build: consistently use freopen-safer

cat, head, ptx, shuf, tac, tail, tee, tr, and uniq used freopen on stdout, and were potentially vulnerable. dircolors, du, and tsort only used it on stdin, which is unaffected by freopen_safer, but this covers all uses for consistency. * cfg.mk (sc_require_stdio_safer): New rule. * gl/modules/xfreopen (Depends-on): Add freopen-safer. * gl/lib/xfreopen.c (includes): Use stdio--.h. * src/ptx.c (includes): Likewise. * src/shuf.c (includes): Likewise. * src/uniq.c (includes): Likewise. * src/dircolors.c (includes): Likewise. * src/du.c (includes): Likewise. * src/tsort.c (includes): Likewise.
2026-02-12 02:12:06 +02:00 · 2009-11-05 16:48:09 -07:00
parent c768e2231b
commit 56b85e035b
9 changed files with 20 additions and 6 deletions
--- a/cfg.mk
+++ b/cfg.mk
@@ -237,4 +237,16 @@ sc_prohibit_fail_0:
 	msg='fail=0 initialization'					\
 	  $(_prohibit_regexp)

+# Ensure that "stdio--.h" is used where appropriate.
+sc_require_stdio_safer:
+	@if $(VC_LIST_EXCEPT) | grep -l '\.[ch]$$' > /dev/null; then	\
+	  files=$$(grep -l '\bfreopen \?(' $$($(VC_LIST_EXCEPT)		\
+	      | grep '\.[ch]$$'));					\
+	  test -n "$$files" && grep -LE 'include "stdio--.h"' $$files	\
+	      | grep . &&						\
+	  { echo '$(ME): the above files should use "stdio--.h"'	\
+		1>&2; exit 1; } || :;					\
+	else :;								\
+	fi
+
 include $(srcdir)/dist-check.mk
--- a/gl/lib/xfreopen.c
+++ b/gl/lib/xfreopen.c
@@ -21,6 +21,7 @@
 #include "error.h"
 #include "exitfail.h"
 #include "quote.h"
+#include "stdio--.h"

 #include "gettext.h"
 #define _(msgid) gettext (msgid)
--- a/gl/modules/xfreopen
+++ b/gl/modules/xfreopen
@@ -8,6 +8,7 @@ lib/xfreopen.h
 Depends-on:
 error
 exitfail
+freopen-safer
 quote

 configure.ac:
--- a/src/dircolors.c
+++ b/src/dircolors.c
@@ -19,7 +19,6 @@

 #include <sys/types.h>
 #include <getopt.h>
-#include <stdio.h>

 #include "system.h"
 #include "dircolors.h"
@@ -27,6 +26,7 @@
 #include "error.h"
 #include "obstack.h"
 #include "quote.h"
+#include "stdio--.h"
 #include "xstrndup.h"

 /* The official name of this program (e.g., no `g' prefix).  */
--- a/src/du.c
+++ b/src/du.c
@@ -24,7 +24,6 @@
   Rewritten to use nftw, then to use fts by Jim Meyering.  */

 #include <config.h>
-#include <stdio.h>
 #include <getopt.h>
 #include <sys/types.h>
 #include <assert.h>
@@ -40,6 +39,7 @@
 #include "quotearg.h"
 #include "same.h"
 #include "stat-time.h"
+#include "stdio--.h"
 #include "xfts.h"
 #include "xstrtol.h"

--- a/src/ptx.c
+++ b/src/ptx.c
@@ -19,7 +19,6 @@

 #include <config.h>

-#include <stdio.h>
 #include <getopt.h>
 #include <sys/types.h>
 #include "system.h"
@@ -29,6 +28,7 @@
 #include "quote.h"
 #include "quotearg.h"
 #include "regex.h"
+#include "stdio--.h"
 #include "xstrtol.h"

 /* The official name of this program (e.g., no `g' prefix).  */
--- a/src/shuf.c
+++ b/src/shuf.c
@@ -19,7 +19,6 @@

 #include <config.h>

-#include <stdio.h>
 #include <sys/types.h>
 #include "system.h"

@@ -29,6 +28,7 @@
 #include "quotearg.h"
 #include "randint.h"
 #include "randperm.h"
+#include "stdio--.h"
 #include "xstrtol.h"

 /* The official name of this program (e.g., no `g' prefix).  */
--- a/src/tsort.c
+++ b/src/tsort.c
@@ -22,7 +22,6 @@

 #include <config.h>

-#include <stdio.h>
 #include <assert.h>
 #include <getopt.h>
 #include <sys/types.h>
@@ -32,6 +31,7 @@
 #include "error.h"
 #include "quote.h"
 #include "readtokens.h"
+#include "stdio--.h"

 /* The official name of this program (e.g., no `g' prefix).  */
 #define PROGRAM_NAME "tsort"
--- a/src/uniq.c
+++ b/src/uniq.c
@@ -18,7 +18,6 @@

 #include <config.h>

-#include <stdio.h>
 #include <getopt.h>
 #include <sys/types.h>

@@ -29,6 +28,7 @@
 #include "hard-locale.h"
 #include "posixver.h"
 #include "quote.h"
+#include "stdio--.h"
 #include "xmemcoll.h"
 #include "xstrtol.h"
 #include "memcasecmp.h"