open files with O_CLOEXEC when possible

This helps prevent leaked file descriptors when the library is used in a process which exec's. opendir() already uses O_CLOEXEC on platforms that support O_CLOEXEC so we don't need to make changes there. In addition read config files using p11_mmap_open() so that we get the simple benefits of O_CLOEXEC with the open() call there. https://bugzilla.redhat.com/show_bug.cgi?id=984986
author: Stef Walter <stef@thewalter.net> 2013-07-16 22:43:37 +0200
committer: Stef Walter <stef@thewalter.net> 2013-07-18 07:33:57 +0200
commit: ab1caffd9e09fd4d6ab92713de29436db0da6dea (patch)
tree: 0098dbb6ac26ba5d3e882155f368bc9c3010b230 /p11-kit/pin.c
parent: 9886b39e2ebd2f711b5b0c3ca2e24694a9ffd361 (diff)
download: p11-kit-ab1caffd9e09fd4d6ab92713de29436db0da6dea.tar.gz
1 files changed, 1 insertions, 1 deletions
diff --git a/p11-kit/pin.c b/p11-kit/pin.c
index b64b737..60571de 100644
--- a/p11-kit/pin.c
+++ b/p11-kit/pin.c
@@ -466,7 +466,7 @@ p11_kit_pin_file_callback (const char *pin_source,
 	if (pin_flags & P11_KIT_PIN_FLAGS_RETRY)
 		return NULL;
 
-	fd = open (pin_source, O_BINARY | O_RDONLY);
+	fd = open (pin_source, O_BINARY | O_RDONLY | O_CLOEXEC);
 	if (fd == -1)
 		return NULL;
author	Stef Walter <stef@thewalter.net>	2013-07-16 22:43:37 +0200
committer	Stef Walter <stef@thewalter.net>	2013-07-18 07:33:57 +0200
commit	ab1caffd9e09fd4d6ab92713de29436db0da6dea (patch)
tree	0098dbb6ac26ba5d3e882155f368bc9c3010b230 /p11-kit/pin.c
parent	9886b39e2ebd2f711b5b0c3ca2e24694a9ffd361 (diff)
download	p11-kit-ab1caffd9e09fd4d6ab92713de29436db0da6dea.tar.gz