+#include <fcntl.h>
+#include <unistd.h>
+#include <errno.h>
+#include <string.h>
+#include <spawn.h>
#include "stdio_impl.h"
#include "syscall.h"
-static inline void nc_close(int fd)
-{
- __syscall(SYS_close, fd);
-}
-#define close(x) nc_close(x)
+extern char **__environ;
FILE *popen(const char *cmd, const char *mode)
{
- int p[2];
- int op;
+ int p[2], op, e;
pid_t pid;
FILE *f;
- const char *modes = "rw", *mi = strchr(modes, *mode);
+ posix_spawn_file_actions_t fa;
- if (mi) {
- op = mi-modes;
+ if (*mode == 'r') {
+ op = 0;
+ } else if (*mode == 'w') {
+ op = 1;
} else {
errno = EINVAL;
return 0;
}
- if (pipe(p)) return NULL;
+ if (pipe2(p, O_CLOEXEC)) return NULL;
f = fdopen(p[op], mode);
if (!f) {
- close(p[0]);
- close(p[1]);
+ __syscall(SYS_close, p[0]);
+ __syscall(SYS_close, p[1]);
return NULL;
}
-
- pid = fork();
- switch (pid) {
- case -1:
- fclose(f);
- close(p[0]);
- close(p[1]);
- return NULL;
- case 0:
- if (dup2(p[1-op], 1-op) < 0) _exit(127);
- if (p[0] != 1-op) close(p[0]);
- if (p[1] != 1-op) close(p[1]);
- execl("/bin/sh", "sh", "-c", cmd, (char *)0);
- _exit(127);
+ FLOCK(f);
+
+ /* If the child's end of the pipe happens to already be on the final
+ * fd number to which it will be assigned (either 0 or 1), it must
+ * be moved to a different fd. Otherwise, there is no safe way to
+ * remove the close-on-exec flag in the child without also creating
+ * a file descriptor leak race condition in the parent. */
+ if (p[1-op] == 1-op) {
+ int tmp = fcntl(F_DUPFD_CLOEXEC, 1-op, 0);
+ if (tmp < 0) {
+ e = errno;
+ goto fail;
+ }
+ __syscall(SYS_close, p[1-op]);
+ p[1-op] = tmp;
+ }
+
+ e = ENOMEM;
+ if (!posix_spawn_file_actions_init(&fa)) {
+ if (!posix_spawn_file_actions_adddup2(&fa, p[1-op], 1-op)) {
+ if (!(e = posix_spawn(&pid, "/bin/sh", &fa, 0,
+ (char *[]){ "sh", "-c", (char *)cmd, 0 }, __environ))) {
+ posix_spawn_file_actions_destroy(&fa);
+ f->pipe_pid = pid;
+ if (!strchr(mode, 'e'))
+ fcntl(p[op], F_SETFD, 0);
+ __syscall(SYS_close, p[1-op]);
+ FUNLOCK(f);
+ return f;
+ }
+ }
+ posix_spawn_file_actions_destroy(&fa);
}
- close(p[1-op]);
- f->pipe_pid = pid;
- return f;
+fail:
+ fclose(f);
+ __syscall(SYS_close, p[1-op]);
+
+ errno = e;
+ return 0;
}