diff options
author | dtucker <dtucker> | 2010-01-08 06:07:22 +0000 |
---|---|---|
committer | dtucker <dtucker> | 2010-01-08 06:07:22 +0000 |
commit | 0b67160b088dc5291e48f78338a5defc44499f0d (patch) | |
tree | 19e2481c360fbb1099f9da7a81f27e70e1a8571c /sshconnect.c | |
parent | d144340439f26949e06ba973928ced9cd2589589 (diff) | |
download | openssh-0b67160b088dc5291e48f78338a5defc44499f0d.tar.gz |
- dtucker@cvs.openbsd.org 2009/11/10 04:30:45
[sshconnect2.c channels.c sshconnect.c]
Set close-on-exec on various descriptors so they don't get leaked to
child processes. bz #1643, patch from jchadima at redhat, ok deraadt.
Diffstat (limited to 'sshconnect.c')
-rw-r--r-- | sshconnect.c | 8 |
1 files changed, 6 insertions, 2 deletions
diff --git a/sshconnect.c b/sshconnect.c index a09026e6..3c8308ff 100644 --- a/sshconnect.c +++ b/sshconnect.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshconnect.c,v 1.215 2009/10/28 16:38:18 reyk Exp $ */ +/* $OpenBSD: sshconnect.c,v 1.216 2009/11/10 04:30:45 dtucker Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -28,6 +28,7 @@ #include <ctype.h> #include <errno.h> +#include <fcntl.h> #include <netdb.h> #ifdef HAVE_PATHS_H #include <paths.h> @@ -192,8 +193,11 @@ ssh_create_socket(int privileged, struct addrinfo *ai) } sock = socket_rdomain(ai->ai_family, ai->ai_socktype, ai->ai_protocol, options.rdomain); - if (sock < 0) + if (sock < 0) { error("socket: %.100s", strerror(errno)); + return -1; + } + fcntl(sock, F_SETFD, FD_CLOEXEC); /* Bind the socket to an alternative local IP address */ if (options.bind_address == NULL) |