splatink/lbmk
1
0
Fork 0
mirror of https://codeberg.org/libreboot/lbmk.git synced 2026-03-25 13:29:03 +02:00
Code Issues Packages Projects Releases Wiki Activity

libreboot-utils: general code cleanup

Browse Source 
Signed-off-by: Leah Rowe <leah@libreboot.org>
This commit is contained in:
Leah Rowe
2026-03-24 07:41:45 +00:00
parent e7ede0c755
commit cce396a1ac
7 changed files with 212 additions and 509 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
util/libreboot-utils/include/common.h
View File

@@ -531,6 +531,8 @@ int fs_rename_at(int olddirfd, const char *old,
int newdirfd, const char *new);
int fs_open(const char *path, int flags);
void close_no_err(int *fd);
void free_if_null(char **buf);
int close_warn(int *fd, char *s);
struct filesystem *rootfs(void);
int fs_resolve_at(int dirfd, const char *path, int flags);
int fs_next_component(const char **p,
@@ -543,6 +545,8 @@ int openat2p(int dirfd, const char *path,
int flags, mode_t mode);
int mkdirat_on_eintr(int dirfd,
const char *pathname, mode_t mode);
int if_err(int condition, int errval);
int if_err_sys(int condition);
/* asserts */

349
util/libreboot-utils/lib/file.c
View File

@@ -1,11 +1,12 @@
/* SPDX-License-Identifier: MIT
* Copyright (c) 2026 Leah Rowe <leah@libreboot.org>
*
* Pathless i/o, and some stuff you probably never saw.
* Pathless i/o, and some stuff you
* probably never saw in userspace.
*
* Be nice to the demon.
*/
#include <sys/types.h>
#include <sys/stat.h>
@@ -134,31 +135,13 @@ fsync_dir(const char *path)
maxlen = 4096;
#endif
if (path == NULL) {
errno = EFAULT;
if (if_err(path == NULL, EFAULT) ||
if_err_sys(slen(path, maxlen, &pathlen) < 0) ||
if_err(pathlen >= maxlen || pathlen < 0, EMSGSIZE) ||
if_err(pathlen == 0, EINVAL)
||
if_err_sys((dirbuf = malloc(pathlen + 1)) == NULL))
goto err_fsync_dir;
}
if (slen(path, maxlen, &pathlen) < 0)
goto err_fsync_dir;
if (pathlen >= maxlen || pathlen < 0) {
errno = EMSGSIZE;
goto err_fsync_dir;
}
if (pathlen == 0)
{
errno = EINVAL;
goto err_fsync_dir;
}
dirbuf = malloc(pathlen + 1);
if (dirbuf == NULL) {
errno = ENOMEM;
goto err_fsync_dir;
}
memcpy(dirbuf, path, pathlen + 1);
slash = strrchr(dirbuf, '/');
@@ -183,20 +166,12 @@ fsync_dir(const char *path)
| O_NOFOLLOW
#endif
);
if (dirfd < 0)
goto err_fsync_dir;
if (fstat(dirfd, &st) < 0)
goto err_fsync_dir;
if (!S_ISDIR(st.st_mode)) {
errno = ENOTDIR;
goto err_fsync_dir;
}
/* sync file on disk */
if (fsync_on_eintr(dirfd) == -1)
if (if_err_sys(dirfd < 0) ||
if_err_sys(fstat(dirfd, &st) < 0) ||
if_err(!S_ISDIR(st.st_mode), ENOTDIR)
||
if_err_sys(fsync_on_eintr(dirfd) == -1))
goto err_fsync_dir;
if (close_on_eintr(dirfd) == -1) {
@@ -205,13 +180,7 @@ fsync_dir(const char *path)
goto err_fsync_dir;
}
if (dirbuf != NULL) {
free(dirbuf);
dirbuf = NULL;
}
dirbuf = NULL;
free_if_null(&dirbuf);
errno = saved_errno;
return 0;
@@ -221,19 +190,8 @@ err_fsync_dir:
if (errno == saved_errno)
errno = EIO;
if (dirbuf != NULL) {
free(dirbuf);
dirbuf = NULL;
}
if (dirfd >= 0) {
close_errno = errno;
(void) close_on_eintr(dirfd);
errno = close_errno;
dirfd = -1;
}
free_if_null(&dirbuf);
close_no_err(&dirfd);
return -1;
}
@@ -545,57 +503,19 @@ io_args(int fd, void *mem, size_t nrw,
{
int saved_errno = errno;
/* obviously */
if (mem == NULL) {
errno = EFAULT;
if (if_err(mem == NULL, EFAULT) ||
if_err(fd < 0, EBADF) ||
if_err(off < 0, ERANGE) ||
if_err(!nrw, EPERM) || /* TODO: toggle zero-byte check */
if_err(nrw > (size_t)SSIZE_MAX, ERANGE) ||
if_err(((size_t)off + nrw) < (size_t)off, ERANGE) ||
if_err(rw_type > IO_PWRITE, EINVAL))
goto err_io_args;
}
/* uninitialised fd */
if (fd < 0) {
errno = EBADF;
goto err_io_args;
}
/* negative offset */
if (off < 0) {
errno = ERANGE;
goto err_io_args;
}
/* prevent zero-byte rw */
if (!nrw)
goto err_io_args;
/* prevent overflow */
if (nrw > (size_t)SSIZE_MAX) {
errno = ERANGE;
goto err_io_args;
}
/* prevent overflow */
if (((size_t)off + nrw) < (size_t)off) {
errno = ERANGE;
goto err_io_args;
}
if (rw_type > IO_PWRITE) {
errno = EINVAL;
goto err_io_args;
}
errno = saved_errno;
return 0;
err_io_args:
if (errno == saved_errno)
errno = EINVAL;
@@ -607,31 +527,16 @@ check_file(int fd, struct stat *st)
{
int saved_errno = errno;
if (fd < 0) {
errno = EBADF;
if (if_err(fd < 0, EBADF) ||
if_err(st == NULL, EFAULT) ||
if_err(fstat(fd, st) == -1, 0) ||
if_err(!S_ISREG(st->st_mode), EBADF))
goto err_is_file;
}
if (st == NULL) {
errno = EFAULT;
goto err_is_file;
}
if (fstat(fd, st) == -1)
goto err_is_file;
if (!S_ISREG(st->st_mode)) {
errno = EBADF;
goto err_is_file;
}
errno = saved_errno;
return 0;
err_is_file:
if (errno == saved_errno)
errno = EINVAL;
@@ -647,54 +552,16 @@ rw_over_nrw(ssize_t r, size_t nrw)
{
int saved_errno = errno;
/* not a libc bug, but we
* don't like the number zero
*/
if (!nrw)
if (if_err(!nrw, 0) ||
if_err(r == -1, 0) ||
if_err((size_t)r > SSIZE_MAX, ERANGE) ||
if_err((size_t)r > nrw, ERANGE))
goto err_rw_over_nrw;
if (r == -1)
return r;
if ((size_t)
r > SSIZE_MAX) {
/* Theoretical buggy libc
* check. Extremely academic.
*
* Specifications never
* allow this return value
* to exceed SSIZE_T, but
* spec != implementation
*
* Check this after using
* [p]read() or [p]write()
*
* NOTE: here, we assume
* ssize_t integers are the
* same size as SSIZE_T
*/
errno = ERANGE;
goto err_rw_over_nrw;
}
/* Theoretical buggy libc:
* Should never return a number of
* bytes above the requested length.
*/
if ((size_t)r > nrw) {
errno = ERANGE;
goto err_rw_over_nrw;
}
errno = saved_errno;
return r;
err_rw_over_nrw:
if (errno == saved_errno)
errno = EIO;
@@ -723,23 +590,91 @@ lseek_on_eintr(int fd, off_t off, int whence,
}
#endif
/* two functions that reduce sloccount by
* two hundred lines... no, now three. */
int
if_err(int condition, int errval)
{
if (!condition)
return 0;
if (errval)
errno = errval;
return 1;
}
/* technically pointless, but stylistically
* pleasing alongside if_err chains.
* use this one for syscalls that are
* expected to set errno
* also use it for non-system calls
* that act like them, e.g. prw() or
* rw_write_exact() */
int
if_err_sys(int condition)
{
if (!condition)
return 0;
return 1;
}
/* errno can never be -1, so you can
* use this to conditionally set an integer
* for comparison. see example in lseek_on_eintr
*/
int
try_err(int loop_err, int errval)
{
if (loop_err)
return errval;
return -1;
}
void
free_if_null(char **buf)
{
if (buf == NULL || *buf == NULL)
return;
free(*buf);
*buf = NULL;
}
/* also returns error code */
int
close_warn(int *fd, char *s)
{
int saved_errno = errno;
if (fd == NULL) {
if (s != NULL)
fprintf(stderr, "FAIL: %s: bad fd ptr\n", s);
return -1;
}
if (*fd < 0 && s != NULL) {
fprintf(stderr, "WARN: %s: already closed\n", s);
} else if (close(*fd) < 0) {
if (s != NULL)
fprintf(stderr, "FAIL: %s: close\n", s);
return -1;
}
*fd = -1;
errno = saved_errno;
return 0;
}
/* TODO: remove this. giant liability.
make close calls always err instead,
when they fail. otherwise we hide bugs!
*/
void
close_no_err(int *fd)
{
int saved_errno = errno;
if (fd == NULL)
return;
if (*fd < 0)
if (fd == NULL || *fd < 0)
return;
(void) close_on_eintr(*fd);
@@ -748,6 +683,9 @@ close_no_err(int *fd)
errno = saved_errno;
}
/* TODO: make fd a pointer insttead
and automatically reset -1 here */
/* BUT DO NOT reset -1 on error */
int
close_on_eintr(int fd)
{
@@ -787,17 +725,9 @@ int
fs_rename_at(int olddirfd, const char *old,
int newdirfd, const char *new)
{
if (new == NULL || old == NULL) {
errno = EFAULT;
if (if_err(new == NULL || old == NULL, EFAULT) ||
if_err(olddirfd < 0 || newdirfd < 0, EBADF))
return -1;
}
if (olddirfd < 0 || newdirfd < 0) {
errno = EBADF;
return -1;
}
return renameat(olddirfd, old, newdirfd, new);
}
@@ -812,25 +742,13 @@ int
fs_open(const char *path, int flags)
{
struct filesystem *fs;
const char *rel;
if (path == NULL) {
errno = EFAULT;
return -1;
}
if (path[0] != '/') {
errno = EINVAL;
return -1;
}
fs = rootfs();
if (fs == NULL)
if (if_err(path == NULL, EFAULT) ||
if_err(path[0] != '/', EINVAL) ||
if_err_sys((fs = rootfs()) == NULL))
return -1;
rel = path + 1;
return fs_resolve_at(fs->rootfd, rel, flags);
return fs_resolve_at(fs->rootfd, path + 1, flags);
}
/* singleton function
@@ -980,12 +898,8 @@ fs_open_component(int dirfd, const char *name,
*/
if (!is_last) {
if (fd < 0) {
errno = EBADF;
return -1;
}
if (fstat(fd, &st) < 0)
if (if_err(fd < 0, EBADF) ||
if_err_sys(fstat(fd, &st) < 0))
return -1;
if (!S_ISDIR(st.st_mode)) {
@@ -1015,14 +929,9 @@ fs_dirname_basename(const char *path,
size_t maxlen = 4096;
#endif
if (path == NULL || dir == NULL || base == NULL)
return -1;
if (slen(path, maxlen, &len) < 0)
return -1;
buf = malloc(len + 1);
if (buf == NULL)
if (path == NULL || dir == NULL || base == NULL ||
if_err_sys(slen(path, maxlen, &len) < 0) ||
if_err_sys((buf = malloc(len + 1)) == NULL))
return -1;
memcpy(buf, path, len + 1);
@@ -1049,7 +958,7 @@ fs_dirname_basename(const char *path,
*base = buf;
} else {
errno = EINVAL;
free(buf);
free_if_null(&buf);
return -1;
}
@@ -1079,15 +988,9 @@ openat2p(int dirfd, const char *path,
int rval;
#endif
if (dirfd < 0) {
errno = EBADF;
if (if_err(dirfd < 0, EBADF) ||
if_err(path == NULL, EFAULT))
return -1;
}
if (path == NULL) {
errno = EFAULT;
return -1;
}
retry:
errno = 0;
@@ -1124,15 +1027,9 @@ mkdirat_on_eintr( /* <-- say that 10 times to please the demon */
int saved_errno = errno;
int rval;
if (dirfd < 0) {
errno = EBADF;
if (if_err(dirfd < 0, EBADF) ||
if_err(path == NULL, EFAULT))
return -1;
}
if (path == NULL) {
errno = EFAULT;
return -1;
}
retry:
errno = 0;

32
util/libreboot-utils/lib/io.c
View File

@@ -239,21 +239,8 @@ write_to_gbe_bin(void)
saved_errno = errno;
if (close_on_eintr(f->tmp_fd) == -1) {
f->tmp_fd = -1;
fprintf(stderr, "FAIL: %s: close\n", f->tname);
f->io_err_gbe_bin = 1;
}
f->tmp_fd = -1;
if (close_on_eintr(f->gbe_fd) == -1) {
f->gbe_fd = -1;
fprintf(stderr, "FAIL: %s: close\n", f->fname);
f->io_err_gbe_bin = 1;
}
f->gbe_fd = -1;
f->io_err_gbe_bin |= -close_warn(&f->tmp_fd, f->tname);
f->io_err_gbe_bin |= -close_warn(&f->gbe_fd, f->fname);
errno = saved_errno;
@@ -279,13 +266,7 @@ write_to_gbe_bin(void)
/* removed by rename
*/
if (f->tname != NULL) {
free(f->tname);
f->tname = NULL;
}
f->tname = NULL;
free_if_null(&f->tname);
}
}
@@ -513,12 +494,7 @@ gbe_mv(void)
goto ret_gbe_mv;
}
if (dest_tmp != NULL) {
free(dest_tmp);
dest_tmp = NULL;
}
dest_tmp = NULL;
free_if_null(&dest_tmp);
ret_gbe_mv:

299
util/libreboot-utils/lib/mkhtemp.c
View File

@@ -168,10 +168,7 @@ err:
else
saved_errno = errno = EIO;
if (dest != NULL) {
free(dest);
dest = NULL;
}
free_if_null(&dest);
close_no_err(&dirfd);
close_no_err(fd);
@@ -543,76 +540,32 @@ mkhtemp(int *fd,
int r;
char *end;
if (fd == NULL ||
template == NULL ||
fname == NULL ||
st_dir_initial == NULL) {
errno = EFAULT;
return -1;
}
/* we do not mess with an
open descriptor.
*/
if (*fd >= 0) {
errno = EEXIST; /* leave their file alone */
return -1;
}
if (dirfd < 0) {
errno = EBADF;
return -1;
}
if (slen(template, max_len, &len) < 0)
if (if_err(fd == NULL || template == NULL || fname == NULL ||
st_dir_initial == NULL, EFAULT) ||
if_err(*fd >= 0, EEXIST) ||
if_err(dirfd < 0, EBADF)
||
if_err_sys(slen(template, max_len, &len) < 0) ||
if_err(len >= max_len, EMSGSIZE)
||
if_err_sys(slen(fname, max_len, &fname_len)) ||
if_err(fname == 0, EINVAL) ||
if_err(strrchr(fname, '/') != NULL, EINVAL))
return -1;
if (len >= max_len) {
errno = EMSGSIZE;
return -1;
}
for (end = template + len; /* count X */
end > template && *--end == 'X'; xc++);
if (slen(fname, max_len, &fname_len) < 0)
if (if_err(xc < 6 || xc > len, EINVAL) ||
if_err(fname_len > len, EOVERFLOW))
return -1;
if (fname_len == 0) {
errno = EINVAL;
if (if_err(memcmp(fname, template + len - fname_len,
fname_len) != 0, EINVAL))
return -1;
}
if (strrchr(fname, '/') != NULL) {
errno = EINVAL;
return -1;
}
/* count trailing X */
end = template + len;
while (end > template && *--end == 'X')
xc++;
if (xc < 6 || xc > len) {
errno = EINVAL;
return -1;
}
if (fname_len > len) {
errno = EOVERFLOW;
return -1;
}
if (memcmp(fname,
template + len - fname_len,
fname_len) != 0) {
errno = EINVAL;
return -1;
}
fname_copy = malloc(fname_len + 1);
if (fname_copy == NULL) {
errno = ENOMEM;
if((fname_copy = malloc(fname_len + 1)) == NULL)
goto err;
}
/* fname_copy = suffix region only; p points to trailing XXXXXX */
memcpy(fname_copy,
@@ -622,15 +575,9 @@ mkhtemp(int *fd,
for (retries = 0; retries < MKHTEMP_RETRY_MAX; retries++) {
r = mkhtemp_try_create(
dirfd,
st_dir_initial,
fname_copy,
p,
xc,
fd,
st,
type);
r = mkhtemp_try_create(dirfd,
st_dir_initial, fname_copy,
p, xc, fd, st, type);
if (r == 0) {
if (retries >= MKHTEMP_SPIN_THRESHOLD) {
@@ -658,9 +605,7 @@ err:
close_no_err(fd);
success:
if (fname_copy != NULL)
free(fname_copy);
free_if_null(&fname_copy);
return (*fd >= 0) ? *fd : -1;
}
@@ -682,29 +627,21 @@ mkhtemp_try_create(int dirfd,
int file_created = 0;
int dir_created = 0;
if (fd == NULL || st == NULL || p == NULL || fname_copy == NULL ||
st_dir_initial == NULL) {
errno = EFAULT;
goto err;
} else if (*fd >= 0) { /* do not mess with someone else's file */
errno = EEXIST;
goto err;
}
if (mkhtemp_fill_random(p, xc) < 0)
if (if_err(fd == NULL || st == NULL || p ==NULL || fname_copy ==NULL ||
st_dir_initial == NULL, EFAULT) ||
if_err(*fd >= 0, EEXIST))
goto err;
if (fd_verify_dir_identity(dirfd, st_dir_initial) < 0)
if (if_err_sys(mkhtemp_fill_random(p, xc) < 0) ||
if_err_sys(fd_verify_dir_identity(dirfd, st_dir_initial) < 0))
goto err;
if (type == MKHTEMP_FILE) {
*fd = openat2p(dirfd, fname_copy,
O_RDWR | O_CREAT | O_EXCL |
O_NOFOLLOW | O_CLOEXEC | O_NOCTTY,
0600);
O_NOFOLLOW | O_CLOEXEC | O_NOCTTY, 0600);
/* O_CREAT and O_EXCL guarantees
* creation upon success
/* O_CREAT and O_EXCL guarantees creation upon success
*/
if (*fd >= 0)
file_created = 1;
@@ -724,23 +661,15 @@ mkhtemp_try_create(int dirfd,
if (fd_verify_dir_identity(dirfd, st_dir_initial) < 0)
goto err;
*fd = openat2p(dirfd, fname_copy,
O_RDONLY | O_DIRECTORY | O_CLOEXEC, 0);
if (*fd < 0)
if ((*fd = openat2p(dirfd, fname_copy,
O_RDONLY | O_DIRECTORY | O_CLOEXEC, 0)) < 0)
goto err;
if (fstat(*fd, &st_open) < 0)
if (if_err_sys(fstat(*fd, &st_open) < 0) ||
if_err(!S_ISDIR(st_open.st_mode), ENOTDIR))
goto err;
if (!S_ISDIR(st_open.st_mode)) {
errno = ENOTDIR;
goto err;
}
/* NOTE: could check nlink count here,
* but it's not very reliable here. skipped.
*/
/* NOTE: pointless to check nlink here (only just opened) */
if (fd_verify_dir_identity(dirfd, st_dir_initial) < 0)
goto err;
@@ -776,19 +705,10 @@ mkhtemp_try_create(int dirfd,
if (fd_verify_identity(*fd, &st_open, st_dir_initial) < 0)
goto err;
if (!S_ISDIR(st_open.st_mode)) {
errno = ENOTDIR;
if (if_err(!S_ISDIR(st_open.st_mode), ENOTDIR) ||
if_err_sys(is_owner(&st_open) < 0) ||
if_err(st_open.st_mode & (S_IWGRP | S_IWOTH), EPERM))
goto err;
}
if (is_owner(&st_open) < 0)
goto err;
/* group/world writeable */
if (st_open.st_mode & (S_IWGRP | S_IWOTH)) {
errno = EPERM;
goto err;
}
}
errno = saved_errno;
@@ -800,7 +720,6 @@ err:
if (file_created)
(void) unlinkat(dirfd, fname_copy, 0);
if (dir_created)
(void) unlinkat(dirfd, fname_copy, AT_REMOVEDIR);
@@ -879,6 +798,9 @@ err_mkhtemp_fill_random:
* !!! DO NOT RUN TWICE PER FILE. BEWARE OF THE DEMON !!!
* watch out for spikes!
*/
/* TODO: bad_flags can be negative, and is
* ignored if it is. should we err instead?
*/
int secure_file(int *fd,
struct stat *st,
struct stat *expected,
@@ -890,93 +812,40 @@ int secure_file(int *fd,
int flags;
struct stat st_now;
int saved_errno = errno;
/* you have been warned */
if (fd == NULL) {
errno = EFAULT;
if (if_err(fd == NULL || st == NULL, EFAULT) ||
if_err(*fd < 0, EBADF) ||
if_err_sys((flags = fcntl(*fd, F_GETFL)) == -1) ||
if_err(bad_flags > 0 && (flags & bad_flags), EPERM))
goto err_demons;
}
if (*fd < 0) {
errno = EBADF;
goto err_demons;
}
if (st == NULL) {
errno = EFAULT;
goto err_demons;
}
flags = fcntl(*fd, F_GETFL);
if (flags == -1)
goto err_demons;
if (bad_flags > 0) {
/* e.g. O_APPEND breaks pwrite/pread
* by allowing offsets to be ignored */
if (flags & bad_flags) {
errno = EPERM;
goto err_demons;
}
}
if (expected != NULL) {
if (fd_verify_regular(*fd, expected, st) < 0)
goto err_demons;
} else {
if (fstat(*fd, &st_now) == -1)
goto err_demons;
if (!S_ISREG(st_now.st_mode)) {
errno = EBADF;
goto err_demons;
}
*st = st_now;
}
if (check_seek) {
/* check if it's seekable */
} else if (if_err_sys(fstat(*fd, &st_now) == -1) ||
if_err(!S_ISREG(st_now.st_mode), EBADF)) {
goto err_demons; /***********/
} else /* ( >:3 ) */
*st = st_now; /* /| |\ */ /* don't let him out */
/* / \ */
if (check_seek) { /***********/
if (lseek(*fd, 0, SEEK_CUR) == (off_t)-1)
goto err_demons;
}
} /* don't release the demon */
/* don't release the demon
*/
if (st->st_nlink != 1) { /***********/
/* ( >:3 ) */
errno = ELOOP; /* /| |\ */ /* don't let him out */
goto err_demons; /* / \ */
/***********/
}
if (st->st_uid != geteuid() && /* someone else's file */
geteuid() != 0) { /* override for root */
errno = EPERM;
if (if_err(st->st_nlink != 1, ELOOP) ||
if_err(st->st_uid != geteuid() && geteuid() != 0, EPERM) ||
if_err_sys(is_owner(st) < 0) ||
if_err(st->st_mode & (S_IWGRP | S_IWOTH), EPERM))
goto err_demons;
}
if (is_owner(st) < 0)
goto err_demons;
/* world-writeable or group-ownership.
* if these are set, then others could
* modify the file (not secure)
*/
if (st->st_mode & (S_IWGRP | S_IWOTH)) {
errno = EPERM;
goto err_demons;
}
if (do_lock) {
if (lock_file(*fd, flags) == -1)
goto err_demons;
if (expected != NULL) {
if (expected != NULL)
if (fd_verify_identity(*fd, expected, &st_now) < 0)
goto err_demons;
}
}
if (fchmod(*fd, mode) == -1)
@@ -997,16 +866,12 @@ int
fd_verify_regular(int fd,
const struct stat *expected,
struct stat *out)
{
if (fd_verify_identity(fd, expected, out) < 0)
return -1;
if (!S_ISREG(out->st_mode)) {
errno = EBADF;
return -1;
}
return 0; /* regular file */
{if (
if_err_sys(fd_verify_identity(fd, expected, out) < 0) ||
if_err(!S_ISREG(out->st_mode), EBADF)
) return -1;
else
return 0; /* regular file */
}
int
@@ -1017,19 +882,11 @@ fd_verify_identity(int fd,
struct stat st_now;
int saved_errno = errno;
if (fd < 0 || expected == NULL) {
errno = EFAULT;
if( if_err(fd < 0 || expected == NULL, EFAULT) ||
if_err_sys(fstat(fd, &st_now)) ||
if_err(st_now.st_dev != expected->st_dev ||
st_now.st_ino != expected->st_ino, ESTALE))
return -1;
}
if (fstat(fd, &st_now) < 0)
return -1;
if (st_now.st_dev != expected->st_dev ||
st_now.st_ino != expected->st_ino) {
errno = ESTALE;
return -1;
}
if (out != NULL)
*out = st_now;
@@ -1045,12 +902,8 @@ fd_verify_dir_identity(int fd,
struct stat st_now;
int saved_errno = errno;
if (fd < 0 || expected == NULL) {
errno = EFAULT;
return -1;
}
if (fstat(fd, &st_now) < 0)
if (if_err(fd < 0 || expected == NULL, EFAULT) ||
if_err_sys(fstat(fd, &st_now) < 0))
return -1;
if (st_now.st_dev != expected->st_dev ||
@@ -1096,15 +949,9 @@ lock_file(int fd, int flags)
struct flock fl;
int saved_errno = errno;
if (fd < 0) {
errno = EBADF;
if (if_err(fd < 0, EBADF) ||
if_err(flags < 0, EINVAL))
goto err_lock_file;
}
if (flags < 0) {
errno = EINVAL;
goto err_lock_file;
}
memset(&fl, 0, sizeof(fl));

9
util/libreboot-utils/lib/num.c
View File

@@ -257,12 +257,9 @@ retry_urandom_read:
nr = new_nr;
off = 0;
/* to mitigate file descriptor
* injection, we do not re-use
* the same descriptor each time
*/
(void) close_on_eintr(fd);
fd = -1;
/* don't re-use same fd, to mitaget
* fd injection */
close_no_err(&fd);
}
fd = -1;

23
util/libreboot-utils/lib/state.c
View File

@@ -204,28 +204,13 @@ exit_cleanup(void)
if (x != NULL) {
f = &x->f;
if (f->gbe_fd > -1) {
if (close_on_eintr(f->gbe_fd) == -1) {
f->gbe_fd = -1;
close_err = 1;
}
f->gbe_fd = -1;
}
close_no_err(&f->gbe_fd);
close_no_err(&f->tmp_fd);
close_no_err(&f->tmp_fd);
if (f->tmp_fd > -1) {
if (close_on_eintr(f->tmp_fd) == -1) {
f->tmp_fd = -1;
close_err = 1;
}
f->tmp_fd = -1;
}
if (f->tname != NULL) {
if (f->tname != NULL)
if (unlink(f->tname) == -1)
close_err = 1;
}
f->tmp_fd = -1;
}
if (saved_errno)

5
util/libreboot-utils/nvmutil.c
View File

@@ -123,10 +123,7 @@ main(int argc, char *argv[])
if (f->io_err_gbe_bin)
err(EIO, "%s: error writing final file");
if (f->tname != NULL) {
free(f->tname);
f->tname = NULL;
}
free_if_null(&f->tname);
return EXIT_SUCCESS;
}