=================================================================== RCS file: /cvsrepo/anoncvs/cvs/src/usr.bin/openssl/certhash.c,v retrieving revision 1.4 retrieving revision 1.5 diff -c -r1.4 -r1.5 *** src/usr.bin/openssl/certhash.c 2015/02/18 05:48:54 1.4 --- src/usr.bin/openssl/certhash.c 2015/02/22 22:29:40 1.5 *************** *** 470,490 **** } static int ! certhash_link(int dfd, struct dirent *dep, struct hashinfo **links) { struct hashinfo *hi = NULL; char target[MAXPATHLEN]; struct stat sb; int n; ! if (fstatat(dfd, dep->d_name, &sb, AT_SYMLINK_NOFOLLOW) == -1) { fprintf(stderr, "failed to stat %s\n", dep->d_name); return (-1); } if (!S_ISLNK(sb.st_mode)) return (0); ! n = readlinkat(dfd, dep->d_name, target, sizeof(target) - 1); if (n == -1) { fprintf(stderr, "failed to readlink %s\n", dep->d_name); return (-1); --- 470,490 ---- } static int ! certhash_link(struct dirent *dep, struct hashinfo **links) { struct hashinfo *hi = NULL; char target[MAXPATHLEN]; struct stat sb; int n; ! if (lstat(dep->d_name, &sb) == -1) { fprintf(stderr, "failed to stat %s\n", dep->d_name); return (-1); } if (!S_ISLNK(sb.st_mode)) return (0); ! n = readlink(dep->d_name, target, sizeof(target) - 1); if (n == -1) { fprintf(stderr, "failed to readlink %s\n", dep->d_name); return (-1); *************** *** 503,529 **** } static int ! certhash_file(int dfd, struct dirent *dep, struct hashinfo **certs, struct hashinfo **crls) { struct hashinfo *hi = NULL; int has_cert, has_crl; ! int ffd, ret = -1; BIO *bio = NULL; FILE *f; has_cert = has_crl = 0; ! if ((ffd = openat(dfd, dep->d_name, O_RDONLY)) == -1) { ! fprintf(stderr, "failed to open %s\n", dep->d_name); goto err; } - if ((f = fdopen(ffd, "r")) == NULL) { - fprintf(stderr, "failed to fdopen %s\n", dep->d_name); - goto err; - } if ((bio = BIO_new_fp(f, BIO_CLOSE)) == NULL) { fprintf(stderr, "failed to create bio\n"); goto err; } --- 503,526 ---- } static int ! certhash_file(struct dirent *dep, struct hashinfo **certs, struct hashinfo **crls) { struct hashinfo *hi = NULL; int has_cert, has_crl; ! int ret = -1; BIO *bio = NULL; FILE *f; has_cert = has_crl = 0; ! if ((f = fopen(dep->d_name, "r")) == NULL) { ! fprintf(stderr, "failed to fopen %s\n", dep->d_name); goto err; } if ((bio = BIO_new_fp(f, BIO_CLOSE)) == NULL) { fprintf(stderr, "failed to create bio\n"); + fclose(f); goto err; } *************** *** 550,557 **** err: BIO_free(bio); - if (ffd != -1) - close(ffd); return (ret); } --- 547,552 ---- *************** *** 560,577 **** certhash_directory(const char *path) { struct hashinfo *links = NULL, *certs = NULL, *crls = NULL, *link; ! int dfd = -1, ret = 0; struct dirent *dep; DIR *dip = NULL; ! if ((dfd = open(path, O_DIRECTORY)) == -1) { fprintf(stderr, "failed to open directory %s\n", path); goto err; } - if ((dip = fdopendir(dfd)) == NULL) { - fprintf(stderr, "failed to open directory %s\n", path); - goto err; - } if (certhash_config.verbose) fprintf(stdout, "scanning directory %s\n", path); --- 555,568 ---- certhash_directory(const char *path) { struct hashinfo *links = NULL, *certs = NULL, *crls = NULL, *link; ! int ret = 0; struct dirent *dep; DIR *dip = NULL; ! if ((dip = opendir(".")) == NULL) { fprintf(stderr, "failed to open directory %s\n", path); goto err; } if (certhash_config.verbose) fprintf(stdout, "scanning directory %s\n", path); *************** *** 579,589 **** /* Create lists of existing hash links, certs and CRLs. */ while ((dep = readdir(dip)) != NULL) { if (filename_is_hash(dep->d_name)) { ! if (certhash_link(dfd, dep, &links) == -1) goto err; } if (filename_is_pem(dep->d_name)) { ! if (certhash_file(dfd, dep, &certs, &crls) == -1) goto err; } } --- 570,580 ---- /* Create lists of existing hash links, certs and CRLs. */ while ((dep = readdir(dip)) != NULL) { if (filename_is_hash(dep->d_name)) { ! if (certhash_link(dep, &links) == -1) goto err; } if (filename_is_pem(dep->d_name)) { ! if (certhash_file(dep, &certs, &crls) == -1) goto err; } } *************** *** 604,610 **** "removing"), link->filename, link->target); if (certhash_config.dryrun) continue; ! if (unlinkat(dfd, link->filename, 0) == -1) { fprintf(stderr, "failed to remove link %s\n", link->filename); goto err; --- 595,601 ---- "removing"), link->filename, link->target); if (certhash_config.dryrun) continue; ! if (unlink(link->filename) == -1) { fprintf(stderr, "failed to remove link %s\n", link->filename); goto err; *************** *** 622,629 **** link->reference->filename); if (certhash_config.dryrun) continue; ! if (symlinkat(link->reference->filename, dfd, ! link->filename) == -1) { fprintf(stderr, "failed to create link %s -> %s\n", link->filename, link->reference->filename); goto err; --- 613,619 ---- link->reference->filename); if (certhash_config.dryrun) continue; ! if (symlink(link->reference->filename, link->filename) == -1) { fprintf(stderr, "failed to create link %s -> %s\n", link->filename, link->reference->filename); goto err; *************** *** 642,650 **** if (dip != NULL) closedir(dip); - else if (dfd != -1) - close(dfd); - return (ret); } --- 632,637 ---- *************** *** 661,667 **** certhash_main(int argc, char **argv) { int argsused; ! int i, ret = 0; memset(&certhash_config, 0, sizeof(certhash_config)); --- 648,654 ---- certhash_main(int argc, char **argv) { int argsused; ! int i, cwdfd, ret = 0; memset(&certhash_config, 0, sizeof(certhash_config)); *************** *** 670,677 **** return (1); } ! for (i = argsused; i < argc; i++) ret |= certhash_directory(argv[i]); return (ret); } --- 657,683 ---- return (1); } ! if ((cwdfd = open(".", O_DIRECTORY)) == -1) { ! perror("failed to open current directory"); ! return (1); ! } ! ! for (i = argsused; i < argc; i++) { ! if (chdir(argv[i]) == -1) { ! fprintf(stderr, ! "failed to change to directory %s: %s\n", ! argv[i], strerror(errno)); ! ret = 1; ! continue; ! } ret |= certhash_directory(argv[i]); + if (fchdir(cwdfd) == -1) { + perror("failed to restore current directory"); + ret = 1; + break; /* can't continue safely */ + } + } + close(cwdfd); return (ret); }