Set close-on-exec on various descriptors so they don't get leaked to

child processes. bz #1643, patch from jchadima at redhat, ok deraadt.
author: dtucker <dtucker@openbsd.org> 2009-11-10 04:30:44 +0000
committer: dtucker <dtucker@openbsd.org> 2009-11-10 04:30:44 +0000
commit: 75748816efcfb179b3a4b1da365ead546b4346e8 (patch)
tree: c334748641b759ce78274bf05ea74b82ad0c587b /usr.bin/ssh/sshconnect.c
parent: sync (diff)
download: wireguard-openbsd-75748816efcfb179b3a4b1da365ead546b4346e8.tar.xz
wireguard-openbsd-75748816efcfb179b3a4b1da365ead546b4346e8.zip
1 files changed, 6 insertions, 2 deletions
diff --git a/usr.bin/ssh/sshconnect.c b/usr.bin/ssh/sshconnect.c
index 481d34b9a3a..57fc77a2169 100644
--- a/usr.bin/ssh/sshconnect.c
+++ b/usr.bin/ssh/sshconnect.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sshconnect.c,v 1.215 2009/10/28 16:38:18 reyk Exp $ */
+/* $OpenBSD: sshconnect.c,v 1.216 2009/11/10 04:30:45 dtucker Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -23,6 +23,7 @@
 
 #include <ctype.h>
 #include <errno.h>
+#include <fcntl.h>
 #include <netdb.h>
 #include <paths.h>
 #include <signal.h>
@@ -183,8 +184,11 @@ ssh_create_socket(int privileged, struct addrinfo *ai)
 	}
 	sock = socket_rdomain(ai->ai_family, ai->ai_socktype, ai->ai_protocol,
 	    options.rdomain);
-	if (sock < 0)
+	if (sock < 0) {
 		error("socket: %.100s", strerror(errno));
+		return -1;
+	}
+	fcntl(sock, F_SETFD, FD_CLOEXEC);
 
 	/* Bind the socket to an alternative local IP address */
 	if (options.bind_address == NULL)
author	dtucker <dtucker@openbsd.org>	2009-11-10 04:30:44 +0000
committer	dtucker <dtucker@openbsd.org>	2009-11-10 04:30:44 +0000
commit	75748816efcfb179b3a4b1da365ead546b4346e8 (patch)
tree	c334748641b759ce78274bf05ea74b82ad0c587b /usr.bin/ssh/sshconnect.c
parent	sync (diff)
download	wireguard-openbsd-75748816efcfb179b3a4b1da365ead546b4346e8.tar.xz wireguard-openbsd-75748816efcfb179b3a4b1da365ead546b4346e8.zip