2 files changed, 11 insertions, 1 deletions

diff --git a/uhttpd-cgi.c b/uhttpd-cgi.c
index 8c17251..ed68851 100644
--- a/uhttpd-cgi.c
+++ b/uhttpd-cgi.c
@@ -157,6 +157,8 @@ void uh_cgi_request(
 	fd_set reader;
 	fd_set writer;
 
+	sigset_t ss;
+
 	struct sigaction sa;
 	struct timeval timeout;
 	struct http_response *res;
@@ -187,6 +189,10 @@ void uh_cgi_request(
 
 		/* exec child */
 		case 0:
+			/* unblock signals */
+			sigemptyset(&ss);
+			sigprocmask(SIG_SETMASK, &ss, NULL);
+
 			/* restore SIGTERM */
 			sa.sa_flags = 0;
 			sa.sa_handler = SIG_DFL;
@@ -201,6 +207,10 @@ void uh_cgi_request(
 			dup2(rfd[1], 1);
 			dup2(wfd[0], 0);
 
+			/* avoid leaking our pipe into child-child processes */
+			fd_cloexec(rfd[1]);
+			fd_cloexec(wfd[0]);
+
 			/* check for regular, world-executable file _or_ interpreter */
 			if( ((pi->stat.st_mode & S_IFREG) &&
 			     (pi->stat.st_mode & S_IXOTH)) || (ip != NULL)
diff --git a/uhttpd.c b/uhttpd.c
index 50c3b32..4a3bced 100644
--- a/uhttpd.c
+++ b/uhttpd.c
@@ -621,7 +621,7 @@ static void uh_mainloop(struct config *conf, fd_set serv_fds, int max_fd)
 }
 
 #ifdef HAVE_TLS
-static inline uh_inittls(struct config *conf)
+static inline int uh_inittls(struct config *conf)
 {
 	/* library handle */
 	void *lib;