Make sure all functions used in libsandbox.c is declared static. Define

SB_STATIC in localdecls.h for this.  Include sandbox_futils.c rather than
linking with its object.  Hopefully this will fix bug #90153.

URL: http://bugs.gentoo.org/90153
Signed-off-by: Martin Schlemmer <azarah@gentoo.org>
Reported-by: Alexandre Rostovtsev <tetromino@gmail.com>

8 files changed, 56 insertions, 41 deletions

diff --git a/ChangeLog b/ChangeLog
index 7327221..e6371bb 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -2,6 +2,12 @@
 # Copyright 1999-2004 Gentoo Foundation; Distributed under the GPL v2
 # $Header$
 
+  23 Apr 2005; Martin Schlemmer <azarah@gentoo.org> Makefile.am, canonicalize.c,
+  getcwd.c, libsandbox.c, localdecls.h, sandbox.h, sandbox_futils.c:
+  Make sure all functions used in libsandbox.c is declared static.  Define
+  SB_STATIC in localdecls.h for this.  Include sandbox_futils.c rather than
+  linking with its object.  Hopefully this will fix bug #90153.
+
   22 Mar 2005; Martin Schlemmer <azarah@gentoo.org> libsandbox.c:
   Allow lchown a symlink in write-allowed path pointing to write-denied
   target.
diff --git a/Makefile.am b/Makefile.am
index 508edac..2d7dc18 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -10,7 +10,7 @@ AM_CPPFLAGS		= -D_GNU_SOURCE -DPIC -fPIC -D_REENTRANT \
 dist_pkgdata_DATA	= sandbox.bashrc
 
 lib_LTLIBRARIES 	= libsandbox.la
-libsandbox_la_SOURCES 	= libsandbox.c sandbox_futils.c localdecls.h
+libsandbox_la_SOURCES 	= libsandbox.c localdecls.h
 # Do not add -nostdlib or -nostartfiles, as then our constructor
 # and destructor will not be executed ...
 libsandbox_la_LDFLAGS 	= -nodefaultlibs -lc -ldl
diff --git a/canonicalize.c b/canonicalize.c
index 79a8323..ae06368 100644
--- a/canonicalize.c
+++ b/canonicalize.c
@@ -56,7 +56,7 @@
  *  
  */
 
-static char *
+SB_STATIC char *
 erealpath(const char *name, char *resolved)
 {
 	char *rpath, *dest;
diff --git a/getcwd.c b/getcwd.c
index ee809e4..870b12e 100644
--- a/getcwd.c
+++ b/getcwd.c
@@ -229,7 +229,7 @@ extern char *alloca();
    NULL, an array is allocated with `malloc'; the array is SIZE bytes long,
    unless SIZE == 0, in which case it is as big as necessary.  */
 
-GETCWD_RETURN_TYPE
+SB_STATIC GETCWD_RETURN_TYPE
 __egetcwd(buf, size)
 char *buf;
 size_t size;
@@ -472,7 +472,7 @@ lose2:
 	return NULL;
 }
 
-GETCWD_RETURN_TYPE
+SB_STATIC GETCWD_RETURN_TYPE
 egetcwd(buf, size)
 char *buf;
 size_t size;
diff --git a/libsandbox.c b/libsandbox.c
index 1b577d4..d92bbf9 100644
--- a/libsandbox.c
+++ b/libsandbox.c
@@ -140,7 +140,7 @@ void __attribute__ ((constructor)) libsb_init(void);
 void __attribute__ ((destructor)) libsb_fini(void);
 
 /* glibc modified realpath() functions */
-static char *erealpath(const char *name, char *resolved);
+static char *erealpath(const char *, char *);
 /* glibc modified getcwd() functions */
 static char *egetcwd(char *, size_t);
 
@@ -1498,5 +1498,6 @@ static int before_syscall_open_char(const char *func, const char *file, const ch
 
 #include "getcwd.c"
 #include "canonicalize.c"
+#include "sandbox_futils.c"
 
 // vim:noexpandtab noai:cindent ai
diff --git a/localdecls.h b/localdecls.h
index 0a27b50..f328062 100644
--- a/localdecls.h
+++ b/localdecls.h
@@ -40,4 +40,10 @@
 # error PATH_MAX not defined!
 #endif
 
+#ifndef OUTSIDE_LIBSANDBOX
+# define SB_STATIC static
+#else
+# define SB_STATIC
+#endif
+
 #endif
diff --git a/sandbox.h b/sandbox.h
index 6c79952..1c66871 100644
--- a/sandbox.h
+++ b/sandbox.h
@@ -10,6 +10,8 @@
 #ifndef __SANDBOX_H__
 #define __SANDBOX_H__
 
+#include "localdecls.h"
+
 /* Uncomment below to use flock instead of fcntl (POSIX way) to lock/unlock files */
 /* #define USE_FLOCK */
 
@@ -46,22 +48,22 @@
 
 #define DEFAULT_BEEP_COUNT	3
 
-char *get_sandbox_path(char *argv0);
-char *get_sandbox_lib(char *sb_path);
-char *get_sandbox_pids_file(void);
-char *get_sandbox_rc(char *sb_path);
-char *get_sandbox_log();
-char *sb_dirname(const char *path);
-int file_getmode(char *mode);
-long file_tell(int fp);
-int file_lock(int fd, int lock, char *filename);
-int file_unlock(int fd);
-int file_locktype(char *mode);
-int file_open(char *filename, char *mode, int perm_specified, ...);
-void file_close(int fd);
-long file_length(int fd);
-int file_truncate(int fd);
-int file_exist(char *filename, int checkmode);
+SB_STATIC char *get_sandbox_path(char *argv0);
+SB_STATIC char *get_sandbox_lib(char *sb_path);
+SB_STATIC char *get_sandbox_pids_file(void);
+SB_STATIC char *get_sandbox_rc(char *sb_path);
+SB_STATIC char *get_sandbox_log();
+SB_STATIC char *sb_dirname(const char *path);
+SB_STATIC int file_getmode(char *mode);
+SB_STATIC long file_tell(int fp);
+SB_STATIC int file_lock(int fd, int lock, char *filename);
+SB_STATIC int file_unlock(int fd);
+SB_STATIC int file_locktype(char *mode);
+SB_STATIC int file_open(char *filename, char *mode, int perm_specified, ...);
+SB_STATIC void file_close(int fd);
+SB_STATIC long file_length(int fd);
+SB_STATIC int file_truncate(int fd);
+SB_STATIC int file_exist(char *filename, int checkmode);
 
 #endif
 
diff --git a/sandbox_futils.c b/sandbox_futils.c
index b9ea29f..b77f550 100644
--- a/sandbox_futils.c
+++ b/sandbox_futils.c
@@ -31,13 +31,13 @@
 #include "config.h"
 
 /* BEGIN Prototypes */
-int file_security_check(char *filename);
+SB_STATIC int file_security_check(char *filename);
 /* END   Prototypes */
 
 /* glibc modified getcwd() functions */
-char *egetcwd(char *, size_t);
+SB_STATIC char *egetcwd(char *, size_t);
 
-char *get_sandbox_path(char *argv0)
+SB_STATIC char *get_sandbox_path(char *argv0)
 {
 	char path[255];
 	char *cwd = NULL;
@@ -60,7 +60,7 @@ char *get_sandbox_path(char *argv0)
 	return (sb_dirname(path));
 }
 
-char *get_sandbox_lib(char *sb_path)
+SB_STATIC char *get_sandbox_lib(char *sb_path)
 {
 	char path[255];
 
@@ -75,7 +75,7 @@ char *get_sandbox_lib(char *sb_path)
 	return (strdup(path));
 }
 
-char *get_sandbox_pids_file(void)
+SB_STATIC char *get_sandbox_pids_file(void)
 {
 	if (0 < getenv("SANDBOX_PIDS_FILE")) {
 		return (strdup(getenv("SANDBOX_PIDS_FILE")));
@@ -83,7 +83,7 @@ char *get_sandbox_pids_file(void)
 	return (strdup(PIDS_FILE));
 }
 
-char *get_sandbox_rc(char *sb_path)
+SB_STATIC char *get_sandbox_rc(char *sb_path)
 {
 	char path[255];
 
@@ -94,7 +94,7 @@ char *get_sandbox_rc(char *sb_path)
 	return (strdup(path));
 }
 
-char *get_sandbox_log()
+SB_STATIC char *get_sandbox_log()
 {
 	char path[255];
 	char *sandbox_log_env = NULL;
@@ -111,7 +111,7 @@ char *get_sandbox_log()
 }
 
 /* Obtain base directory name. Do not allow trailing / */
-char *sb_dirname(const char *path)
+SB_STATIC char *sb_dirname(const char *path)
 {
 	char *ret = NULL;
 	char *ptr = NULL;
@@ -152,7 +152,7 @@ char *sb_dirname(const char *path)
 }
 
 /*
-char* dirname(const char* path)
+SB_STATIC char* dirname(const char* path)
 {
   char* base = NULL;
   unsigned int length = 0;
@@ -176,7 +176,7 @@ char* dirname(const char* path)
 }*/
 
 /* Convert text (string) modes to integer values */
-int file_getmode(char *mode)
+SB_STATIC int file_getmode(char *mode)
 {
 	int mde = 0;
 	if (0 == strcasecmp(mode, "r+")) {
@@ -198,13 +198,13 @@ int file_getmode(char *mode)
 }
 
 /* Get current position in file */
-long file_tell(int fp)
+SB_STATIC long file_tell(int fp)
 {
 	return (lseek(fp, 0L, SEEK_CUR));
 }
 
 /* lock the file, preferrably the POSIX way */
-int file_lock(int fd, int lock, char *filename)
+SB_STATIC int file_lock(int fd, int lock, char *filename)
 {
 	int err;
 #ifdef USE_FLOCK
@@ -230,7 +230,7 @@ int file_lock(int fd, int lock, char *filename)
 }
 
 /* unlock the file, preferrably the POSIX way */
-int file_unlock(int fd)
+SB_STATIC int file_unlock(int fd)
 {
 #ifdef USE_FLOCK
 	if (flock(fd, LOCK_UN) < 0) {
@@ -255,7 +255,7 @@ int file_unlock(int fd)
 /* Auto-determine from how the file was opened, what kind of lock to lock
  * the file with
  */
-int file_locktype(char *mode)
+SB_STATIC int file_locktype(char *mode)
 {
 #ifdef USE_FLOCK
 	if (NULL != (strchr(mode, 'w')) || (NULL != strchr(mode, '+'))
@@ -273,7 +273,7 @@ int file_locktype(char *mode)
 /* Use standard fopen style modes to open the specified file.  Also auto-determines and
  * locks the file either in shared or exclusive mode depending on opening mode
  */
-int file_open(char *filename, char *mode, int perm_specified, ...)
+SB_STATIC int file_open(char *filename, char *mode, int perm_specified, ...)
 {
 	int fd;
 	char error[250];
@@ -338,7 +338,7 @@ int file_open(char *filename, char *mode, int perm_specified, ...)
 }
 
 /* Close and unlock file */
-void file_close(int fd)
+SB_STATIC void file_close(int fd)
 {
 	if (-1 != fd) {
 		file_unlock(fd);
@@ -347,7 +347,7 @@ void file_close(int fd)
 }
 
 /* Return length of file */
-long file_length(int fd)
+SB_STATIC long file_length(int fd)
 {
 	long pos, len;
 	pos = file_tell(fd);
@@ -357,7 +357,7 @@ long file_length(int fd)
 }
 
 /* Zero out file */
-int file_truncate(int fd)
+SB_STATIC int file_truncate(int fd)
 {
 	lseek(fd, 0L, SEEK_SET);
 	if (ftruncate(fd, 0) < 0) {
@@ -368,7 +368,7 @@ int file_truncate(int fd)
 }
 
 /* Check to see if a file exists Return: 1 success, 0 file not found, -1 error */
-int file_exist(char *filename, int checkmode)
+SB_STATIC int file_exist(char *filename, int checkmode)
 {
 	struct stat mystat;
 
@@ -402,7 +402,7 @@ int file_exist(char *filename, int checkmode)
 	return 1;
 }
 
-int file_security_check(char *filename)
+SB_STATIC int file_security_check(char *filename)
 {				/* 0 == fine, >0 == problem */
 	struct stat stat_buf;
 	struct group *group_buf;