- dtucker@cvs.openbsd.org 2009/11/10 04:30:45

[sshconnect2.c channels.c sshconnect.c] Set close-on-exec on various descriptors so they don't get leaked to child processes. bz #1643, patch from jchadima at redhat, ok deraadt.
author: Darren Tucker <dtucker@zip.com.au> 2010-01-08 17:07:22 +1100
committer: Darren Tucker <dtucker@zip.com.au> 2010-01-08 17:07:22 +1100
commit: 6e7fe1c01b8a69099ffc42e653cc478509e84781 (patch)
tree: d6636498087a2b9b4fd4651edd4e0f07788e51e1 /sshconnect.c
parent: f788a91624601857c586a4dd97c66083946e7781 (diff)
1 files changed, 6 insertions, 2 deletions
diff --git a/sshconnect.c b/sshconnect.c
index a09026e65..3c8308ffb 100644
--- a/sshconnect.c
+++ b/sshconnect.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sshconnect.c,v 1.215 2009/10/28 16:38:18 reyk Exp $ */
+/* $OpenBSD: sshconnect.c,v 1.216 2009/11/10 04:30:45 dtucker Exp $ */
 /*
 * Author: Tatu Ylonen <ylo@cs.hut.fi>
 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -28,6 +28,7 @@
 #include <ctype.h>
 #include <errno.h>
+#include <fcntl.h>
 #include <netdb.h>
 #ifdef HAVE_PATHS_H
 #include <paths.h>
@@ -192,8 +193,11 @@ ssh_create_socket(int privileged, struct addrinfo *ai)
        }
        sock = socket_rdomain(ai->ai_family, ai->ai_socktype, ai->ai_protocol,
            options.rdomain);
-        if (sock < 0)
+        if (sock < 0) {
                error("socket: %.100s", strerror(errno));
+                return -1;
+        }
+        fcntl(sock, F_SETFD, FD_CLOEXEC);
        /* Bind the socket to an alternative local IP address */
        if (options.bind_address == NULL)
author	Darren Tucker <dtucker@zip.com.au>	2010-01-08 17:07:22 +1100
committer	Darren Tucker <dtucker@zip.com.au>	2010-01-08 17:07:22 +1100
commit	6e7fe1c01b8a69099ffc42e653cc478509e84781 (patch)
tree	d6636498087a2b9b4fd4651edd4e0f07788e51e1 /sshconnect.c
parent	f788a91624601857c586a4dd97c66083946e7781 (diff)