Re: [Motion-user] File handling code in netcam.c

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 454-5900

El s=C3=A1b, 22-10-2005 a las 12:15 +0200, Asbj=C3=B8rn escribi=C3=B3:
> Hello

Hi Asbj=C3=B8rn,

> Found some unsafe code in netcam.c :
>=20
> static void *netcam_handler_loop(void *arg)
> {
> .....
>               if (netcam->get_image(netcam) < 0) {
> 			motion_log(LOG_ERR, 0, "Error getting jpeg image");
> 			/* if FTP connection, attempt to re-connect to server */
> 			if (netcam->ftp) {
> /*----------------------------------------------------------------*/
> /*  Unsafe to close a file handle without testing it!   */
> /*----------------------------------------------------------------*/
> 				close(netcam->ftp->control_file_desc);
> 				if (ftp_connect(netcam) < 0) {
> 					motion_log(LOG_ERR, 0, "Trying to re-connect");
>=20
>                          /*    What about the control_file_desc now ? */
>                         /*  And when it call the above close() again?   *=
/
>=20
> 				}
> 			}
> 			continue;
> 		}

I don't see any "unsafe" code there , in that case close a closed file
descriptor is not a security issue , close will just return EBADF .

> In netcam_ftp.c :
>=20
>  close(ctxt->control_file_desc); ctxt->control_file_desc =3D -1; // OK se=
t to -1 =20
>  ctxt->control_file_desc =3D -1;   /* And again!  overkill */
>=20
> This code is "copied and pasted" many times:
> 	if (res !=3D 2) {
> 		close(ctxt->control_file_desc); ctxt->control_file_desc =3D -1;
> 		ctxt->control_file_desc =3D -1;
> 		return(-1);
> 	}
> ......
>=20

Thanks to see that "mistake" AFAIK it comes from the original code,
anyway will be fixed. ( or you can submit a patch ).

> Why not to do it this way by introducing this function:
>=20
> void close_fd (int *file_desc)
> {
>   if (*file_desc >=3D 0) {   /* always test before close */
>     close(*file_desc);
>     *file_desc =3D -1;   /* reset the handle */
>   }
> }

I don't see why we need that function in netcam , do you ?

> Rgds
> Asbjorn Pettersen
>=20

Cheers,
--=20
Angel Carpintero
ack ( at ) telefonica ( dot ) net

Key fingerprint =3D 3FD3 9C90 149E 7824 CECD  6BCF AC2C CA61 6EF1 B90D

"No basta saber, hay que aplicar lo que se sabe;=20
no basta querer hacerlas cosas, hay que hacerlas".

"Knowing is not enough; we must apply.=20
 Willing is not enough; we must do"

 Johann Wolfgang von Goethe