af_alg: don’t leak file descriptors into children

* lib/af_alg.c (alg_socket): Use SOCK_CLOEXEC when creating sockets. This code should be compiled only on recent GNU/Linux platforms so we shouldn’t have to also depend on the accept4 module.
author: Paul Eggert <eggert@cs.ucla.edu> 2018-05-09 11:34:28 -0700
committer: Paul Eggert <eggert@cs.ucla.edu> 2018-05-09 11:34:46 -0700
commit: 842c754d2bb21b0dbb9bd2ad5fd87d94a81b2aeb (patch)
tree: 94b733665e7abce7178278d53aacb451c7f6c50b /lib/af_alg.c
parent: 9d991bcb7f87358ea86714530c460eb7c36ca74f (diff)
download: gnulib-842c754d2bb21b0dbb9bd2ad5fd87d94a81b2aeb.tar.gz
1 files changed, 2 insertions, 2 deletions
diff --git a/lib/af_alg.c b/lib/af_alg.c
index ca3dd03235..c85140a335 100644
--- a/lib/af_alg.c
+++ b/lib/af_alg.c
@@ -49,11 +49,11 @@ alg_socket (char const *alg)
     if (i == sizeof salg.salg_name - 1)
       return -EINVAL;
 
-  int cfd = socket (AF_ALG, SOCK_SEQPACKET, 0);
+  int cfd = socket (AF_ALG, SOCK_SEQPACKET | SOCK_CLOEXEC, 0);
   if (cfd < 0)
     return -EAFNOSUPPORT;
   int ofd = (bind (cfd, (struct sockaddr *) &salg, sizeof salg) == 0
-             ? accept (cfd, NULL, 0)
+             ? accept4 (cfd, NULL, 0, SOCK_CLOEXEC)
              : -1);
   close (cfd);
   return ofd < 0 ? -EAFNOSUPPORT : ofd;
author	Paul Eggert <eggert@cs.ucla.edu>	2018-05-09 11:34:28 -0700
committer	Paul Eggert <eggert@cs.ucla.edu>	2018-05-09 11:34:46 -0700
commit	842c754d2bb21b0dbb9bd2ad5fd87d94a81b2aeb (patch)
tree	94b733665e7abce7178278d53aacb451c7f6c50b /lib/af_alg.c
parent	9d991bcb7f87358ea86714530c460eb7c36ca74f (diff)
download	gnulib-842c754d2bb21b0dbb9bd2ad5fd87d94a81b2aeb.tar.gz