- debug.c: fix memory leak of out buffer on opendir failure in
debug_fds. After fclose on open_memstream, the out buffer is
allocated and must be freed.
- file.c: add missing reply_with_perror on strdup failure in
do_zfile, so callers get a proper error message instead of
silent NULL return.
- blkid.c: fix wrong error variable used at command_failed label
in test_blkid_p_i_opt. The second commandr stores its error in
err2, but goto command_failed would report err from the first
command. Inline the error reporting with the correct variable.
Co-authored-by: Claude <noreply@anthropic.com>
Run this command across the source:
perl -pi.bak -e 's/(20[012][0-9])-20[12][012]/$1-2023/g' `git ls-files`
and remove changes to po{,-docs}/*.po{,t} (these will be regenerated
later when we run 'make dist').
We have traditionally used custom printf formatters %Q and %R, where
%Q replaces the argument with a shell-quoted string, and %R replaces
the argument with a sysroot-prefixed shell-quoted string. They are
actually pretty useful, but unfortunately only supported by glibc.
We only used them in about a dozen places in the daemon (much code
having been replaced by OCaml which does not need them).
In every remaining case we were constructing a command using code like
this:
asprintf_nowarn (&cmd,
"cd %Q && find -print0 | %s -0 -o -H %s --quiet", ...);
We can replace this with:
char *cmd;
size_t cmd_size;
fp = open_memstream (&cmd, &cmd_size);
fprintf (fp, "cd ");
shell_quote (dir, fp);
fprintf (fp, " && find -print0 | %s -0 -o -H %s --quiet", ...);
fclose (fp);
GUESTFSD_EXT_CMD was used by OpenSUSE to track which external commands
are run by the daemon and package those commands into the appliance.
It is no longer used by recent SUSE builds, so remove it.
Thanks: Pino Toscano, Olaf Hering.
Run the following command over the source:
perl -pi.bak -e 's/(20[01][0-9])-2016/$1-2017/g' `git ls-files`
(Thanks Rich for the perl snippet, as used in past years.)
Updating gnulib has caused -Wformat-signedness to be enabled. This
has revealed many problems in C format strings. The fixes here fall
into the following main categories:
- Using %d with an unsigned parameter.
- %x and %o expect an unsigned argument.
- uid_t and gid_t are unsigned on Linux. The safe way to print these
is to cast them to uintmax_t and then print them using the %ju
modifier (see http://stackoverflow.com/a/1401581).
- Using %d to print an enum. Since enums may be either char or int,
I fixed this by casting the enum to int.
- strtol_error & lzma_ret are both unsigned types.
When you call close on any block device, udev kicks off a rule which
runs blkid to reexamine the device. We need to wait for this rule to
finish running since it holds the device open and can cause other
operations to fail, notably mkfs.
(cherry picked from commit a9c8123c72)
Code like:
CLEANUP_FREE char *buf;
/* some code which might return early */
buf = malloc (10);
is a potential bug because the free (*buf) might be called when buf is
an uninitialized pointer. Initialize buf = NULL to avoid this.
Several of these are bugs, most are not bugs (because there is no
early return statement before the variable gets initialized).
However the compiler can elide the initialization, and even if it does
not the performance "penalty" is miniscule, and correctness is better.
guestfsd calls many different tools. Keeping track of all of them is
error prone. This patch introduces a new helper macro to put the command
string into its own ELF section:
GUESTFSD_EXT_CMD(C_variable, command_name);
This syntax makes it still possible to grep for used command names.
The actual usage of the collected list could be like this:
objcopy -j .guestfsd_ext_cmds -O binary daemon/guestfsd /dev/stdout |
tr '\0' '\n' | sort -u
The resulting output will be used to tell mkinitrd which programs to
copy into the initrd.
Signed-off-by: Olaf Hering <olaf@aepfle.de>
RWMJ:
- Move str_vgchange at request of author.
- Fix snprintf call in daemon/debug.c
Note that we keep the old daemon calls, but rename them as
"internal_write" and "internal_write_append". This lets us implement
the new library-side calls more efficiently in the common case when
the uploaded content is smaller than the message buffer. In most
cases the new calls won't end up using a temporary file.
The presumption is that all file descriptors should be created with
the close-on-exec flag set. The only exception are file descriptors
that we want passed through to exec'd subprocesses (mainly pipes and
stdin/stdout/stderr).
For open calls, we pass O_CLOEXEC as an extra flag, eg:
fd = open ("foo", O_RDONLY|O_CLOEXEC);
This is a Linux-ism, but using a macro we can easily make it portable.
For sockets, similarly:
sock = socket (..., SOCK_STREAM|SOCK_CLOEXEC, ...);
For accepted sockets, we use the Linux accept4 system call which
allows flags to be supplied, but we use the Gnulib 'accept4' module to
make this portable.
For dup, dup2, we use the Linux dup3 system call, and the Gnulib
modules 'dup3' and 'cloexec'.
Previously a lot of daemon code used three variables (a string list,
'int size' and 'int alloc') to track growable strings buffers. This
commit implements a simple struct containing the same variables, but
using size_t instead of int:
struct stringsbuf {
char **argv;
size_t size;
size_t alloc;
};
Use it like this:
DECLARE_STRINGSBUF (ret);
//...
if (add_string (&ret, str) == -1)
return NULL;
//...
if (end_stringsbuf (&ret) == -1)
return NULL;
return ret.argv;
When you call close on any block device, udev kicks off a rule which
runs blkid to reexamine the device. We need to wait for this rule to
finish running since it holds the device open and can cause other
operations to fail, notably BLKRRPART.
Previous commit 4df593496e broke the
"file" command on logical volume paths, since these are symbolic
links. We *should* follow these (only).
This inadvertantly broke virt-inspector too, which indicates that
we need more regression testing in this area. Since carrying whole
Fedora images around could make the distribution even larger than
now, I'm not sure at the moment how to do this.
Thanks to Matt Booth for diagnosing this bug.
The file call can hang if called on char devices (because we are
using the file -s option).
This is hard to solve cleanly without adding another file API.
However this restricts file to regular files, unless called explicitly
with a /dev/ path. For non-regular files, it will now return a
string like "directory".
There is a small semantic change for symbolic links. Previously
it would not have worked at all on absolute links (or rather, the
results would have been undefined). It would have treated relative
symlinks to regular files as the regular file itself. Now it will
return the string "symbolic link" in both cases.
This commit also makes the API safe when called on untrusted
filesystems. Previously a filesystem might have been set up so
that (eg) /etc/redhat-release was a char device, which would have
caused virt-inspector and virt-v2v to hang. Now it will not hang.
path = path to access file (/sysroot/.. or /dev/..)
display_path = original path, saved so we can display it
buf = optional buffer which is freed along return codepaths
There should be no change to the semantics of the code.
