- dtucker@cvs.openbsd.org 2009/11/10 04:30:45 [sshconnect2.c channels.c sshconnect.c] Set close-on-exec on various descriptors so they don't get leaked to child processes. bz #1643, patch from jchadima at redhat, ok deraadt.

commit: 6e7fe1c01b8a69099ffc42e653cc478509e84781 [log] [tgz]
author: Darren Tucker <dtucker@zip.com.au> Fri Jan 08 17:07:22 2010 +1100
committer: Darren Tucker <dtucker@zip.com.au> Fri Jan 08 17:07:22 2010 +1100
tree: d6636498087a2b9b4fd4651edd4e0f07788e51e1
parent: f788a91624601857c586a4dd97c66083946e7781 [diff] [blame]
diff --git a/sshconnect.c b/sshconnect.c
index a09026e..3c8308f 100644
--- a/sshconnect.c
+++ b/sshconnect.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: sshconnect.c,v 1.215 2009/10/28 16:38:18 reyk Exp $ */
+/* $OpenBSD: sshconnect.c,v 1.216 2009/11/10 04:30:45 dtucker Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -28,6 +28,7 @@
 
 #include <ctype.h>
 #include <errno.h>
+#include <fcntl.h>
 #include <netdb.h>
 #ifdef HAVE_PATHS_H
 #include <paths.h>
@@ -192,8 +193,11 @@
 	}
 	sock = socket_rdomain(ai->ai_family, ai->ai_socktype, ai->ai_protocol,
 	    options.rdomain);
-	if (sock < 0)
+	if (sock < 0) {
 		error("socket: %.100s", strerror(errno));
+		return -1;
+	}
+	fcntl(sock, F_SETFD, FD_CLOEXEC);
 
 	/* Bind the socket to an alternative local IP address */
 	if (options.bind_address == NULL)
commit	6e7fe1c01b8a69099ffc42e653cc478509e84781	[log] [tgz]
author	Darren Tucker <dtucker@zip.com.au>	Fri Jan 08 17:07:22 2010 +1100
committer	Darren Tucker <dtucker@zip.com.au>	Fri Jan 08 17:07:22 2010 +1100
tree	d6636498087a2b9b4fd4651edd4e0f07788e51e1
parent	f788a91624601857c586a4dd97c66083946e7781 [diff] [blame]