io: always pass O_NONBLOCK to open()

Opening a FIFO may block indefinitely (until a writer connects). This is dangerous because it may be a DoS vulnerability in many programs that do not expect open() to block. This obsoletes the method FileDescriptor::OpenNonBlocking() which wasn't used anyway.
MusicPlayerDaemon · Jan 1, 2025 · 14e1337 · 14e1337
1 parent 2114449
commit 14e1337
Show file tree

Hide file tree

Showing 2 changed files with 10 additions and 24 deletions.
diff --git a/src/io/FileDescriptor.cxx b/src/io/FileDescriptor.cxx
@@ -24,6 +24,13 @@
 #define O_CLOEXEC 0
 #endif
 
+/* this library implies the O_NONBLOCK in all open() calls to avoid
+   blocking the caller when a FIFO is opened; this may not only affect
+   the open() call but also other operations like mandatory locking */
+#ifndef O_NONBLOCK
+#define O_NONBLOCK 0
+#endif
+
 #ifndef _WIN32
 
 bool
@@ -61,7 +68,7 @@ bool
 FileDescriptor::Open(FileDescriptor dir, const char *pathname,
 		     int flags, mode_t mode) noexcept
 {
-	fd = ::openat(dir.Get(), pathname, flags | O_NOCTTY | O_CLOEXEC, mode);
+	fd = ::openat(dir.Get(), pathname, flags | O_NOCTTY | O_CLOEXEC | O_NONBLOCK, mode);
 	return IsDefined();
 }
 
@@ -70,7 +77,7 @@ FileDescriptor::Open(FileDescriptor dir, const char *pathname,
 bool
 FileDescriptor::Open(const char *pathname, int flags, mode_t mode) noexcept
 {
-	fd = ::open(pathname, flags | O_NOCTTY | O_CLOEXEC, mode);
+	fd = ::open(pathname, flags | O_NOCTTY | O_CLOEXEC | O_NONBLOCK, mode);
 	return IsDefined();
 }
 
@@ -79,7 +86,7 @@ FileDescriptor::Open(const char *pathname, int flags, mode_t mode) noexcept
 bool
 FileDescriptor::Open(const wchar_t *pathname, int flags, mode_t mode) noexcept
 {
-	fd = ::_wopen(pathname, flags | O_NOCTTY | O_CLOEXEC, mode);
+	fd = ::_wopen(pathname, flags | O_NOCTTY | O_CLOEXEC | O_NONBLOCK, mode);
 	return IsDefined();
 }
 
@@ -99,20 +106,6 @@ FileDescriptor::OpenReadOnly(FileDescriptor dir, const char *pathname) noexcept
 	return Open(dir, pathname, O_RDONLY);
 }
 
-#endif // __linux__
-
-#ifndef _WIN32
-
-bool
-FileDescriptor::OpenNonBlocking(const char *pathname) noexcept
-{
-	return Open(pathname, O_RDWR | O_NONBLOCK);
-}
-
-#endif
-
-#ifdef __linux__
-
 bool
 FileDescriptor::CreatePipe(FileDescriptor &r, FileDescriptor &w,
 			   int flags) noexcept

diff --git a/src/io/FileDescriptor.hxx b/src/io/FileDescriptor.hxx
@@ -115,14 +115,7 @@ public:
 	[[nodiscard]]
 	bool OpenReadOnly(FileDescriptor dir,
 			  const char *pathname) noexcept;
-#endif
-
-#ifndef _WIN32
-	[[nodiscard]]
-	bool OpenNonBlocking(const char *pathname) noexcept;
-#endif
 
-#ifdef __linux__
 	[[nodiscard]]
 	static bool CreatePipe(FileDescriptor &r, FileDescriptor &w,
 			       int flags) noexcept;