server: Disallow -FD for stdin/stdout/stderr.

$ ./nbdkit ssh host=localhost /nosuchfile password=-0 --run 'qemu-img info $nbd' abc fcntl: Bad file descriptor The reason for this is that we close the file descriptor after reading the password. Closing stdin causes bad stuff to happen.
libguestfs · Jun 1, 2020 · 84c7103 · 84c7103
1 parent 7506b09
commit 84c7103
Show file tree

Hide file tree

Showing 2 changed files with 7 additions and 2 deletions.
diff --git a/docs/nbdkit-plugin.pod b/docs/nbdkit-plugin.pod
@@ -1249,6 +1249,11 @@ passed in a file.
 
 C<password=-> can only be used when stdin is a terminal.
 
+C<password=-FD> cannot be used with stdin, stdout or stderr
+(ie. C<-0>, C<-1> or C<-2>).  The reason is that after reading the
+password the file descriptor is closed, which causes bad stuff to
+happen.
+
 =head2 Safely interacting with stdin and stdout
 
  int nbdkit_stdio_safe (void);

diff --git a/server/public.c b/server/public.c
@@ -433,8 +433,8 @@ nbdkit_read_password (const char *value, char **password)
 
     if (nbdkit_parse_int ("password file descriptor", &value[1], &fd) == -1)
       return -1;
-    if (fd == STDIN_FILENO && !nbdkit_stdio_safe ()) {
-      nbdkit_error ("stdin is not available for reading password");
+    if (fd == STDIN_FILENO || fd == STDOUT_FILENO || fd == STDERR_FILENO) {
+      nbdkit_error ("cannot use password -FD for stdin/stdout/stderr");
       return -1;
     }
     if (read_password_from_fd (&value[1], fd, password) == -1)