src - OpenBSD base system

diff options


context:
space:
mode:

author	Claudio Jeker <claudio@cvs.openbsd.org>	2019-08-08 20:06:30 +0000
committer	Claudio Jeker <claudio@cvs.openbsd.org>	2019-08-08 20:06:30 +0000
commit	0a71cb11382aa7f8e00682b9623ea03fdb485ea4 (patch)
tree	11a37b8546782b82726405233fca384e0f8d7c68 /usr.sbin
parent	27b028eebd6b32f3c76ab2feb861b807f08fd913 (diff)

Use O_CLOEXEC or SOCK_CLOEXEC on every open or socket call. Even though

some sockets are open for a short time it does not hurt and it ensures that there is no file descriptor leak. OK deraadt@ bluhm@

Diffstat (limited to 'usr.sbin')

-rw-r--r--

usr.sbin/bgpd/carp.c

-rw-r--r--

usr.sbin/bgpd/control.c

-rw-r--r--

usr.sbin/bgpd/kroute.c

-rw-r--r--

usr.sbin/bgpd/mrt.c

-rw-r--r--

usr.sbin/bgpd/pftable.c

5 files changed, 13 insertions, 13 deletions

diff --git a/usr.sbin/bgpd/carp.c b/usr.sbin/bgpd/carp.c
index 71feb3dbc83..64aec7d87f5 100644
--- a/usr.sbin/bgpd/carp.c
+++ b/usr.sbin/bgpd/carp.c

@@ -1,4 +1,4 @@

-/* $OpenBSD: carp.c,v 1.9 2017/01/24 04:22:42 benno Exp $ */

+/* $OpenBSD: carp.c,v 1.10 2019/08/08 20:06:29 claudio Exp $ */

@@ -108,7 +108,7 @@ carp_demote_get(char *group)

int s;

struct ifgroupreq ifgr;

- if ((s = socket(AF_INET, SOCK_DGRAM, 0)) == -1) {

+ if ((s = socket(AF_INET, SOCK_DGRAM | SOCK_CLOEXEC, 0)) == -1) {

log_warn("carp_demote_get: socket");

return (-1);

}

@@ -162,7 +162,7 @@ carp_demote_ioctl(char *group, int demote)

int s, res;

struct ifgroupreq ifgr;

- if ((s = socket(AF_INET, SOCK_DGRAM, 0)) == -1) {

+ if ((s = socket(AF_INET, SOCK_DGRAM | SOCK_CLOEXEC, 0)) == -1) {

log_warn("%s: socket", __func__);

return (-1);

}

diff --git a/usr.sbin/bgpd/control.c b/usr.sbin/bgpd/control.c
index f3b0f3da2b5..968b6550c9e 100644
--- a/usr.sbin/bgpd/control.c
+++ b/usr.sbin/bgpd/control.c

@@ -1,4 +1,4 @@

-/* $OpenBSD: control.c,v 1.97 2019/05/27 09:14:32 claudio Exp $ */

+/* $OpenBSD: control.c,v 1.98 2019/08/08 20:06:29 claudio Exp $ */

@@ -47,7 +47,7 @@ control_check(char *path)

sun.sun_family = AF_UNIX;

strlcpy(sun.sun_path, path, sizeof(sun.sun_path));

- if ((fd = socket(AF_UNIX, SOCK_STREAM, 0)) == -1) {

+ if ((fd = socket(AF_UNIX, SOCK_STREAM | SOCK_CLOEXEC, 0)) == -1) {

log_warn("%s: socket", __func__);

return (-1);

}

diff --git a/usr.sbin/bgpd/kroute.c b/usr.sbin/bgpd/kroute.c
index ada0581a150..183860a3c7d 100644
--- a/usr.sbin/bgpd/kroute.c
+++ b/usr.sbin/bgpd/kroute.c

@@ -1,4 +1,4 @@

-/* $OpenBSD: kroute.c,v 1.237 2019/07/23 06:26:44 claudio Exp $ */

+/* $OpenBSD: kroute.c,v 1.238 2019/08/08 20:06:29 claudio Exp $ */

@@ -2886,7 +2886,7 @@ get_mpe_config(const char *name, u_int *rdomain, u_int *label)

*label = 0;

*rdomain = 0;

- s = socket(AF_INET, SOCK_DGRAM, 0);

+ s = socket(AF_INET, SOCK_DGRAM | SOCK_CLOEXEC, 0);

if (s == -1)

return (-1);

diff --git a/usr.sbin/bgpd/mrt.c b/usr.sbin/bgpd/mrt.c
index 2fbc86ea8db..7426aaffa27 100644
--- a/usr.sbin/bgpd/mrt.c
+++ b/usr.sbin/bgpd/mrt.c

@@ -1,4 +1,4 @@

-/* $OpenBSD: mrt.c,v 1.99 2019/07/24 08:58:24 claudio Exp $ */

+/* $OpenBSD: mrt.c,v 1.100 2019/08/08 20:06:29 claudio Exp $ */

@@ -908,7 +908,7 @@ mrt_open(struct mrt *mrt, time_t now)

}

fd = open(MRT2MC(mrt)->file,

- O_WRONLY|O_NONBLOCK|O_CREAT|O_TRUNC, 0644);

+ O_WRONLY|O_NONBLOCK|O_CREAT|O_TRUNC|O_CLOEXEC, 0644);

if (fd == -1) {

log_warn("mrt_open %s", MRT2MC(mrt)->file);

return (1);

diff --git a/usr.sbin/bgpd/pftable.c b/usr.sbin/bgpd/pftable.c
index b584ae259fc..d880e5eeb3d 100644
--- a/usr.sbin/bgpd/pftable.c
+++ b/usr.sbin/bgpd/pftable.c

@@ -1,4 +1,4 @@

-/* $OpenBSD: pftable.c,v 1.13 2019/06/28 13:32:47 deraadt Exp $ */

+/* $OpenBSD: pftable.c,v 1.14 2019/08/08 20:06:29 claudio Exp $ */

@@ -63,7 +63,7 @@ pftable_change(struct pf_table *pft)

if (pft->naddrs == 0 || pft->what == 0)

return (0);

- if (devpf == -1 && ((devpf = open("/dev/pf", O_RDWR)) == -1))

+ if (devpf == -1 && ((devpf = open("/dev/pf", O_RDWR|O_CLOEXEC)) == -1))

fatal("open(/dev/pf)");

bzero(&tio, sizeof(tio));

@@ -90,7 +90,7 @@ pftable_clear(const char *name)

{

struct pfioc_table tio;

- if (devpf == -1 && ((devpf = open("/dev/pf", O_RDWR)) == -1))

+ if (devpf == -1 && ((devpf = open("/dev/pf", O_RDWR|O_CLOEXEC)) == -1))

fatal("open(/dev/pf)");

bzero(&tio, sizeof(tio));

@@ -111,7 +111,7 @@ pftable_exists(const char *name)

struct pfioc_table tio;

struct pfr_astats dummy;

- if (devpf == -1 && ((devpf = open("/dev/pf", O_RDWR)) == -1))

+ if (devpf == -1 && ((devpf = open("/dev/pf", O_RDWR|O_CLOEXEC)) == -1))

fatal("open(/dev/pf)");

bzero(&tio, sizeof(tio));