clean up, bugfixes, and general improvement for shm_open/shm_unlink

1. don't make non-cloexec file descriptors
2. cancellation safety (cleanup handlers were missing, now unneeded)
3. share name validation/mapping code between open/unlink functions
4. avoid wasteful/slow syscalls

1 files changed, 28 insertions, 9 deletions

diff --git a/src/mman/shm_open.c b/src/mman/shm_open.c
index d368622d..a9be899b 100644
--- a/src/mman/shm_open.c
+++ b/src/mman/shm_open.c
@@ -3,19 +3,38 @@
 #include <fcntl.h>
 #include <unistd.h>
 #include <string.h>
+#include <limits.h>
 
-int shm_open(const char *name, int flag, mode_t mode)
-{
-	int fd, dir;
+char *__strchrnul(const char *, int);
 
+static const char *mapname(const char *name, char *buf)
+{
+	char *p;
 	while (*name == '/') name++;
-	if (strchr(name, '/')) {
+	if (*(p = __strchrnul(name, '/')) || p==name ||
+	    (p-name <= 2 && name[0]=='.' && p[-1]=='.')) {
 		errno = EINVAL;
-		return -1;
+		return 0;
 	}
+	if (p-name > NAME_MAX) {
+		errno = ENAMETOOLONG;
+		return 0;
+	}
+	memcpy(buf, "/dev/shm/", 9);
+	memcpy(buf+9, name, p-name+1);
+	return buf;
+}
 
-	if ((dir = open("/dev/shm", O_DIRECTORY|O_RDONLY)) < 0) return -1;
-	fd = openat(dir, name, flag|O_NOFOLLOW|O_CLOEXEC|O_NONBLOCK, mode);
-	close(dir);
-	return fd;
+int shm_open(const char *name, int flag, mode_t mode)
+{
+	char buf[NAME_MAX+10];
+	if (!(name = mapname(name, buf))) return -1;
+	return open(name, flag|O_NOFOLLOW|O_CLOEXEC|O_NONBLOCK, mode);
+}
+
+int shm_unlink(const char *name)
+{
+	char buf[NAME_MAX+10];
+	if (!(name = mapname(name, buf))) return -1;
+	return unlink(name);
 }