[Openswan dev] [PATCH] Set CLOEXEC on all pluto file descriptors

Herbert Xu herbert at gondor.apana.org.au
Wed Sep 7 17:23:43 CEST 2005


Hi Ken:

This patch sets CLOEXEC on all file descriptors.  Without this things
like the adns file descriptors are leaked to the updown script.  If the
updown script then spawns a long-living child, this could prevent the
shutting down of pluto.

Cheers,
-- 
Visit Openswan at http://www.openswan.org/
Email: Herbert Xu ~{PmV>HI~} <herbert at gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
-------------- next part --------------
Index: programs/pluto/dnskey.c
===================================================================
RCS file: /var/cvs/snwb/packages/openswan/programs/pluto/dnskey.c,v
retrieving revision 1.1.1.2
diff -u -r1.1.1.2 dnskey.c
--- programs/pluto/dnskey.c	30 Nov 2004 16:34:08 -0000	1.1.1.2
+++ programs/pluto/dnskey.c	7 Sep 2005 06:21:35 -0000
@@ -190,6 +190,8 @@
 	adns_qfd = qfds[1];
 	adns_afd = afds[0];
 	close(afds[1]);
+	fcntl(adns_qfd, F_SETFD, FD_CLOEXEC);
+	fcntl(adns_afd, F_SETFD, FD_CLOEXEC);
 	fcntl(adns_qfd, F_SETFL, O_NONBLOCK);
 	break;
     }
Index: programs/pluto/rnd.c
===================================================================
RCS file: /var/cvs/snwb/packages/openswan/programs/pluto/rnd.c,v
retrieving revision 1.1.1.2
diff -u -r1.1.1.2 rnd.c
--- programs/pluto/rnd.c	18 Jan 2005 02:49:40 -0000	1.1.1.2
+++ programs/pluto/rnd.c	7 Sep 2005 06:21:35 -0000
@@ -236,6 +236,7 @@
     }
 # endif
 
+    fcntl(random_fd, F_SETFD, FD_CLOEXEC);
 
     get_rnd_bytes(random_pool, RANDOM_POOL_SIZE);
     mix_pool();


More information about the Dev mailing list