Avoid calling dup2(oldd, newd) when oldd == newd. In that case the

descriptor keeps CLOEXEC flag then it will be closed unexpectedly by exec(). ok tedu florian
author: yasuoka <yasuoka@openbsd.org> 2019-03-31 03:36:18 +0000
committer: yasuoka <yasuoka@openbsd.org> 2019-03-31 03:36:18 +0000
commit: ef4f5895abd850e5705ba18ff094fe48eb3d06cd (patch)
tree: f62d986aaee36319a44d595489a7dad07f385254 /usr.sbin
parent: If using retguard, we do not also need the stack protector. (diff)
download: wireguard-openbsd-ef4f5895abd850e5705ba18ff094fe48eb3d06cd.tar.xz
wireguard-openbsd-ef4f5895abd850e5705ba18ff094fe48eb3d06cd.zip
6 files changed, 34 insertions, 13 deletions
diff --git a/usr.sbin/bgpd/bgpd.c b/usr.sbin/bgpd/bgpd.c
index 1dd968af069..a198a4f30a9 100644
--- a/usr.sbin/bgpd/bgpd.c
+++ b/usr.sbin/bgpd/bgpd.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: bgpd.c,v 1.213 2019/03/07 07:42:36 claudio Exp $ */
+/*	$OpenBSD: bgpd.c,v 1.214 2019/03/31 03:36:18 yasuoka Exp $ */
 
 /*
  * Copyright (c) 2003, 2004 Henning Brauer <henning@openbsd.org>
@@ -414,7 +414,10 @@ start_child(enum bgpd_process p, char *argv0, int fd, int debug, int verbose)
 		return (pid);
 	}
 
-	if (dup2(fd, 3) == -1)
+	if (fd != 3) {
+		if (dup2(fd, 3) == -1)
+			fatal("cannot setup imsg fd");
+	} else if (fcntl(fd, F_SETFD, 0) == -1)
 		fatal("cannot setup imsg fd");
 
 	argv[argc++] = argv0;
diff --git a/usr.sbin/eigrpd/eigrpd.c b/usr.sbin/eigrpd/eigrpd.c
index fada4d9c8e8..26427d134c2 100644
--- a/usr.sbin/eigrpd/eigrpd.c
+++ b/usr.sbin/eigrpd/eigrpd.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: eigrpd.c,v 1.26 2018/09/26 14:53:34 mestre Exp $ */
+/*	$OpenBSD: eigrpd.c,v 1.27 2019/03/31 03:36:18 yasuoka Exp $ */
 
 /*
  * Copyright (c) 2015 Renato Westphal <renato@openbsd.org>
@@ -25,6 +25,7 @@
 
 #include <err.h>
 #include <errno.h>
+#include <fcntl.h>
 #include <pwd.h>
 #include <signal.h>
 #include <stdio.h>
@@ -330,7 +331,10 @@ start_child(enum eigrpd_process p, char *argv0, int fd, int debug, int verbose,
 		return (pid);
 	}
 
-	if (dup2(fd, 3) == -1)
+	if (fd != 3) {
+		if (dup2(fd, 3) == -1)
+			fatal("cannot setup imsg fd");
+	} else if (fcntl(fd, F_SETFD, 0) == -1)
 		fatal("cannot setup imsg fd");
 
 	argv[argc++] = argv0;
diff --git a/usr.sbin/ldapd/ldapd.c b/usr.sbin/ldapd/ldapd.c
index 94df93ee4e6..797a36f89f3 100644
--- a/usr.sbin/ldapd/ldapd.c
+++ b/usr.sbin/ldapd/ldapd.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: ldapd.c,v 1.24 2018/05/15 11:19:21 reyk Exp $ */
+/*	$OpenBSD: ldapd.c,v 1.25 2019/03/31 03:36:18 yasuoka Exp $ */
 
 /*
  * Copyright (c) 2009, 2010 Martin Hedenfalk <martin@bzero.se>
@@ -429,7 +429,10 @@ start_child(enum ldapd_process p, char *argv0, int fd, int debug,
 		return (pid);
 	}
 
-	if (dup2(fd, PROC_PARENT_SOCK_FILENO) == -1)
+	if (fd != PROC_PARENT_SOCK_FILENO) {
+		if (dup2(fd, PROC_PARENT_SOCK_FILENO) == -1)
+			fatal("cannot setup imsg fd");
+	} else if (fcntl(fd, F_SETFD, 0) == -1)
 		fatal("cannot setup imsg fd");
 
 	argv[argc++] = argv0;
diff --git a/usr.sbin/ldpd/ldpd.c b/usr.sbin/ldpd/ldpd.c
index 7425d2030e5..d074b9e2329 100644
--- a/usr.sbin/ldpd/ldpd.c
+++ b/usr.sbin/ldpd/ldpd.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: ldpd.c,v 1.63 2019/01/23 02:02:04 dlg Exp $ */
+/*	$OpenBSD: ldpd.c,v 1.64 2019/03/31 03:36:18 yasuoka Exp $ */
 
 /*
  * Copyright (c) 2013, 2016 Renato Westphal <renato@openbsd.org>
@@ -23,6 +23,7 @@
 #include <sys/wait.h>
 #include <err.h>
 #include <errno.h>
+#include <fcntl.h>
 #include <pwd.h>
 #include <stdio.h>
 #include <stdlib.h>
@@ -330,7 +331,10 @@ start_child(enum ldpd_process p, char *argv0, int fd, int debug, int verbose,
 		return (pid);
 	}
 
-	if (dup2(fd, 3) == -1)
+	if (fd != 3) {
+		if (dup2(fd, 3) == -1)
+			fatal("cannot setup imsg fd");
+	} else if (fcntl(fd, F_SETFD, 0) == -1)
 		fatal("cannot setup imsg fd");
 
 	argv[argc++] = argv0;
diff --git a/usr.sbin/rad/rad.c b/usr.sbin/rad/rad.c
index d6e139a612f..f4e96ab319e 100644
--- a/usr.sbin/rad/rad.c
+++ b/usr.sbin/rad/rad.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: rad.c,v 1.19 2019/03/12 18:47:57 pamela Exp $	*/
+/*	$OpenBSD: rad.c,v 1.20 2019/03/31 03:36:18 yasuoka Exp $	*/
 
 /*
  * Copyright (c) 2018 Florian Obser <florian@openbsd.org>
@@ -36,6 +36,7 @@
 #include <err.h>
 #include <errno.h>
 #include <event.h>
+#include <fcntl.h>
 #include <imsg.h>
 #include <netdb.h>
 #include <pwd.h>
@@ -361,7 +362,10 @@ start_child(int p, char *argv0, int fd, int debug, int verbose)
 		return (pid);
 	}
 
-	if (dup2(fd, 3) == -1)
+	if (fd != 3) {
+		if (dup2(fd, 3) == -1)
+			fatal("cannot setup imsg fd");
+	} else if (fcntl(fd, F_SETFD, 0) == -1)
 		fatal("cannot setup imsg fd");
 
 	argv[argc++] = argv0;
diff --git a/usr.sbin/smtpd/smtpd.c b/usr.sbin/smtpd/smtpd.c
index 66022264cd2..acf0f657031 100644
--- a/usr.sbin/smtpd/smtpd.c
+++ b/usr.sbin/smtpd/smtpd.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: smtpd.c,v 1.317 2019/01/30 21:31:48 gilles Exp $	*/
+/*	$OpenBSD: smtpd.c,v 1.318 2019/03/31 03:36:18 yasuoka Exp $	*/
 
 /*
  * Copyright (c) 2008 Gilles Chehade <gilles@poolp.org>
@@ -827,8 +827,11 @@ start_child(int save_argc, char **save_argv, char *rexec)
 		return p;
 	}
 
-	if (dup2(sp[0], 3) == -1)
-		fatal("%s: dup2", rexec);
+	if (sp[0] != 3) {
+		if (dup2(sp[0], 3) == -1)
+			fatal("%s: dup2", rexec);
+	} else if (fcntl(sp[0], F_SETFD, 0) == -1)
+		fatal("%s: fcntl", rexec);
 
 	if (closefrom(4) == -1)
 		fatal("%s: closefrom", rexec);
author	yasuoka <yasuoka@openbsd.org>	2019-03-31 03:36:18 +0000
committer	yasuoka <yasuoka@openbsd.org>	2019-03-31 03:36:18 +0000
commit	ef4f5895abd850e5705ba18ff094fe48eb3d06cd (patch)
tree	f62d986aaee36319a44d595489a7dad07f385254 /usr.sbin
parent	If using retguard, we do not also need the stack protector. (diff)
download	wireguard-openbsd-ef4f5895abd850e5705ba18ff094fe48eb3d06cd.tar.xz wireguard-openbsd-ef4f5895abd850e5705ba18ff094fe48eb3d06cd.zip