[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[PATCH] af_alg: don’t leak file descriptors into children
|
From: |
Paul Eggert |
|
Subject: |
[PATCH] af_alg: don’t leak file descriptors into children |
|
Date: |
Wed, 9 May 2018 11:35:28 -0700 |
* lib/af_alg.c (alg_socket): Use SOCK_CLOEXEC when creating sockets.
This code should be compiled only on recent GNU/Linux platforms
so we shouldn’t have to also depend on the accept4 module.
---
ChangeLog | 5 +++++
lib/af_alg.c | 4 ++--
2 files changed, 7 insertions(+), 2 deletions(-)
diff --git a/ChangeLog b/ChangeLog
index c4e155392..818d3a602 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,10 @@
2018-05-09 Paul Eggert <address@hidden>
+ af_alg: don’t leak file descriptors into children
+ * lib/af_alg.c (alg_socket): Use SOCK_CLOEXEC when creating sockets.
+ This code should be compiled only on recent GNU/Linux platforms
+ so we shouldn’t have to also depend on the accept4 module.
+
af_alg: coalesce socket creation
* lib/af_alg.c (alg_socket): New function.
(afalg_buffer, afalg_stream): Use it. This avoids some
diff --git a/lib/af_alg.c b/lib/af_alg.c
index ca3dd0323..c85140a33 100644
--- a/lib/af_alg.c
+++ b/lib/af_alg.c
@@ -49,11 +49,11 @@ alg_socket (char const *alg)
if (i == sizeof salg.salg_name - 1)
return -EINVAL;
- int cfd = socket (AF_ALG, SOCK_SEQPACKET, 0);
+ int cfd = socket (AF_ALG, SOCK_SEQPACKET | SOCK_CLOEXEC, 0);
if (cfd < 0)
return -EAFNOSUPPORT;
int ofd = (bind (cfd, (struct sockaddr *) &salg, sizeof salg) == 0
- ? accept (cfd, NULL, 0)
+ ? accept4 (cfd, NULL, 0, SOCK_CLOEXEC)
: -1);
close (cfd);
return ofd < 0 ? -EAFNOSUPPORT : ofd;
--
2.17.0
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [PATCH] af_alg: don’t leak file descriptors into children,
Paul Eggert <=