nss-pam-ldapd commit: r1860 - in nss-pam-ldapd-0.7: . common

[Commits of the nss-pam-ldapd project <nss-pam-ldapd-commits [at] lists.arthurdejong.org>]

Author: arthur
Date: Fri Dec 14 17:36:54 2012
New Revision: 1860
URL: http://arthurdejong.org/viewvc/nss-pam-ldapd?revision=1860&view=revision

Log:
set FD_CLOEXEC in NSS and PAM modules to ensure that nslcd file descriptor is 
not leaked to child processes (r1821 from 0.8)

Modified:
   nss-pam-ldapd-0.7/   (props changed)
   nss-pam-ldapd-0.7/common/nslcd-prot.c

Modified: nss-pam-ldapd-0.7/common/nslcd-prot.c
==============================================================================
--- nss-pam-ldapd-0.7/common/nslcd-prot.c       Fri Dec 14 16:19:46 2012        
(r1859)
+++ nss-pam-ldapd-0.7/common/nslcd-prot.c       Fri Dec 14 17:36:54 2012        
(r1860)
@@ -33,6 +33,7 @@
 #include <sys/stat.h>
 #include <errno.h>
 #include <string.h>
+#include <fcntl.h>
 
 #include "nslcd.h"
 #include "nslcd-prot.h"
@@ -57,6 +58,7 @@
   struct sockaddr_un addr;
   struct timeval readtimeout,writetimeout;
   TFILE *fp;
+  int flags;
   /* create a socket */
   if ( (sock=socket(PF_UNIX,SOCK_STREAM,0))<0 )
     return NULL;
@@ -65,6 +67,10 @@
   addr.sun_family=AF_UNIX;
   strncpy(addr.sun_path,NSLCD_SOCKET,sizeof(addr.sun_path));
   addr.sun_path[sizeof(addr.sun_path)-1]='\0';
+  /* close the file descriptor on exec (ignore errors) */
+  flags=fcntl(sock,F_GETFL);
+  if (flags>=0)
+    (void)fcntl(sock,F_SETFD,flags|FD_CLOEXEC);
   /* connect to the socket */
   if (connect(sock,(struct sockaddr *)&addr,(socklen_t)sizeof(struct 
sockaddr_un))<0)
   {
-- 
To unsubscribe send an email to
nss-pam-ldapd-commits-unsubscribe@lists.arthurdejong.org or see
http://lists.arthurdejong.org/nss-pam-ldapd-commits/