X-Git-Url: https://git.ozlabs.org/?a=blobdiff_plain;f=pppd%2Ftty.c;h=dcdb82514d377b614ab970af11289937653f735f;hb=93b2bde457ac91bd4a395dfafd6bd5eed670c85a;hp=803d8ba02edecad13d30d4cc38517d7731b4f56a;hpb=f53a48eb9d74db3c71938e114b7f489c339bc003;p=ppp.git

diff --git a/pppd/tty.c b/pppd/tty.c
index 803d8ba..dcdb825 100644
--- a/pppd/tty.c
+++ b/pppd/tty.c
@@ -73,7 +73,7 @@
  * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  */
 
-#define RCSID	"$Id: tty.c,v 1.8 2002/12/04 23:03:33 paulus Exp $"
+#define RCSID	"$Id: tty.c,v 1.12 2003/04/07 00:01:46 paulus Exp $"
 
 #include <stdio.h>
 #include <ctype.h>
@@ -614,6 +614,11 @@ int connect_tty()
 
 			if (pipe(ipipe) < 0 || pipe(opipe) < 0)
 				fatal("Couldn't create pipes for record option: %m");
+
+			/* don't leak these to the ptycommand */
+			(void) fcntl(ipipe[0], F_SETFD, FD_CLOEXEC);
+			(void) fcntl(opipe[1], F_SETFD, FD_CLOEXEC);
+
 			ok = device_script(ptycommand, opipe[0], ipipe[1], 1) == 0
 				&& start_charshunt(ipipe[0], opipe[1]);
 			close(ipipe[0]);
@@ -882,7 +887,7 @@ start_charshunt(ifd, ofd)
 {
     int cpid;
 
-    cpid = fork();
+    cpid = safe_fork();
     if (cpid == -1) {
 	error("Can't fork process for character shunt: %m");
 	return 0;
@@ -894,7 +899,6 @@ start_charshunt(ifd, ofd)
 	if (getuid() != uid)
 	    fatal("setuid failed");
 	setgid(getgid());
-	sys_close();
 	if (!nodetach)
 	    log_to_fd = -1;
 	charshunt(ifd, ofd, record_file);
@@ -992,6 +996,13 @@ charshunt(ifd, ofd, record_file)
     signal(SIGXFSZ, SIG_DFL);
 #endif
 
+    /*
+     * Check that the fds won't overrun the fd_sets
+     */
+    if (ifd >= FD_SETSIZE || ofd >= FD_SETSIZE || pty_master >= FD_SETSIZE)
+	fatal("internal error: file descriptor too large (%d, %d, %d)",
+	      ifd, ofd, pty_master);
+
     /*
      * Open the record file if required.
      */