GitLab/ocserv
1
0
Fork 0
mirror of https://gitlab.com/openconnect/ocserv.git synced 2026-02-11 01:06:59 +08:00
Code Issues Packages Projects Releases Wiki Activity

set close-on-exec flag in sec-mod fds

Browse Source
This commit is contained in:
Nikos Mavrogiannopoulos
2015-05-11 07:14:25 +02:00
committed by Nikos Mavrogiannopoulos
parent 45d380ccd9
commit cc04bad753
2 changed files with 4 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
src/main-misc.c
View File

@@ -633,11 +633,13 @@ int run_sec_mod(main_server_st * s)
#endif
setproctitle(PACKAGE_NAME "-secmod");
close(fd[1]);
set_cloexec_flag (fd[0], 1);
sec_mod_server(s->main_pool, s->perm_config, p, s->cookie_key, fd[0]);
exit(0);
} else if (pid > 0) { /* parent */
close(fd[0]);
s->sec_mod_pid = pid;
set_cloexec_flag (fd[1], 1);
return fd[1];
} else {
e = errno;

2
src/sec-mod.c
View File

@@ -41,6 +41,7 @@
#include <tlslib.h>
#include <ipc.pb-c.h>
#include <sec-mod-sup-config.h>
#include <cloexec.h>
#include <gnutls/gnutls.h>
#include <gnutls/abstract.h>
@@ -750,6 +751,7 @@ void sec_mod_server(void *main_pool, struct perm_cfg_st *perm_config, const char
continue;
}
}
set_cloexec_flag (cfd, 1);
/* do not allow unauthorized processes to issue commands
*/