From owner-svn-src-all@FreeBSD.ORG Fri Sep 6 21:02:07 2013 Return-Path: Delivered-To: svn-src-all@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTP id 8C783989; Fri, 6 Sep 2013 21:02:07 +0000 (UTC) (envelope-from jilles@FreeBSD.org) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id 798062439; Fri, 6 Sep 2013 21:02:07 +0000 (UTC) Received: from svn.freebsd.org ([127.0.1.70]) by svn.freebsd.org (8.14.7/8.14.7) with ESMTP id r86L27vC083001; Fri, 6 Sep 2013 21:02:07 GMT (envelope-from jilles@svn.freebsd.org) Received: (from jilles@localhost) by svn.freebsd.org (8.14.7/8.14.5/Submit) id r86L26P1082995; Fri, 6 Sep 2013 21:02:06 GMT (envelope-from jilles@svn.freebsd.org) Message-Id: <201309062102.r86L26P1082995@svn.freebsd.org> From: Jilles Tjoelker Date: Fri, 6 Sep 2013 21:02:06 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r255328 - head/lib/libc/net X-SVN-Group: head MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-all@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "SVN commit messages for the entire src tree \(except for " user" and " projects" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 06 Sep 2013 21:02:07 -0000 Author: jilles Date: Fri Sep 6 21:02:06 2013 New Revision: 255328 URL: http://svnweb.freebsd.org/changeset/base/255328 Log: libc: Use SOCK_CLOEXEC for various internal file descriptors. This change avoids undesirably passing some internal file descriptors to a process created (fork+exec) by another thread. Kernel support for SOCK_CLOEXEC was added in r248534, March 19, 2013. Modified: head/lib/libc/net/getaddrinfo.c head/lib/libc/net/if_nametoindex.c head/lib/libc/net/name6.c head/lib/libc/net/nscachedcli.c Modified: head/lib/libc/net/getaddrinfo.c ============================================================================== --- head/lib/libc/net/getaddrinfo.c Fri Sep 6 20:51:15 2013 (r255327) +++ head/lib/libc/net/getaddrinfo.c Fri Sep 6 21:02:06 2013 (r255328) @@ -831,7 +831,8 @@ set_source(struct ai_order *aio, struct get_port(&ai, "1", 0); /* open a socket to get the source address for the given dst */ - if ((s = _socket(ai.ai_family, ai.ai_socktype, ai.ai_protocol)) < 0) + if ((s = _socket(ai.ai_family, ai.ai_socktype | SOCK_CLOEXEC, + ai.ai_protocol)) < 0) return; /* give up */ if (_connect(s, ai.ai_addr, ai.ai_addrlen) < 0) goto cleanup; @@ -1131,7 +1132,7 @@ explore_null(const struct addrinfo *pai, * filter out AFs that are not supported by the kernel * XXX errno? */ - s = _socket(pai->ai_family, SOCK_DGRAM, 0); + s = _socket(pai->ai_family, SOCK_DGRAM | SOCK_CLOEXEC, 0); if (s < 0) { if (errno != EMFILE) return 0; @@ -1541,18 +1542,19 @@ addrconfig(struct addrinfo *pai) */ af = pai->ai_family; if (af == AF_UNSPEC) { - if ((s = _socket(AF_INET6, SOCK_DGRAM, 0)) < 0) + if ((s = _socket(AF_INET6, SOCK_DGRAM | SOCK_CLOEXEC, 0)) < 0) af = AF_INET; else { _close(s); - if ((s = _socket(AF_INET, SOCK_DGRAM, 0)) < 0) + if ((s = _socket(AF_INET, SOCK_DGRAM | SOCK_CLOEXEC, + 0)) < 0) af = AF_INET6; else _close(s); } } if (af != AF_UNSPEC) { - if ((s = _socket(af, SOCK_DGRAM, 0)) < 0) + if ((s = _socket(af, SOCK_DGRAM | SOCK_CLOEXEC, 0)) < 0) return 0; _close(s); } Modified: head/lib/libc/net/if_nametoindex.c ============================================================================== --- head/lib/libc/net/if_nametoindex.c Fri Sep 6 20:51:15 2013 (r255327) +++ head/lib/libc/net/if_nametoindex.c Fri Sep 6 21:02:06 2013 (r255328) @@ -68,7 +68,7 @@ if_nametoindex(const char *ifname) struct ifaddrs *ifaddrs, *ifa; unsigned int ni; - s = _socket(AF_INET, SOCK_DGRAM, 0); + s = _socket(AF_INET, SOCK_DGRAM | SOCK_CLOEXEC, 0); if (s != -1) { #ifdef PURIFY memset(&ifr, 0, sizeof(ifr)); Modified: head/lib/libc/net/name6.c ============================================================================== --- head/lib/libc/net/name6.c Fri Sep 6 20:51:15 2013 (r255327) +++ head/lib/libc/net/name6.c Fri Sep 6 21:02:06 2013 (r255328) @@ -235,7 +235,7 @@ getipnodebyname(const char *name, int af if (flags & AI_ADDRCONFIG) { int s; - if ((s = _socket(af, SOCK_DGRAM, 0)) < 0) + if ((s = _socket(af, SOCK_DGRAM | SOCK_CLOEXEC, 0)) < 0) return NULL; /* * TODO: @@ -868,7 +868,8 @@ set_source(struct hp_order *aio, struct } /* open a socket to get the source address for the given dst */ - if ((s = _socket(ss.ss_family, SOCK_DGRAM, IPPROTO_UDP)) < 0) + if ((s = _socket(ss.ss_family, SOCK_DGRAM | SOCK_CLOEXEC, + IPPROTO_UDP)) < 0) return; /* give up */ if (_connect(s, (struct sockaddr *)&ss, ss.ss_len) < 0) goto cleanup; Modified: head/lib/libc/net/nscachedcli.c ============================================================================== --- head/lib/libc/net/nscachedcli.c Fri Sep 6 20:51:15 2013 (r255327) +++ head/lib/libc/net/nscachedcli.c Fri Sep 6 21:02:06 2013 (r255328) @@ -200,7 +200,7 @@ __open_cached_connection(struct cached_c assert(params != NULL); - client_socket = _socket(PF_LOCAL, SOCK_STREAM, 0); + client_socket = _socket(PF_LOCAL, SOCK_STREAM | SOCK_CLOEXEC, 0); client_address.sun_family = PF_LOCAL; strncpy(client_address.sun_path, params->socket_path, sizeof(client_address.sun_path));