From dcb4e4c14dd76bb2e1fd8ee5c5fb81e0bca75762 Mon Sep 17 00:00:00 2001 From: Karol Babioch Date: Thu, 5 Apr 2018 14:20:08 +0200 Subject: [PATCH 1/3] Open file descriptors with O_CLOEXEC This opens any file descriptors with the O_CLOEXEC flag, which will make sure that file descriptors won't be leaked into any child process. This was previously an issue due to a forgotten fclose() (#136). --- pam_yubico.c | 2 +- util.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/pam_yubico.c b/pam_yubico.c index af9ed27a..23cd353e 100644 --- a/pam_yubico.c +++ b/pam_yubico.c @@ -535,7 +535,7 @@ do_challenge_response(pam_handle_t *pamh, struct cfg *cfg, const char *username) } } - fd = open(userfile, O_RDONLY, 0); + fd = open(userfile, O_RDONLY | O_CLOEXEC, 0); if (fd < 0) { DBG ("Cannot open file: %s (%s)", userfile, strerror(errno)); goto restpriv_out; diff --git a/util.c b/util.c index 32bca06a..8aab9d1f 100644 --- a/util.c +++ b/util.c @@ -109,7 +109,7 @@ check_user_token (const char *authfile, struct stat st; FILE *opwfile; - fd = open(authfile, O_RDONLY, 0); + fd = open(authfile, O_RDONLY | O_CLOEXEC, 0); if (fd < 0) { if(verbose) D (debug_file, "Cannot open file: %s (%s)", authfile, strerror(errno)); From adc64186f0e4d98abe79f14f37aa134cd03c61d4 Mon Sep 17 00:00:00 2001 From: Karol Babioch Date: Thu, 5 Apr 2018 14:28:03 +0200 Subject: [PATCH 2/3] Use mkotemp() instead of mkstemp() This uses mkostemp() instead of mkstemp(), passing along the `O_CLOEXEC` flag, which makes sure that the file descriptor is closed and won't be leaked into any child process, which was previously an issue due to a missing fclose() (#136). --- pam_yubico.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pam_yubico.c b/pam_yubico.c index 23cd353e..15ae7135 100644 --- a/pam_yubico.c +++ b/pam_yubico.c @@ -654,7 +654,7 @@ do_challenge_response(pam_handle_t *pamh, struct cfg *cfg, const char *username) strcpy(tmpfile, userfile); strcat(tmpfile, TMPFILE_SUFFIX); - fd = mkstemp(tmpfile); + fd = mkostemp(tmpfile, O_CLOEXEC); if (fd < 0) { DBG ("Cannot open file: %s (%s)", tmpfile, strerror(errno)); goto restpriv_out; From 4ba40de63e7d9541ff62f5bed6713553854fe962 Mon Sep 17 00:00:00 2001 From: Karol Babioch Date: Thu, 5 Apr 2018 14:32:04 +0200 Subject: [PATCH 3/3] Add "e" flag to fopen() calls This adds the `e` flag to fopen() calls, making sure the `O_CLOEXEC` flag is used. This makes sure that the file descriptor is being closed and not leaked into child processes. This was an issues previously due to a missing fclose() (#136). --- pam_yubico.c | 2 +- util.c | 2 +- ykpamcfg.c | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/pam_yubico.c b/pam_yubico.c index 15ae7135..6e6afd9c 100644 --- a/pam_yubico.c +++ b/pam_yubico.c @@ -819,7 +819,7 @@ parse_cfg (int flags, int argc, const char **argv, struct cfg *cfg) { if(S_ISREG(st.st_mode)) { - file = fopen(filename, "a"); + file = fopen(filename, "ae"); if(file) { cfg->debug_file = file; diff --git a/util.c b/util.c index 8aab9d1f..9b773536 100644 --- a/util.c +++ b/util.c @@ -188,7 +188,7 @@ int generate_random(void *buf, int len) FILE *u; int res; - u = fopen("/dev/urandom", "r"); + u = fopen("/dev/urandom", "re"); if (!u) { return -1; } diff --git a/ykpamcfg.c b/ykpamcfg.c index 16dbb865..cfc4cd01 100644 --- a/ykpamcfg.c +++ b/ykpamcfg.c @@ -237,7 +237,7 @@ do_add_hmac_chalresp(YK_KEY *yk, uint8_t slot, bool verbose, char *output_dir, u umask(077); - f = fopen (fn, "w"); + f = fopen (fn, "we"); if (! f) { fprintf (stderr, "Failed opening '%s' for writing : %s\n", fn, strerror (errno)); goto out;