curl/libcurl-ocloexec.patch

Open library file descriptors with O_CLOEXEC
This patch is non-portable, it needs linux 2.6.23 and glibc 2.7
or later, different combinations (old linux, new glibc and vice-versa)
will result in a crash.

To make it portable you have to test O_CLOEXEC support at *runtime*
compile time is not enough.


Index: lib/cookie.c
===================================================================
--- lib/cookie.c.orig	2015-04-22 10:05:04.652863265 +0200
+++ lib/cookie.c	2015-04-22 10:05:08.225915413 +0200
@@ -914,7 +914,7 @@ struct CookieInfo *Curl_cookie_init(stru
     fp = NULL;
   }
   else
-    fp = file?fopen(file, "r"):NULL;
+    fp = file?fopen(file, "re"):NULL;
 
   c->newsession = newsession; /* new session? */
 
@@ -1262,7 +1262,7 @@ static int cookie_output(struct CookieIn
     use_stdout=TRUE;
   }
   else {
-    out = fopen(dumphere, "w");
+    out = fopen(dumphere, "we");
     if(!out)
       return 1; /* failure */
   }
Index: lib/file.c
===================================================================
--- lib/file.c.orig	2015-04-22 10:05:04.652863265 +0200
+++ lib/file.c	2015-04-22 10:05:08.226915427 +0200
@@ -238,7 +238,7 @@ static CURLcode file_connect(struct conn
     /* binary zeroes indicate foul play */
     return CURLE_URL_MALFORMAT;
 
-  fd = open_readonly(real_path, O_RDONLY);
+  fd = open_readonly(real_path, O_RDONLY|O_CLOEXEC);
   file->path = real_path;
 #endif
   file->freepath = real_path; /* free this when done */
@@ -336,7 +336,7 @@ static CURLcode file_upload(struct conne
   else
     mode = MODE_DEFAULT|O_TRUNC;
 
-  fd = open(file->path, mode, conn->data->set.new_file_perms);
+  fd = open(file->path, mode | O_CLOEXEC, conn->data->set.new_file_perms);
   if(fd < 0) {
     failf(data, "Can't open %s for writing", file->path);
     return CURLE_WRITE_ERROR;
Index: lib/formdata.c
===================================================================
--- lib/formdata.c.orig	2015-04-22 10:05:04.652863265 +0200
+++ lib/formdata.c	2015-04-22 10:05:08.226915427 +0200
@@ -1256,7 +1256,7 @@ CURLcode Curl_getformdata(struct Session
         FILE *fileread;
 
         fileread = strequal("-", file->contents)?
-          stdin:fopen(file->contents, "rb"); /* binary read for win32  */
+          stdin:fopen(file->contents, "rbe"); /* binary read for win32  */
 
         /*
          * VMS: This only allows for stream files on VMS.  Stream files are
@@ -1415,7 +1415,7 @@ static size_t readfromfile(struct Form *
   else {
     if(!form->fp) {
       /* this file hasn't yet been opened */
-      form->fp = fopen_read(form->data->line, "rb"); /* b is for binary */
+      form->fp = fopen_read(form->data->line, "rbe"); /* b is for binary */
       if(!form->fp)
         return (size_t)-1; /* failure */
     }
Index: lib/hostip6.c
===================================================================
--- lib/hostip6.c.orig	2015-04-22 10:05:04.652863265 +0200
+++ lib/hostip6.c	2015-04-22 10:05:08.226915427 +0200
@@ -39,7 +39,7 @@
 #ifdef HAVE_PROCESS_H
 #include <process.h>
 #endif
-
+#include <fcntl.h>
 #include "urldata.h"
 #include "sendf.h"
 #include "hostip.h"
@@ -104,7 +104,7 @@ bool Curl_ipv6works(void)
   static int ipv6_works = -1;
   if(-1 == ipv6_works) {
     /* probe to see if we have a working IPv6 stack */
-    curl_socket_t s = socket(PF_INET6, SOCK_DGRAM, 0);
+    curl_socket_t s = socket(PF_INET6, SOCK_DGRAM | SOCK_CLOEXEC, 0);
     if(s == CURL_SOCKET_BAD)
       /* an IPv6 address was requested but we can't get/use one */
       ipv6_works = 0;
Index: lib/if2ip.c
===================================================================
--- lib/if2ip.c.orig	2015-04-22 10:05:04.652863265 +0200
+++ lib/if2ip.c	2015-04-22 10:05:08.227915442 +0200
@@ -222,7 +222,7 @@ if2ip_result_t Curl_if2ip(int af, unsign
   if(len >= sizeof(req.ifr_name))
     return IF2IP_NOT_FOUND;
 
-  dummy = socket(AF_INET, SOCK_STREAM, 0);
+  dummy = socket(AF_INET, SOCK_STREAM | SOCK_CLOEXEC, 0);
   if(CURL_SOCKET_BAD == dummy)
     return IF2IP_NOT_FOUND;
 
Index: lib/netrc.c
===================================================================
--- lib/netrc.c.orig	2015-04-22 10:05:04.652863265 +0200
+++ lib/netrc.c	2015-04-22 10:05:08.227915442 +0200
@@ -109,7 +109,7 @@ int Curl_parsenetrc(const char *host,
     netrc_alloc = TRUE;
   }
 
-  file = fopen(netrcfile, "r");
+  file = fopen(netrcfile, "re");
   if(netrc_alloc)
     free(netrcfile);
   if(file) {
Index: lib/connect.c
===================================================================
--- lib/connect.c.orig	2015-04-22 10:05:04.652863265 +0200
+++ lib/connect.c	2015-04-22 10:05:08.227915442 +0200
@@ -1334,7 +1334,7 @@ CURLcode Curl_socket(struct connectdata
                                     (struct curl_sockaddr *)addr);
   else
     /* opensocket callback not set, so simply create the socket now */
-    *sockfd = socket(addr->family, addr->socktype, addr->protocol);
+    *sockfd = socket(addr->family, addr->socktype | SOCK_CLOEXEC, addr->protocol);
 
   if(*sockfd == CURL_SOCKET_BAD)
     /* no socket, no connection */
Index: configure.ac
===================================================================
--- configure.ac.orig	2015-04-22 10:05:04.652863265 +0200
+++ configure.ac	2015-04-22 10:05:08.228915457 +0200
@@ -182,6 +182,7 @@ AC_CANONICAL_HOST
 dnl Get system canonical name
 AC_DEFINE_UNQUOTED(OS, "${host}", [cpu-machine-OS])
 
+AC_USE_SYSTEM_EXTENSIONS
 dnl Checks for programs.
 
 dnl Our curl_off_t internal and external configure settings
@@ -194,6 +195,7 @@ dnl Our configure and build reentrant se
 CURL_CONFIGURE_THREAD_SAFE
 CURL_CONFIGURE_REENTRANT
 
+
 dnl check for how to do large files
 AC_SYS_LARGEFILE