pool/curl
SHA256
4
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
curl/libcurl-ocloexec.patch

190 lines
6.2 KiB
Diff
Raw Blame History

Open library file descriptors with O_CLOEXEC
This patch is non-portable, it needs linux 2.6.23 and glibc 2.7
or later, different combinations (old linux, new glibc and vice-versa)
will result in a crash.
To make it portable you have to test O_CLOEXEC support at *runtime*
compile time is not enough.
diff --git a/lib/connect.c b/lib/connect.c
index 2a1876e..4a72f6a 100644
--- a/lib/connect.c
+++ b/lib/connect.c
@@ -881,7 +881,7 @@ singleipconnect(struct connectdata *conn,
(struct curl_sockaddr *)&addr);
else
/* opensocket callback not set, so simply create the socket now */
- sockfd = socket(addr.family, addr.socktype, addr.protocol);
+ sockfd = socket(addr.family, addr.socktype | SOCK_CLOEXEC, addr.protocol);
if(sockfd == CURL_SOCKET_BAD)
/* no socket, no connection */
diff --git a/lib/cookie.c b/lib/cookie.c
index 41ccdbe..35cfca3 100644
--- a/lib/cookie.c
+++ b/lib/cookie.c
@@ -736,7 +736,7 @@ struct CookieInfo *Curl_cookie_init(struct SessionHandle *data,
fp = NULL;
}
else
- fp = file?fopen(file, "r"):NULL;
+ fp = file?fopen(file, "re"):NULL;
c->newsession = newsession; /* new session? */
@@ -1060,7 +1060,7 @@ static int cookie_output(struct CookieInfo *c, const char *dumphere)
use_stdout=TRUE;
}
else {
- out = fopen(dumphere, "w");
+ out = fopen(dumphere, "we");
if(!out)
return 1; /* failure */
}
diff --git a/lib/file.c b/lib/file.c
index 4447c73..7e15b21 100644
--- a/lib/file.c
+++ b/lib/file.c
@@ -249,7 +249,7 @@ static CURLcode file_connect(struct connectdata *conn, bool *done)
fd = open_readonly(actual_path, O_RDONLY|O_BINARY);
file->path = actual_path;
#else
- fd = open_readonly(real_path, O_RDONLY);
+ fd = open_readonly(real_path, O_RDONLY|O_CLOEXEC);
file->path = real_path;
#endif
file->freepath = real_path; /* free this when done */
@@ -336,7 +336,7 @@ static CURLcode file_upload(struct connectdata *conn)
return CURLE_FILE_COULDNT_READ_FILE; /* fix: better error code */
if(data->state.resume_from)
- fp = fopen( file->path, "ab" );
+ fp = fopen( file->path, "abe" );
else {
int fd;
@@ -344,7 +344,7 @@ static CURLcode file_upload(struct connectdata *conn)
fd = open(file->path, O_WRONLY|O_CREAT|O_TRUNC|O_BINARY,
conn->data->set.new_file_perms);
#else
- fd = open(file->path, O_WRONLY|O_CREAT|O_TRUNC,
+ fd = open(file->path, O_WRONLY|O_CREAT|O_TRUNC|O_CLOEXEC,
conn->data->set.new_file_perms);
#endif
if(fd < 0) {
@@ -352,7 +352,7 @@ static CURLcode file_upload(struct connectdata *conn)
return CURLE_WRITE_ERROR;
}
close(fd);
- fp = fopen(file->path, "wb");
+ fp = fopen(file->path, "wbe");
}
if(!fp) {
diff --git a/lib/formdata.c b/lib/formdata.c
index cbef511..187c88b 100644
--- a/lib/formdata.c
+++ b/lib/formdata.c
@@ -1156,7 +1156,7 @@ CURLcode Curl_getformdata(struct SessionHandle *data,
FILE *fileread;
fileread = strequal("-", file->contents)?
- stdin:fopen(file->contents, "rb"); /* binary read for win32 */
+ stdin:fopen(file->contents, "rbe"); /* binary read for win32 */
/*
* VMS: This only allows for stream files on VMS. Stream files are
@@ -1292,7 +1292,7 @@ static size_t readfromfile(struct Form *form, char *buffer,
else {
if(!form->fp) {
/* this file hasn't yet been opened */
- form->fp = fopen(form->data->line, "rb"); /* b is for binary */
+ form->fp = fopen(form->data->line, "rbe"); /* b is for binary */
if(!form->fp)
return (size_t)-1; /* failure */
}
diff --git a/lib/ftp.c b/lib/ftp.c
index 05f6f45..11abaa3 100644
--- a/lib/ftp.c
+++ b/lib/ftp.c
@@ -907,7 +907,7 @@ static CURLcode ftp_state_use_port(struct connectdata *conn,
if(ai->ai_socktype == 0)
ai->ai_socktype = conn->socktype;
- portsock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol);
+ portsock = socket(ai->ai_family, ai->ai_socktype | SOCK_CLOEXEC, ai->ai_protocol);
if(portsock == CURL_SOCKET_BAD) {
error = SOCKERRNO;
continue;
diff --git a/lib/hostip6.c b/lib/hostip6.c
index 8241cb4..ac8d3d2 100644
--- a/lib/hostip6.c
+++ b/lib/hostip6.c
@@ -45,7 +45,7 @@
#ifdef HAVE_PROCESS_H
#include <process.h>
#endif
-
+#include <fcntl.h>
#include "urldata.h"
#include "sendf.h"
#include "hostip.h"
@@ -113,7 +113,7 @@ bool Curl_ipv6works(void)
static int ipv6_works = -1;
if(-1 == ipv6_works) {
/* probe to see if we have a working IPv6 stack */
- curl_socket_t s = socket(PF_INET6, SOCK_DGRAM, 0);
+ curl_socket_t s = socket(PF_INET6, SOCK_DGRAM | O_CLOEXEC, 0);
if(s == CURL_SOCKET_BAD)
/* an ipv6 address was requested but we can't get/use one */
ipv6_works = 0;
diff --git a/lib/if2ip.c b/lib/if2ip.c
index 4924f73..76c94ec 100644
--- a/lib/if2ip.c
+++ b/lib/if2ip.c
@@ -125,7 +125,7 @@ char *Curl_if2ip(int af, const char *interface, char *buf, int buf_size)
if(len >= sizeof(req.ifr_name))
return NULL;
- dummy = socket(AF_INET, SOCK_STREAM, 0);
+ dummy = socket(AF_INET, SOCK_STREAM | SOCK_CLOEXEC, 0);
if(CURL_SOCKET_BAD == dummy)
return NULL;
diff --git a/lib/netrc.c b/lib/netrc.c
index 6764b97..a605883 100644
--- a/lib/netrc.c
+++ b/lib/netrc.c
@@ -110,7 +110,7 @@ int Curl_parsenetrc(const char *host,
netrc_alloc = TRUE;
}
- file = fopen(netrcfile, "r");
+ file = fopen(netrcfile, "re");
if(file) {
char *tok;
char *tok_buf;
diff --git a/lib/ssluse.c b/lib/ssluse.c
index af70fe0..54f07a4 100644
--- a/lib/ssluse.c
+++ b/lib/ssluse.c
@@ -431,7 +431,7 @@ int cert_stuff(struct connectdata *conn,
STACK_OF(X509) *ca = NULL;
int i;
- f = fopen(cert_file,"rb");
+ f = fopen(cert_file,"rbe");
if(!f) {
failf(data, "could not open PKCS12 file '%s'", cert_file);
return 0;
@@ -2280,7 +2280,7 @@ static CURLcode servercert(struct connectdata *conn,
/* e.g. match issuer name with provided issuer certificate */
if(data->set.str[STRING_SSL_ISSUERCERT]) {
- fp=fopen(data->set.str[STRING_SSL_ISSUERCERT],"r");
+ fp=fopen(data->set.str[STRING_SSL_ISSUERCERT],"re");
if(!fp) {
if(strict)
failf(data, "SSL: Unable to open issuer cert (%s)\n",
Reference in New Issue View Git Blame Copy Permalink