info_len | 438 | /* Use 'write', not 'emacs_write', as garbage collection |
| 448 | || (need_fchmod && fchmod (fd, world_readable) != 0)) | 439 | might signal an error, which would leak FD. */ |
| 440 | if (write (fd, lock_info_str, lock_info_len) != lock_info_len | ||
| 441 | || fchmod (fd, S_IRUSR | S_IRGRP | S_IROTH) != 0) | ||
| 449 | err = errno; | 442 | err = errno; |
| 450 | /* There is no need to call fsync here, as the contents of | 443 | /* There is no need to call fsync here, as the contents of |
| 451 | the lock file need not survive system crashes. */ | 444 | the lock file need not survive system crashes. */ |
| @@ -517,7 +510,8 @@ read_lock_data (char *lfname, char lfinfo[MAX_LFINFO + 1]) | |||
| 517 | int fd = emacs_open (lfname, O_RDONLY | O_BINARY | O_NOFOLLOW, 0); | 510 | int fd = emacs_open (lfname, O_RDONLY | O_BINARY | O_NOFOLLOW, 0); |
| 518 | if (0 <= fd) | 511 | if (0 <= fd) |
| 519 | { | 512 | { |
| 520 | ptrdiff_t read_bytes = emacs_read (fd, lfinfo, MAX_LFINFO + 1); | 513 | /* Use read, not emacs_read, since FD isn't unwind-protected. */ |
| 514 | ptrdiff_t read_bytes = read (fd, lfinfo, MAX_LFINFO + 1); | ||
| 521 | int read_errno = errno; | 515 | int read_errno = errno; |
| 522 | if (emacs_close (fd) != 0) | 516 | if (emacs_close (fd) != 0) |
| 523 | return -1; | 517 | return -1; |