[Fix] Set CLOEXEC flag on files opened

8 years ago · d0a8583ef8
2 changed files with 27 additions and 5 deletions
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@ -1001,6 +1001,7 @@ CHECK_SYMBOL_EXISTS(SOCK_SEQPACKET "sys/types.h;sys/socket.h" HAVE_SOCK_SEQPACKE
 CHECK_SYMBOL_EXISTS(I_SETSIG "sys/types.h;sys/ioctl.h" HAVE_SETSIG)
 CHECK_SYMBOL_EXISTS(O_ASYNC "sys/types.h;sys/fcntl.h" HAVE_OASYNC)
 CHECK_SYMBOL_EXISTS(O_NOFOLLOW "sys/types.h;sys/fcntl.h" HAVE_ONOFOLLOW)
+CHECK_SYMBOL_EXISTS(O_CLOEXEC "sys/types.h;sys/fcntl.h" HAVE_OCLOEXEC)
 LIST(APPEND CMAKE_REQUIRED_INCLUDES "${LIBSSL_INCLUDE}")
 CHECK_SYMBOL_EXISTS(SSL_set_tlsext_host_name "openssl/ssl.h" HAVE_SSL_TLSEXT_HOSTNAME)
 CHECK_SYMBOL_EXISTS(dirfd "sys/types.h;unistd.h;dirent.h" HAVE_DIRFD)
--- a/src/libutil/util.c
+++ b/src/libutil/util.c
@ -2422,7 +2422,7 @@ rspamd_file_xopen (const char *fname, int oflags, guint mode,
 		gboolean allow_symlink)
 {
 	struct stat sb;
-	int fd;
+	int fd, flags = oflags;

 	if (lstat (fname, &sb) == -1) {

@ -2431,18 +2431,39 @@ rspamd_file_xopen (const char *fname, int oflags, guint mode,
 		}
 	}
 	else if (!S_ISREG (sb.st_mode)) {
-		return -1;
+		if (S_ISLNK (sb.st_mode)) {
+			if (!allow_symlink) {
+				return -1;
+			}
+		}
+		else {
+			return -1;
+		}
 	}

+#ifdef HAVE_OCLOEXEC
+	flags |= O_CLOEXEC;
+#endif
+
 #ifdef HAVE_ONOFOLLOW
 	if (!allow_symlink) {
-		fd = open (fname, oflags | O_NOFOLLOW, mode);
+		flags |= O_NOFOLLOW;
+		fd = open (fname, flags, mode);
 	}
 	else {
-		fd = open (fname, oflags, mode);
+		fd = open (fname, flags, mode);
 	}
 #else
-	fd = open (fname, oflags, mode);
+	fd = open (fname, flags, mode);
+#endif
+
+#ifndef HAVE_OCLOEXEC
+	if (fcntl (fd, F_SETFD, FD_CLOEXEC) == -1) {
+		msg_warn ("fcntl failed: %d, '%s'", errno, strerror (errno));
+		close (fd);
+
+		return -1;
+	}
 #endif

 	return (fd);