From 0b67160b088dc5291e48f78338a5defc44499f0d Mon Sep 17 00:00:00 2001
From: dtucker <dtucker>
Date: Fri, 8 Jan 2010 06:07:22 +0000
Subject:    - dtucker@cvs.openbsd.org 2009/11/10 04:30:45      [sshconnect2.c
 channels.c sshconnect.c]      Set close-on-exec on various descriptors so
 they don't get leaked to      child processes.  bz #1643, patch from jchadima
 at redhat, ok deraadt.

---
 channels.c | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

(limited to 'channels.c')

diff --git a/channels.c b/channels.c
index 884c14c9..eb0c61d8 100644
--- a/channels.c
+++ b/channels.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: channels.c,v 1.297 2009/10/28 16:38:18 reyk Exp $ */
+/* $OpenBSD: channels.c,v 1.298 2009/11/10 04:30:44 dtucker Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -53,6 +53,7 @@
 #include <arpa/inet.h>
 
 #include <errno.h>
+#include <fcntl.h>
 #include <netdb.h>
 #include <stdio.h>
 #include <stdlib.h>
@@ -231,7 +232,12 @@ channel_register_fds(Channel *c, int rfd, int wfd, int efd,
 	channel_max_fd = MAX(channel_max_fd, wfd);
 	channel_max_fd = MAX(channel_max_fd, efd);
 
-	/* XXX set close-on-exec -markus */
+	if (rfd != -1)
+		fcntl(rfd, F_SETFD, FD_CLOEXEC);
+	if (wfd != -1 && wfd != rfd)
+		fcntl(wfd, F_SETFD, FD_CLOEXEC);
+	if (efd != -1 && efd != rfd && efd != wfd)
+		fcntl(efd, F_SETFD, FD_CLOEXEC);
 
 	c->rfd = rfd;
 	c->wfd = wfd;
-- 
cgit v1.2.1