diff options
author | Paul Eggert <eggert@cs.ucla.edu> | 2018-05-09 11:34:28 -0700 |
---|---|---|
committer | Paul Eggert <eggert@cs.ucla.edu> | 2018-05-09 11:34:46 -0700 |
commit | 842c754d2bb21b0dbb9bd2ad5fd87d94a81b2aeb (patch) | |
tree | 94b733665e7abce7178278d53aacb451c7f6c50b /lib/af_alg.c | |
parent | 9d991bcb7f87358ea86714530c460eb7c36ca74f (diff) | |
download | gnulib-842c754d2bb21b0dbb9bd2ad5fd87d94a81b2aeb.tar.gz |
af_alg: don’t leak file descriptors into children
* lib/af_alg.c (alg_socket): Use SOCK_CLOEXEC when creating sockets.
This code should be compiled only on recent GNU/Linux platforms
so we shouldn’t have to also depend on the accept4 module.
Diffstat (limited to 'lib/af_alg.c')
-rw-r--r-- | lib/af_alg.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/lib/af_alg.c b/lib/af_alg.c index ca3dd03235..c85140a335 100644 --- a/lib/af_alg.c +++ b/lib/af_alg.c @@ -49,11 +49,11 @@ alg_socket (char const *alg) if (i == sizeof salg.salg_name - 1) return -EINVAL; - int cfd = socket (AF_ALG, SOCK_SEQPACKET, 0); + int cfd = socket (AF_ALG, SOCK_SEQPACKET | SOCK_CLOEXEC, 0); if (cfd < 0) return -EAFNOSUPPORT; int ofd = (bind (cfd, (struct sockaddr *) &salg, sizeof salg) == 0 - ? accept (cfd, NULL, 0) + ? accept4 (cfd, NULL, 0, SOCK_CLOEXEC) : -1); close (cfd); return ofd < 0 ? -EAFNOSUPPORT : ofd; |