common,kbx,tests: Clean up the PIPE function API.

* common/call-gpg.c (_gpg_encrypt, _gpg_decrypt): Simply, use
gnupg_create_pipe.
* tests/gpgscm/ffi.c (do_inbound_pipe): Likewise.
* common/exechelp.h (gnupg_create_inbound_pipe): Use gnupg_fd_t
for native pipe descriptor and don't expose other end of pipe.
(gnupg_create_outbound_pipe): Ditto.
* common/exechelp-posix.c (create_pipe_and_estream): Clean up.
(gnupg_create_inbound_pipe): Fail if R_FD or R_FP is NULL.
(gnupg_create_outbound_pipe: Ditto.
* common/exechelp-w32.c (create_pipe_and_estream): Clean up.
(gnupg_create_inbound_pipe): Fail if R_FD or R_FP is NULL.
(gnupg_create_outbound_pipe: Ditto.
(gnupg_create_pipe): Move the code from original
create_pipe_and_estream to call _open_osfhandle.
* common/exectool.c (gnupg_exec_tool_stream): Follow the change of
API.
* kbx/kbx-client-util.c (prepare_data_pipe): Likewise.

--

GnuPG-bug-id: 7194
Signed-off-by: NIIBE Yutaka <[email protected]>

5 files changed, 122 insertions, 102 deletions

diff --git a/common/call-gpg.c b/common/call-gpg.c
index a4723ca43..8c69a0c9a 100644
--- a/common/call-gpg.c
+++ b/common/call-gpg.c
@@ -29,6 +29,7 @@
 #include <time.h>
 
 #include "call-gpg.h"
+#include "sysutils.h"
 #include "exechelp.h"
 #include "i18n.h"
 #include "logging.h"
@@ -428,9 +429,9 @@ _gpg_encrypt (ctrl_t ctrl,
   assert ((reader_mb == NULL) != (cipher_stream == NULL));
 
   /* Create two pipes.  */
-  err = gnupg_create_outbound_pipe (outbound_fds, NULL, 0);
+  err = gnupg_create_pipe (outbound_fds);
   if (!err)
-    err = gnupg_create_inbound_pipe (inbound_fds, NULL, 0);
+    err = gnupg_create_pipe (inbound_fds);
   if (err)
     {
       log_error (_("error creating a pipe: %s\n"), gpg_strerror (err));
@@ -612,9 +613,9 @@ _gpg_decrypt (ctrl_t ctrl,
   assert ((reader_mb == NULL) != (plain_stream == NULL));
 
   /* Create two pipes.  */
-  err = gnupg_create_outbound_pipe (outbound_fds, NULL, 0);
+  err = gnupg_create_pipe (outbound_fds);
   if (!err)
-    err = gnupg_create_inbound_pipe (inbound_fds, NULL, 0);
+    err = gnupg_create_pipe (inbound_fds);
   if (err)
     {
       log_error (_("error creating a pipe: %s\n"), gpg_strerror (err));
diff --git a/common/exechelp-posix.c b/common/exechelp-posix.c
index b78439dca..2c7cb2adf 100644
--- a/common/exechelp-posix.c
+++ b/common/exechelp-posix.c
@@ -283,24 +283,31 @@ do_create_pipe (int filedes[2])
 
 
 static gpg_error_t
-create_pipe_and_estream (int filedes[2], estream_t *r_fp,
+create_pipe_and_estream (gnupg_fd_t *r_fd, estream_t *r_fp,
                          int outbound, int nonblock)
 {
   gpg_error_t err;
+  int filedes[2];
 
   if (pipe (filedes) == -1)
     {
       err = my_error_from_syserror ();
       log_error (_("error creating a pipe: %s\n"), gpg_strerror (err));
-      filedes[0] = filedes[1] = -1;
+      *r_fd = -1;
       *r_fp = NULL;
       return err;
     }
 
   if (!outbound)
-    *r_fp = es_fdopen (filedes[0], nonblock? "r,nonblock" : "r");
+    {
+      *r_fd = filedes[1];
+      *r_fp = es_fdopen (filedes[0], nonblock? "r,nonblock" : "r");
+    }
   else
-    *r_fp = es_fdopen (filedes[1], nonblock? "w,nonblock" : "w");
+    {
+      *r_fd = filedes[0];
+      *r_fp = es_fdopen (filedes[1], nonblock? "w,nonblock" : "w");
+    }
   if (!*r_fp)
     {
       err = my_error_from_syserror ();
@@ -308,7 +315,7 @@ create_pipe_and_estream (int filedes[2], estream_t *r_fp,
                  gpg_strerror (err));
       close (filedes[0]);
       close (filedes[1]);
-      filedes[0] = filedes[1] = -1;
+      *r_fd = -1;
       return err;
     }
   return 0;
@@ -316,28 +323,28 @@ create_pipe_and_estream (int filedes[2], estream_t *r_fp,
 
 
 /* Portable function to create a pipe.  Under Windows the write end is
-   inheritable.  If R_FP is not NULL, an estream is created for the
-   read end and stored at R_FP.  */
+   inheritable.  Pipe is created and the read end is stored at R_FD.
+   An estream is created for the write end and stored at R_FP.  */
 gpg_error_t
-gnupg_create_inbound_pipe (int filedes[2], estream_t *r_fp, int nonblock)
+gnupg_create_inbound_pipe (gnupg_fd_t *r_fd, estream_t *r_fp, int nonblock)
 {
-  if (r_fp)
-    return create_pipe_and_estream (filedes, r_fp, 0, nonblock);
-  else
-    return do_create_pipe (filedes);
+  if (!r_fd || !r_fp)
+    gpg_error (GPG_ERR_INV_ARG);
+
+  return create_pipe_and_estream (r_fd, r_fp, 0, nonblock);
 }
 
 
 /* Portable function to create a pipe.  Under Windows the read end is
-   inheritable.  If R_FP is not NULL, an estream is created for the
-   write end and stored at R_FP.  */
+   inheritable.  Pipe is created and the write end is stored at R_FD.
+   An estream is created for the write end and stored at R_FP.  */
 gpg_error_t
-gnupg_create_outbound_pipe (int filedes[2], estream_t *r_fp, int nonblock)
+gnupg_create_outbound_pipe (gnupg_fd_t *r_fd, estream_t *r_fp, int nonblock)
 {
-  if (r_fp)
-    return create_pipe_and_estream (filedes, r_fp, 1, nonblock);
-  else
-    return do_create_pipe (filedes);
+  if (!r_fd || !r_fp)
+    gpg_error (GPG_ERR_INV_ARG);
+
+  return create_pipe_and_estream (r_fd, r_fp, 1, nonblock);
 }
 
 
diff --git a/common/exechelp-w32.c b/common/exechelp-w32.c
index 51d6920bd..0c8314296 100644
--- a/common/exechelp-w32.c
+++ b/common/exechelp-w32.c
@@ -223,85 +223,72 @@ create_inheritable_pipe (HANDLE filedes[2], int flags)
 
 
 static gpg_error_t
-create_pipe_and_estream (int filedes[2], int flags,
+create_pipe_and_estream (gnupg_fd_t *r_fd, int flags,
                          estream_t *r_fp, int outbound, int nonblock)
 {
   gpg_error_t err = 0;
-  HANDLE fds[2];
   es_syshd_t syshd;
+  gnupg_fd_t fds[2];
 
-  filedes[0] = filedes[1] = -1;
-  err = my_error (GPG_ERR_GENERAL);
-  if (!create_inheritable_pipe (fds, flags))
+  if (create_inheritable_pipe (fds, flags) < 0)
     {
-      filedes[0] = _open_osfhandle (handle_to_fd (fds[0]), O_RDONLY);
-      if (filedes[0] == -1)
-        {
-          log_error ("failed to translate osfhandle %p\n", fds[0]);
-          CloseHandle (fds[1]);
-        }
-      else
-        {
-          filedes[1] = _open_osfhandle (handle_to_fd (fds[1]), O_APPEND);
-          if (filedes[1] == -1)
-            {
-              log_error ("failed to translate osfhandle %p\n", fds[1]);
-              close (filedes[0]);
-              filedes[0] = -1;
-              CloseHandle (fds[1]);
-            }
-          else
-            err = 0;
-        }
+      err = my_error_from_syserror ();
+      log_error (_("error creating a pipe: %s\n"), gpg_strerror (err));
+      *r_fd = GNUPG_INVALID_FD;
+      *r_fp = NULL;
+      return err;
     }
 
-  if (! err && r_fp)
+  syshd.type = ES_SYSHD_HANDLE;
+  if (!outbound)
     {
-      syshd.type = ES_SYSHD_HANDLE;
-      if (!outbound)
-        {
-          syshd.u.handle = fds[0];
-          *r_fp = es_sysopen (&syshd, nonblock? "r,nonblock" : "r");
-        }
-      else
-        {
-          syshd.u.handle = fds[1];
-          *r_fp = es_sysopen (&syshd, nonblock? "w,nonblock" : "w");
-        }
-      if (!*r_fp)
-        {
-          err = my_error_from_syserror ();
-          log_error (_("error creating a stream for a pipe: %s\n"),
-                     gpg_strerror (err));
-          close (filedes[0]);
-          close (filedes[1]);
-          filedes[0] = filedes[1] = -1;
-          return err;
-        }
+      syshd.u.handle = fds[0];
+      *r_fd = fds[1];
+      *r_fp = es_sysopen (&syshd, nonblock? "r,nonblock" : "r");
+    }
+  else
+    {
+      syshd.u.handle = fds[1];
+      *r_fd = fds[0];
+      *r_fp = es_sysopen (&syshd, nonblock? "w,nonblock" : "w");
+    }
+  if (!*r_fp)
+    {
+      err = my_error_from_syserror ();
+      log_error (_("error creating a stream for a pipe: %s\n"),
+                 gpg_strerror (err));
+      CloseHandle (fds[0]);
+      CloseHandle (fds[1]);
+      *r_fd = GNUPG_INVALID_FD;
+      return err;
     }
 
-  return err;
+  return 0;
 }
 
 /* Portable function to create a pipe.  Under Windows the write end is
-   inheritable.  If R_FP is not NULL, an estream is created for the
-   read end and stored at R_FP.  */
+   inheritable.  Pipe is created and the read end is stored at R_FD.
+   An estream is created for the write end and stored at R_FP.  */
 gpg_error_t
-gnupg_create_inbound_pipe (int filedes[2], estream_t *r_fp, int nonblock)
+gnupg_create_inbound_pipe (gnupg_fd_t *r_fd, estream_t *r_fp, int nonblock)
 {
-  return create_pipe_and_estream (filedes, INHERIT_WRITE,
-                                  r_fp, 0, nonblock);
+  if (!r_fd || !r_fp)
+    gpg_error (GPG_ERR_INV_ARG);
+
+  return create_pipe_and_estream (r_fd, INHERIT_WRITE, r_fp, 0, nonblock);
 }
 
 
 /* Portable function to create a pipe.  Under Windows the read end is
-   inheritable.  If R_FP is not NULL, an estream is created for the
-   write end and stored at R_FP.  */
+   inheritable.  Pipe is created and the write end is stored at R_FD.
+   An estream is created for the write end and stored at R_FP.  */
 gpg_error_t
-gnupg_create_outbound_pipe (int filedes[2], estream_t *r_fp, int nonblock)
+gnupg_create_outbound_pipe (gnupg_fd_t *r_fd, estream_t *r_fp, int nonblock)
 {
-  return create_pipe_and_estream (filedes, INHERIT_READ,
-                                  r_fp, 1, nonblock);
+  if (!r_fd || !r_fp)
+    gpg_error (GPG_ERR_INV_ARG);
+
+  return create_pipe_and_estream (r_fd, INHERIT_READ, r_fp, 1, nonblock);
 }
 
 
@@ -310,8 +297,37 @@ gnupg_create_outbound_pipe (int filedes[2], estream_t *r_fp, int nonblock)
 gpg_error_t
 gnupg_create_pipe (int filedes[2])
 {
-  return create_pipe_and_estream (filedes, INHERIT_BOTH,
-                                  NULL, 0, 0);
+  gnupg_fd_t fds[2];
+  gpg_error_t err = 0;
+
+  if (create_inheritable_pipe (fds, INHERIT_BOTH) < 0)
+    return my_error_from_syserror ();
+
+  filedes[0] = _open_osfhandle (handle_to_fd (fds[0]), O_RDONLY);
+  if (filedes[0] == -1)
+    {
+      log_error ("failed to translate osfhandle %p\n", fds[0]);
+      CloseHandle (fds[0]);
+      CloseHandle (fds[1]);
+      filedes[1] = -1;
+      err = my_error (GPG_ERR_GENERAL);
+    }
+  else
+    {
+      filedes[1] = _open_osfhandle (handle_to_fd (fds[1]), O_APPEND);
+      if (filedes[1] == -1)
+        {
+          log_error ("failed to translate osfhandle %p\n", fds[1]);
+          close (filedes[0]);
+          filedes[0] = -1;
+          CloseHandle (fds[1]);
+          err = my_error (GPG_ERR_GENERAL);
+        }
+      else
+        err = 0;
+    }
+
+  return err;
 }
 
 
diff --git a/common/exechelp.h b/common/exechelp.h
index be7119357..d2aac4b39 100644
--- a/common/exechelp.h
+++ b/common/exechelp.h
@@ -54,15 +54,15 @@ int *get_all_open_fds (void);
 
 
 /* Portable function to create a pipe.  Under Windows the write end is
-   inheritable.  If R_FP is not NULL, an estream is created for the
-   write end and stored at R_FP.  */
-gpg_error_t gnupg_create_inbound_pipe (int filedes[2],
+   inheritable.  Pipe is created and the read end is stored at R_FD.
+   An estream is created for the write end and stored at R_FP.  */
+gpg_error_t gnupg_create_inbound_pipe (gnupg_fd_t *r_fd,
                                        estream_t *r_fp, int nonblock);
 
 /* Portable function to create a pipe.  Under Windows the read end is
-   inheritable.  If R_FP is not NULL, an estream is created for the
-   write end and stored at R_FP.  */
-gpg_error_t gnupg_create_outbound_pipe (int filedes[2],
+   inheritable.  Pipe is created and the write end is stored at R_FD.
+   An estream is created for the write end and stored at R_FP.  */
+gpg_error_t gnupg_create_outbound_pipe (gnupg_fd_t *r_fd,
                                         estream_t *r_fp, int nonblock);
 
 /* Portable function to create a pipe.  Under Windows both ends are
diff --git a/common/exectool.c b/common/exectool.c
index bb867fbc3..de460084f 100644
--- a/common/exectool.c
+++ b/common/exectool.c
@@ -331,7 +331,7 @@ gnupg_exec_tool_stream (const char *pgmname, const char *argv[],
 #else
   int exceptclose[2];
 #endif
-  int extrapipe[2] = {-1, -1};
+  gnupg_fd_t extrapipe;
   char extrafdbuf[20];
   const char *argsave = NULL;
   int argsaveidx;
@@ -387,7 +387,7 @@ gnupg_exec_tool_stream (const char *pgmname, const char *argv[],
 
   if (inextra)
     {
-      err = gnupg_create_outbound_pipe (extrapipe, &extrafp, 1);
+      err = gnupg_create_outbound_pipe (&extrapipe, &extrafp, 1);
       if (err)
         {
           log_error ("error creating outbound pipe for extra fp: %s\n",
@@ -395,11 +395,7 @@ gnupg_exec_tool_stream (const char *pgmname, const char *argv[],
           goto leave;
         }
       /* Do not close in child. */
-#ifdef HAVE_W32_SYSTEM
-      exceptclose[i] = (HANDLE)_get_osfhandle (extrapipe[0]);
-#else
-      exceptclose[i] = extrapipe[0];
-#endif
+      exceptclose[i] = extrapipe;
       /* Now find the argument marker and replace by the pipe's fd.
          Yeah, that is an ugly non-thread safe hack but it safes us to
          create a copy of the array.  */
@@ -424,11 +420,7 @@ gnupg_exec_tool_stream (const char *pgmname, const char *argv[],
       i++;
     }
 
-#ifdef HAVE_W32_SYSTEM
-    exceptclose[i] = INVALID_HANDLE_VALUE;
-#else
-    exceptclose[i] = -1;
-#endif
+  exceptclose[i] = GNUPG_INVALID_FD;
 
   err = gpgrt_spawn_actions_new (&act);
   if (err)
@@ -447,8 +439,12 @@ gnupg_exec_tool_stream (const char *pgmname, const char *argv[],
                               | GPGRT_PROCESS_STDERR_PIPE), act, &proc);
   gpgrt_process_get_streams (proc, GPGRT_PROCESS_STREAM_NONBLOCK,
                              input? &infp : NULL, &outfp, &errfp);
-  if (extrapipe[0] != -1)
-    close (extrapipe[0]);
+  if (extrapipe != GNUPG_INVALID_FD)
+#ifdef HAVE_W32_SYSTEM
+    CloseHandle (extrapipe);
+#else
+    close (extrapipe);
+#endif
   if (argsave)
     argv[argsaveidx] = argsave;
   if (err)