Mercurial > gnulib
changeset 39348:48c741c6c35d
af_alg: don’t leak file descriptors into children
* lib/af_alg.c (alg_socket): Use SOCK_CLOEXEC when creating sockets.
This code should be compiled only on recent GNU/Linux platforms
so we shouldn’t have to also depend on the accept4 module.
| author | Paul Eggert <eggert@cs.ucla.edu> |
|---|---|
| date | Wed, 09 May 2018 11:34:28 -0700 |
| parents | f9dc53a50a90 |
| children | 2ccd065bf0a0 |
| files | ChangeLog lib/af_alg.c |
| diffstat | 2 files changed, 7 insertions(+), 2 deletions(-) [+] |
line wrap: on
line diff
--- a/ChangeLog Wed May 09 11:16:59 2018 -0700 +++ b/ChangeLog Wed May 09 11:34:28 2018 -0700 @@ -1,5 +1,10 @@ 2018-05-09 Paul Eggert <eggert@cs.ucla.edu> + af_alg: don’t leak file descriptors into children + * lib/af_alg.c (alg_socket): Use SOCK_CLOEXEC when creating sockets. + This code should be compiled only on recent GNU/Linux platforms + so we shouldn’t have to also depend on the accept4 module. + af_alg: coalesce socket creation * lib/af_alg.c (alg_socket): New function. (afalg_buffer, afalg_stream): Use it. This avoids some
--- a/lib/af_alg.c Wed May 09 11:16:59 2018 -0700 +++ b/lib/af_alg.c Wed May 09 11:34:28 2018 -0700 @@ -49,11 +49,11 @@ if (i == sizeof salg.salg_name - 1) return -EINVAL; - int cfd = socket (AF_ALG, SOCK_SEQPACKET, 0); + int cfd = socket (AF_ALG, SOCK_SEQPACKET | SOCK_CLOEXEC, 0); if (cfd < 0) return -EAFNOSUPPORT; int ofd = (bind (cfd, (struct sockaddr *) &salg, sizeof salg) == 0 - ? accept (cfd, NULL, 0) + ? accept4 (cfd, NULL, 0, SOCK_CLOEXEC) : -1); close (cfd); return ofd < 0 ? -EAFNOSUPPORT : ofd;