--- configure.in | 4 +++- fad-gifc.c | 2 +- fad-glifc.c | 4 ++-- inet.c | 4 ++-- nametoaddr.c | 2 +- pcap-bt-linux.c | 6 +++--- pcap-can-linux.c | 4 ++-- pcap-canusb-linux.c | 3 ++- pcap-linux.c | 16 ++++++++-------- pcap-netfilter-linux.c | 4 ++-- pcap-nit.c | 2 +- pcap-sita.c | 2 +- pcap-snit.c | 4 ++-- pcap-snoop.c | 2 +- pcap-usb-linux.c | 12 ++++++------ savefile.c | 2 +- sf-pcap.c | 2 +- 17 files changed, 39 insertions(+), 36 deletions(-) Index: libpcap-1.5.2/configure.in =================================================================== --- libpcap-1.5.2.orig/configure.in 2013-11-07 23:23:22.000000000 +0000 +++ libpcap-1.5.2/configure.in 2013-12-14 11:40:45.000000000 +0000 @@ -21,7 +21,9 @@ AC_INIT(pcap.c) AC_CANONICAL_SYSTEM AC_LBL_C_INIT_BEFORE_CC(V_CCOPT, V_INCLS) -AC_PROG_CC +AC_PROG_CC_STDC +AC_USE_SYSTEM_EXTENSIONS +AC_SYS_LARGEFILE AC_LBL_C_INIT(V_CCOPT, V_INCLS) AC_LBL_SHLIBS_INIT AC_LBL_C_INLINE Index: libpcap-1.5.2/fad-gifc.c =================================================================== --- libpcap-1.5.2.orig/fad-gifc.c 2013-11-07 23:23:22.000000000 +0000 +++ libpcap-1.5.2/fad-gifc.c 2013-12-14 11:40:45.000000000 +0000 @@ -157,7 +157,7 @@ pcap_findalldevs_interfaces(pcap_if_t ** /* * Create a socket from which to fetch the list of interfaces. */ - fd = socket(AF_INET, SOCK_DGRAM, 0); + fd = socket(AF_INET, SOCK_DGRAM|SOCK_CLOEXEC, 0); if (fd < 0) { (void)snprintf(errbuf, PCAP_ERRBUF_SIZE, "socket: %s", pcap_strerror(errno)); Index: libpcap-1.5.2/fad-glifc.c =================================================================== --- libpcap-1.5.2.orig/fad-glifc.c 2013-11-07 23:23:22.000000000 +0000 +++ libpcap-1.5.2/fad-glifc.c 2013-12-14 11:40:45.000000000 +0000 @@ -100,7 +100,7 @@ pcap_findalldevs_interfaces(pcap_if_t ** * Create a socket from which to fetch the list of interfaces, * and from which to fetch IPv4 information. */ - fd4 = socket(AF_INET, SOCK_DGRAM, 0); + fd4 = socket(AF_INET, SOCK_DGRAM|SOCK_CLOEXEC, 0); if (fd4 < 0) { (void)snprintf(errbuf, PCAP_ERRBUF_SIZE, "socket: %s", pcap_strerror(errno)); @@ -110,7 +110,7 @@ pcap_findalldevs_interfaces(pcap_if_t ** /* * Create a socket from which to fetch IPv6 information. */ - fd6 = socket(AF_INET6, SOCK_DGRAM, 0); + fd6 = socket(AF_INET6, SOCK_DGRAM|SOCK_CLOEXEC, 0); if (fd6 < 0) { (void)snprintf(errbuf, PCAP_ERRBUF_SIZE, "socket: %s", pcap_strerror(errno)); Index: libpcap-1.5.2/inet.c =================================================================== --- libpcap-1.5.2.orig/inet.c 2013-11-07 23:23:22.000000000 +0000 +++ libpcap-1.5.2/inet.c 2013-12-14 11:40:45.000000000 +0000 @@ -430,7 +430,7 @@ add_addr_to_iflist(pcap_if_t **alldevs, */ memset(&ifrdesc, 0, sizeof ifrdesc); strlcpy(ifrdesc.ifr_name, name, sizeof ifrdesc.ifr_name); - s = socket(AF_INET, SOCK_DGRAM, 0); + s = socket(AF_INET, SOCK_DGRAM|SOCK_CLOEXEC, 0); if (s >= 0) { #ifdef __FreeBSD__ /* @@ -745,7 +745,7 @@ pcap_lookupnet(device, netp, maskp, errb return 0; } - fd = socket(AF_INET, SOCK_DGRAM, 0); + fd = socket(AF_INET, SOCK_DGRAM|SOCK_CLOEXEC, 0); if (fd < 0) { (void)snprintf(errbuf, PCAP_ERRBUF_SIZE, "socket: %s", pcap_strerror(errno)); Index: libpcap-1.5.2/nametoaddr.c =================================================================== --- libpcap-1.5.2.orig/nametoaddr.c 2013-11-07 23:23:22.000000000 +0000 +++ libpcap-1.5.2/nametoaddr.c 2013-12-14 11:40:45.000000000 +0000 @@ -443,7 +443,7 @@ pcap_ether_hostton(const char *name) static int init = 0; if (!init) { - fp = fopen(PCAP_ETHERS_FILE, "r"); + fp = fopen(PCAP_ETHERS_FILE, "re"); ++init; if (fp == NULL) return (NULL); Index: libpcap-1.5.2/pcap-bt-linux.c =================================================================== --- libpcap-1.5.2.orig/pcap-bt-linux.c 2013-11-07 23:23:22.000000000 +0000 +++ libpcap-1.5.2/pcap-bt-linux.c 2013-12-14 11:40:45.000000000 +0000 @@ -85,7 +85,7 @@ bt_findalldevs(pcap_if_t **alldevsp, cha int i, sock; int ret = 0; - sock = socket(AF_BLUETOOTH, SOCK_RAW, BTPROTO_HCI); + sock = socket(AF_BLUETOOTH, SOCK_RAW|SOCK_CLOEXEC, BTPROTO_HCI); if (sock < 0) { /* if bluetooth is not supported this this is not fatal*/ @@ -218,7 +218,7 @@ bt_activate(pcap_t* handle) handlep->dev_id = dev_id; /* Create HCI socket */ - handle->fd = socket(AF_BLUETOOTH, SOCK_RAW, BTPROTO_HCI); + handle->fd = socket(AF_BLUETOOTH, SOCK_RAW|SOCK_CLOEXEC, BTPROTO_HCI); if (handle->fd < 0) { snprintf(handle->errbuf, PCAP_ERRBUF_SIZE, "Can't create raw socket: %s", strerror(errno)); @@ -322,7 +322,7 @@ bt_read_linux(pcap_t *handle, int max_pa /* ignore interrupt system call error */ do { - ret = recvmsg(handle->fd, &msg, 0); + ret = recvmsg(handle->fd, &msg, MSG_CMSG_CLOEXEC); if (handle->break_loop) { handle->break_loop = 0; Index: libpcap-1.5.2/pcap-can-linux.c =================================================================== --- libpcap-1.5.2.orig/pcap-can-linux.c 2013-11-07 23:23:22.000000000 +0000 +++ libpcap-1.5.2/pcap-can-linux.c 2013-12-14 11:40:45.000000000 +0000 @@ -161,7 +161,7 @@ can_activate(pcap_t* handle) handle->stats_op = can_stats_linux; /* Create socket */ - handle->fd = socket(PF_CAN, SOCK_RAW, CAN_RAW); + handle->fd = socket(PF_CAN, SOCK_RAW|SOCK_CLOEXEC, CAN_RAW); if (handle->fd < 0) { snprintf(handle->errbuf, PCAP_ERRBUF_SIZE, "Can't create raw socket %d:%s", @@ -235,7 +235,7 @@ can_read_linux(pcap_t *handle, int max_p do { - pkth.caplen = recvmsg(handle->fd, &msg, 0); + pkth.caplen = recvmsg(handle->fd, &msg, MSG_CMSG_CLOEXEC); if (handle->break_loop) { handle->break_loop = 0; Index: libpcap-1.5.2/pcap-canusb-linux.c =================================================================== --- libpcap-1.5.2.orig/pcap-canusb-linux.c 2013-11-07 23:23:22.000000000 +0000 +++ libpcap-1.5.2/pcap-canusb-linux.c 2013-12-14 11:40:45.000000000 +0000 @@ -36,6 +36,7 @@ #include "config.h" #endif +#include #include #include @@ -289,7 +290,7 @@ static int canusb_startcapture(struct pc { int pipefd[2]; - if (pipe(pipefd) == -1) + if (pipe2(pipefd, O_CLOEXEC) == -1) return -1; this->rdpipe = pipefd[0]; Index: libpcap-1.5.2/pcap-linux.c =================================================================== --- libpcap-1.5.2.orig/pcap-linux.c 2013-12-14 11:32:03.000000000 +0000 +++ libpcap-1.5.2/pcap-linux.c 2013-12-14 11:40:46.000000000 +0000 @@ -962,7 +962,7 @@ pcap_can_set_rfmon_linux(pcap_t *handle) * (We assume that if we have Wireless Extensions support * we also have PF_PACKET support.) */ - sock_fd = socket(PF_PACKET, SOCK_RAW, htons(ETH_P_ALL)); + sock_fd = socket(PF_PACKET, SOCK_RAW|SOCK_CLOEXEC, htons(ETH_P_ALL)); if (sock_fd == -1) { (void)snprintf(handle->errbuf, PCAP_ERRBUF_SIZE, "socket: %s", pcap_strerror(errno)); @@ -1539,7 +1539,7 @@ pcap_read_packet(pcap_t *handle, pcap_ha } #if defined(HAVE_PACKET_AUXDATA) && defined(HAVE_LINUX_TPACKET_AUXDATA_TP_VLAN_TCI) - packet_len = recvmsg(handle->fd, &msg, MSG_TRUNC); + packet_len = recvmsg(handle->fd, &msg, MSG_TRUNC|MSG_CMSG_CLOEXEC); #else /* defined(HAVE_PACKET_AUXDATA) && defined(HAVE_LINUX_TPACKET_AUXDATA_TP_VLAN_TCI) */ fromlen = sizeof(from); packet_len = recvfrom( @@ -2030,7 +2030,7 @@ scan_sys_class_net(pcap_if_t **devlistp, /* * Create a socket from which to fetch interface information. */ - fd = socket(AF_INET, SOCK_DGRAM, 0); + fd = socket(AF_INET, SOCK_DGRAM|SOCK_CLOEXEC, 0); if (fd < 0) { (void)snprintf(errbuf, PCAP_ERRBUF_SIZE, "socket: %s", pcap_strerror(errno)); @@ -2207,7 +2207,7 @@ scan_proc_net_dev(pcap_if_t **devlistp, /* * Create a socket from which to fetch interface information. */ - fd = socket(AF_INET, SOCK_DGRAM, 0); + fd = socket(AF_INET, SOCK_DGRAM|SOCK_CLOEXEC, 0); if (fd < 0) { (void)snprintf(errbuf, PCAP_ERRBUF_SIZE, "socket: %s", pcap_strerror(errno)); @@ -3030,8 +3030,8 @@ activate_new(pcap_t *handle) * try a SOCK_RAW socket for the raw interface. */ sock_fd = is_any_device ? - socket(PF_PACKET, SOCK_DGRAM, htons(ETH_P_ALL)) : - socket(PF_PACKET, SOCK_RAW, htons(ETH_P_ALL)); + socket(PF_PACKET, SOCK_DGRAM|SOCK_CLOEXEC, htons(ETH_P_ALL)) : + socket(PF_PACKET, SOCK_RAW|SOCK_CLOEXEC, htons(ETH_P_ALL)); if (sock_fd == -1) { if (errno == EINVAL || errno == EAFNOSUPPORT) { @@ -3147,7 +3147,7 @@ activate_new(pcap_t *handle) "close: %s", pcap_strerror(errno)); return PCAP_ERROR; } - sock_fd = socket(PF_PACKET, SOCK_DGRAM, + sock_fd = socket(PF_PACKET, SOCK_DGRAM|SOCK_CLOEXEC, htons(ETH_P_ALL)); if (sock_fd == -1) { snprintf(handle->errbuf, PCAP_ERRBUF_SIZE, @@ -5465,7 +5465,7 @@ activate_old(pcap_t *handle) /* Open the socket */ - handle->fd = socket(PF_INET, SOCK_PACKET, htons(ETH_P_ALL)); + handle->fd = socket(PF_INET, SOCK_PACKET|SOCK_CLOEXEC, htons(ETH_P_ALL)); if (handle->fd == -1) { snprintf(handle->errbuf, PCAP_ERRBUF_SIZE, "socket: %s", pcap_strerror(errno)); Index: libpcap-1.5.2/pcap-netfilter-linux.c =================================================================== --- libpcap-1.5.2.orig/pcap-netfilter-linux.c 2013-11-07 23:23:22.000000000 +0000 +++ libpcap-1.5.2/pcap-netfilter-linux.c 2013-12-14 11:40:46.000000000 +0000 @@ -487,7 +487,7 @@ netfilter_activate(pcap_t* handle) handle->stats_op = netfilter_stats_linux; /* Create netlink socket */ - handle->fd = socket(AF_NETLINK, SOCK_RAW, NETLINK_NETFILTER); + handle->fd = socket(AF_NETLINK, SOCK_RAW|SOCK_CLOEXEC, NETLINK_NETFILTER); if (handle->fd < 0) { snprintf(handle->errbuf, PCAP_ERRBUF_SIZE, "Can't create raw socket %d:%s", errno, pcap_strerror(errno)); return PCAP_ERROR; @@ -634,7 +634,7 @@ netfilter_findalldevs(pcap_if_t **alldev { int sock; - sock = socket(AF_NETLINK, SOCK_RAW, NETLINK_NETFILTER); + sock = socket(AF_NETLINK, SOCK_RAW|SOCK_CLOEXEC, NETLINK_NETFILTER); if (sock < 0) { /* if netlink is not supported this is not fatal */ if (errno == EAFNOSUPPORT || errno == EPROTONOSUPPORT) Index: libpcap-1.5.2/pcap-nit.c =================================================================== --- libpcap-1.5.2.orig/pcap-nit.c 2013-11-07 23:23:22.000000000 +0000 +++ libpcap-1.5.2/pcap-nit.c 2013-12-14 11:40:46.000000000 +0000 @@ -282,7 +282,7 @@ pcap_activate_nit(pcap_t *p) p->snapshot = 96; memset(p, 0, sizeof(*p)); - p->fd = fd = socket(AF_NIT, SOCK_RAW, NITPROTO_RAW); + p->fd = fd = socket(AF_NIT, SOCK_RAW|SOCK_CLOEXEC, NITPROTO_RAW); if (fd < 0) { snprintf(p->errbuf, PCAP_ERRBUF_SIZE, "socket: %s", pcap_strerror(errno)); Index: libpcap-1.5.2/pcap-sita.c =================================================================== --- libpcap-1.5.2.orig/pcap-sita.c 2013-11-07 23:23:22.000000000 +0000 +++ libpcap-1.5.2/pcap-sita.c 2013-12-14 11:40:46.000000000 +0000 @@ -326,7 +326,7 @@ static int open_with_IOP(unit_t *u, int u->serv_addr->sin_addr.s_addr = inet_addr(ip); u->serv_addr->sin_port = htons(IOP_SNIFFER_PORT); - if ((sockfd = socket(AF_INET, SOCK_STREAM, 0)) < 0) { + if ((sockfd = socket(AF_INET, SOCK_STREAM|SOCK_CLOEXEC, 0)) < 0) { fprintf(stderr, "pcap can't open a socket for connecting to IOP at %s\n", ip); return 0; } Index: libpcap-1.5.2/pcap-snit.c =================================================================== --- libpcap-1.5.2.orig/pcap-snit.c 2013-11-07 23:23:22.000000000 +0000 +++ libpcap-1.5.2/pcap-snit.c 2013-12-14 11:40:46.000000000 +0000 @@ -321,9 +321,9 @@ pcap_activate_snit(pcap_t *p) * the device in question) can be indicated at open * time. */ - p->fd = fd = open(dev, O_RDWR); + p->fd = fd = open(dev, O_RDWR|O_CLOEXEC); if (fd < 0 && errno == EACCES) - p->fd = fd = open(dev, O_RDONLY); + p->fd = fd = open(dev, O_RDONLY|O_CLOEXEC); if (fd < 0) { snprintf(p->errbuf, PCAP_ERRBUF_SIZE, "%s: %s", dev, pcap_strerror(errno)); Index: libpcap-1.5.2/pcap-snoop.c =================================================================== --- libpcap-1.5.2.orig/pcap-snoop.c 2013-11-07 23:23:22.000000000 +0000 +++ libpcap-1.5.2/pcap-snoop.c 2013-12-14 11:40:46.000000000 +0000 @@ -214,7 +214,7 @@ pcap_activate_snoop(pcap_t *p) int snooplen; struct ifreq ifr; - fd = socket(PF_RAW, SOCK_RAW, RAWPROTO_SNOOP); + fd = socket(PF_RAW, SOCK_RAW|SOCK_CLOEXEC, RAWPROTO_SNOOP); if (fd < 0) { snprintf(p->errbuf, PCAP_ERRBUF_SIZE, "snoop socket: %s", pcap_strerror(errno)); Index: libpcap-1.5.2/pcap-usb-linux.c =================================================================== --- libpcap-1.5.2.orig/pcap-usb-linux.c 2013-11-07 23:23:22.000000000 +0000 +++ libpcap-1.5.2/pcap-usb-linux.c 2013-12-14 11:43:09.000000000 +0000 @@ -263,7 +263,7 @@ probe_devices(int bus) snprintf(buf, sizeof(buf), "/dev/bus/usb/%03d/%s", bus, data->d_name); - fd = open(buf, O_RDWR); + fd = open(buf, O_RDWR|O_CLOEXEC); if (fd == -1) continue; @@ -365,7 +365,7 @@ usb_activate(pcap_t* handle) /*now select the read method: try to open binary interface */ snprintf(full_path, USB_LINE_LEN, LINUX_USB_MON_DEV"%d", handlep->bus_index); - handle->fd = open(full_path, O_RDONLY, 0); + handle->fd = open(full_path, O_RDONLY|O_CLOEXEC, 0); if (handle->fd >= 0) { if (handle->opt.rfmon) { @@ -400,7 +400,7 @@ usb_activate(pcap_t* handle) else { /*Binary interface not available, try open text interface */ snprintf(full_path, USB_LINE_LEN, USB_TEXT_DIR"/%dt", handlep->bus_index); - handle->fd = open(full_path, O_RDONLY, 0); + handle->fd = open(full_path, O_RDONLY|O_CLOEXEC, 0); if (handle->fd < 0) { if (errno == ENOENT) @@ -410,7 +410,7 @@ usb_activate(pcap_t* handle) * the old location. */ snprintf(full_path, USB_LINE_LEN, USB_TEXT_DIR_OLD"/%dt", handlep->bus_index); - handle->fd = open(full_path, O_RDONLY, 0); + handle->fd = open(full_path, O_RDONLY|O_CLOEXEC, 0); } if (handle->fd < 0) { /* no more fallback, give it up*/ @@ -678,7 +678,7 @@ usb_stats_linux(pcap_t *handle, struct p int fd; snprintf(string, USB_LINE_LEN, USB_TEXT_DIR"/%ds", handlep->bus_index); - fd = open(string, O_RDONLY, 0); + fd = open(string, O_RDONLY|O_CLOEXEC, 0); if (fd < 0) { if (errno == ENOENT) @@ -688,7 +688,7 @@ usb_stats_linux(pcap_t *handle, struct p * location. */ snprintf(string, USB_LINE_LEN, USB_TEXT_DIR_OLD"/%ds", handlep->bus_index); - fd = open(string, O_RDONLY, 0); + fd = open(string, O_RDONLY|O_CLOEXEC, 0); } if (fd < 0) { snprintf(handle->errbuf, PCAP_ERRBUF_SIZE, Index: libpcap-1.5.2/savefile.c =================================================================== --- libpcap-1.5.2.orig/savefile.c 2013-11-07 23:23:22.000000000 +0000 +++ libpcap-1.5.2/savefile.c 2013-12-14 11:40:46.000000000 +0000 @@ -190,7 +190,7 @@ pcap_open_offline_with_tstamp_precision( } else { #if !defined(WIN32) && !defined(MSDOS) - fp = fopen(fname, "r"); + fp = fopen(fname, "re"); #else fp = fopen(fname, "rb"); #endif Index: libpcap-1.5.2/sf-pcap.c =================================================================== --- libpcap-1.5.2.orig/sf-pcap.c 2013-11-07 23:23:22.000000000 +0000 +++ libpcap-1.5.2/sf-pcap.c 2013-12-14 11:40:46.000000000 +0000 @@ -679,7 +679,7 @@ pcap_dump_open(pcap_t *p, const char *fn fname = "standard output"; } else { #if !defined(WIN32) && !defined(MSDOS) - f = fopen(fname, "w"); + f = fopen(fname, "we"); #else f = fopen(fname, "wb"); #endif