- dtucker@cvs.openbsd.org 2009/11/10 04:30:45

[sshconnect2.c channels.c sshconnect.c] Set close-on-exec on various descriptors so they don't get leaked to child processes. bz #1643, patch from jchadima at redhat, ok deraadt.
author: dtucker <dtucker> 2010-01-08 06:07:22 +0000
committer: dtucker <dtucker> 2010-01-08 06:07:22 +0000
commit: 0b67160b088dc5291e48f78338a5defc44499f0d (patch)
tree: 19e2481c360fbb1099f9da7a81f27e70e1a8571c /sshconnect.c
parent: d144340439f26949e06ba973928ced9cd2589589 (diff)
download: openssh-0b67160b088dc5291e48f78338a5defc44499f0d.tar.gz
1 files changed, 6 insertions, 2 deletions
diff --git a/sshconnect.c b/sshconnect.c
index a09026e6..3c8308ff 100644
--- a/sshconnect.c
+++ b/sshconnect.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sshconnect.c,v 1.215 2009/10/28 16:38:18 reyk Exp $ */
+/* $OpenBSD: sshconnect.c,v 1.216 2009/11/10 04:30:45 dtucker Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -28,6 +28,7 @@
 
 #include <ctype.h>
 #include <errno.h>
+#include <fcntl.h>
 #include <netdb.h>
 #ifdef HAVE_PATHS_H
 #include <paths.h>
@@ -192,8 +193,11 @@ ssh_create_socket(int privileged, struct addrinfo *ai)
 	}
 	sock = socket_rdomain(ai->ai_family, ai->ai_socktype, ai->ai_protocol,
 	    options.rdomain);
-	if (sock < 0)
+	if (sock < 0) {
 		error("socket: %.100s", strerror(errno));
+		return -1;
+	}
+	fcntl(sock, F_SETFD, FD_CLOEXEC);
 
 	/* Bind the socket to an alternative local IP address */
 	if (options.bind_address == NULL)
author	dtucker <dtucker>	2010-01-08 06:07:22 +0000
committer	dtucker <dtucker>	2010-01-08 06:07:22 +0000
commit	0b67160b088dc5291e48f78338a5defc44499f0d (patch)
tree	19e2481c360fbb1099f9da7a81f27e70e1a8571c /sshconnect.c
parent	d144340439f26949e06ba973928ced9cd2589589 (diff)
download	openssh-0b67160b088dc5291e48f78338a5defc44499f0d.tar.gz