upstream commit

use SO_ZEROIZE for privsep communication (if available) Upstream-ID: abcbb6d2f8039fc4367a6a78096e5d5c39de4a62
author: markus@openbsd.org <markus@openbsd.org> 2017-05-31 10:04:29 +0000
committer: Damien Miller <djm@mindrot.org> 2017-06-01 14:55:23 +1000
commit: 84008608c9ee944d9f72f5100f31ccff743b10f2 (patch)
tree: d7e6d3145d5e8a6c7a4377bae278e7dda5e47575 /monitor.c
parent: 9e509d4ec97cb3d71696f1a2f1fdad254cbbce11 (diff)
1 files changed, 10 insertions, 1 deletions
diff --git a/monitor.c b/monitor.c
index ef107a2e8..8897f6a82 100644
--- a/monitor.c
+++ b/monitor.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: monitor.c,v 1.170 2017/05/31 08:09:45 markus Exp $ */
+/* $OpenBSD: monitor.c,v 1.171 2017/05/31 10:04:29 markus Exp $ */
 /*
 * Copyright 2002 Niels Provos <provos@citi.umich.edu>
 * Copyright 2002 Markus Friedl <markus@openbsd.org>
@@ -1655,9 +1655,18 @@ static void
 monitor_openfds(struct monitor *mon, int do_logfds)
 {
        int pair[2];
+#ifdef SO_ZEROIZE
+        int on = 1;
+#endif
        if (socketpair(AF_UNIX, SOCK_STREAM, 0, pair) == -1)
                fatal("%s: socketpair: %s", __func__, strerror(errno));
+#ifdef SO_ZEROIZE
+        if (setsockopt(pair[0], SOL_SOCKET, SO_ZEROIZE, &on, sizeof(on)) < 0)
+                error("setsockopt SO_ZEROIZE(0): %.100s", strerror(errno));
+        if (setsockopt(pair[1], SOL_SOCKET, SO_ZEROIZE, &on, sizeof(on)) < 0)
+                error("setsockopt SO_ZEROIZE(1): %.100s", strerror(errno));
+#endif
        FD_CLOSEONEXEC(pair[0]);
        FD_CLOSEONEXEC(pair[1]);
        mon->m_recvfd = pair[0];
author	markus@openbsd.org <markus@openbsd.org>	2017-05-31 10:04:29 +0000
committer	Damien Miller <djm@mindrot.org>	2017-06-01 14:55:23 +1000
commit	84008608c9ee944d9f72f5100f31ccff743b10f2 (patch)
tree	d7e6d3145d5e8a6c7a4377bae278e7dda5e47575 /monitor.c
parent	9e509d4ec97cb3d71696f1a2f1fdad254cbbce11 (diff)