Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Date: Wed, 13 Oct 2021 10:01:52 -0400
From: Rich Felker <dalias@...c.org>
To: "(GalaxyMaster)" <galaxy@...nwall.com.au>
Cc: musl@...ts.openwall.com
Subject: Re: errno on writing to read-only files

On Wed, Oct 13, 2021 at 01:21:31AM +0000, (GalaxyMaster) wrote:
> Hello,
> 
> I am observing the following on musl and I am not sure that this is the way it
> should be:
> ===
> galaxy@...hlinux:~/musl-tests $ cat fput-to-readonly.c 
> #include <stdio.h>
> #include <errno.h>
> 
> int main() {
> 	FILE *f;
> 	int i = 0;
> 	f = fopen("fput-to-readonly.c", "r");
> 	errno = 0;
> 	i = fputs("should not be written", f);
> 	printf("i = %d (should be negative [EOF = %d])\n", i, EOF);
> 	printf("errno = %d\n", errno);
> 	return 0;
> }
> galaxy@...hlinux:~/musl-tests $ gcc -o fput-to-readonly fput-to-readonly.c 
> galaxy@...hlinux:~/musl-tests $ ./fput-to-readonly 
> i = -1 (should be negative [EOF = -1])
> errno = 0
> galaxy@...hlinux:~/musl-tests $
> ===
> 
> Logically, I would expect the errno variable to be set to something since there
> was clearly an error and the data has not been written to the destination.
> 
> Glibc returns EBADF (9) in this case:
> ===
> [galaxy@...hlinux musl-tests]$ ./fput-to-readonly 
> i = -1 (should be negative [EOF = -1])
> errno = 9
> [galaxy@...hlinux musl-tests]$
> ===
> 
> Should not we do the same?  It kind of makes sense since the descriptor we are
> asked to write to is read-only.  I think it would be just one line added to
> src/stdio/__towrite.c, something like:
> ===
> --- musl-b76f37fd5625d038141b52184956fb4b7838e9a5.orig/src/stdio/__towrite.c	2021-09-24 00:09:22.000000000 +0000
> +++ musl-b76f37fd5625d038141b52184956fb4b7838e9a5/src/stdio/__towrite.c	2021-10-13 01:16:04.713069382 +0000
> @@ -5,6 +5,7 @@ int __towrite(FILE *f)
>  	f->mode |= f->mode-1;
>  	if (f->flags & F_NOWR) {
>  		f->flags |= F_ERR;
> +		errno = EBADF;
>  		return EOF;
>  	}
>  	/* Clear read buffer (easier than summoning nasal demons) */
> ===

This is a duplicate of:
https://www.openwall.com/lists/musl/2020/10/08/1

As noted then, it's undefined behavior to call stdio functions on a
stream that's not the appropriate type. We do the check quoted above
to avoid blowing up and corrupting buffer state by trying to do the
wrong type of operation, but don't set an errno because there isn't
one specified for this (since it's UB). Arguably it would be better
and more consistent with what we do elsewhere to crash, but for
whatever reason that wasn't done.

EBADF is specified for when the underlying fd is in the wrong mode,
which is a different condition (and only can happen when you inherited
it as stdin/out/err, used fdopen, or dup2'd over an existing FILE's
fd).

Rich

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.