diff options
author | Maciej Żenczykowski <maze@google.com> | 2019-04-09 01:58:52 -0700 |
---|---|---|
committer | Maciej Żenczykowski <maze@google.com> | 2019-04-10 01:17:47 -0700 |
commit | 60bce378cfa29463f57756fc724d1572747f4fc5 (patch) | |
tree | d326aaffc6a78cbff16b31e55deab37a1caf57ca | |
parent | 4e1601e533b4b34d38e4eed229180257a385181b (diff) | |
download | platform_external_android-clat-android-q-preview-6.tar.gz platform_external_android-clat-android-q-preview-6.tar.bz2 platform_external_android-clat-android-q-preview-6.zip |
Fix some clatd cloexec and file descriptor leaking via missing close()android-q-preview-6android-q-preview-5android-q-preview-4android-q-preview-2.5
Not terribly important since clatd doesn't exec anything,
but was muddying the waters while I was searching for other
fd-survives-across-exec leakage in netd. While at it also
fix another leaked fd which we forgot to close().
Test: builds and boots
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: Iceb7d4052dc9be29db5c7bb3fe2ee27da7864379
-rw-r--r-- | clatd.c | 2 | ||||
-rw-r--r-- | config.c | 2 | ||||
-rw-r--r-- | mtu.c | 5 | ||||
-rw-r--r-- | ring.c | 2 |
4 files changed, 7 insertions, 4 deletions
@@ -231,7 +231,7 @@ void drop_root_but_keep_caps() { * mark - the socket mark to use for the sending raw socket */ void open_sockets(struct tun_data *tunnel, uint32_t mark) { - int rawsock = socket(AF_INET6, SOCK_RAW | SOCK_NONBLOCK, IPPROTO_RAW); + int rawsock = socket(AF_INET6, SOCK_RAW | SOCK_NONBLOCK | SOCK_CLOEXEC, IPPROTO_RAW); if (rawsock < 0) { logmsg(ANDROID_LOG_FATAL, "raw socket failed: %s", strerror(errno)); exit(1); @@ -227,7 +227,7 @@ void gen_random_iid(struct in6_addr *myaddr, struct in_addr *ipv4_local_subnet, // Factored out to a separate function for testability. int connect_is_ipv4_address_free(in_addr_t addr) { - int s = socket(AF_INET, SOCK_DGRAM, 0); + int s = socket(AF_INET, SOCK_DGRAM | SOCK_CLOEXEC, 0); if (s == -1) { return 0; } @@ -22,6 +22,7 @@ #include <sys/ioctl.h> #include <sys/socket.h> #include <sys/types.h> +#include <unistd.h> #include "mtu.h" @@ -33,14 +34,16 @@ int getifmtu(const char *ifname) { int fd; struct ifreq if_mtu; - fd = socket(AF_INET, SOCK_STREAM, 0); + fd = socket(AF_INET, SOCK_STREAM | SOCK_CLOEXEC, 0); if (fd < 0) { return -1; } strncpy(if_mtu.ifr_name, ifname, IFNAMSIZ); if_mtu.ifr_name[IFNAMSIZ - 1] = '\0'; if (ioctl(fd, SIOCGIFMTU, &if_mtu) < 0) { + close(fd); return -1; } + close(fd); return if_mtu.ifr_mtu; } @@ -30,7 +30,7 @@ #include "tun.h" int ring_create(struct tun_data *tunnel) { - int packetsock = socket(AF_PACKET, SOCK_DGRAM, htons(ETH_P_IPV6)); + int packetsock = socket(AF_PACKET, SOCK_DGRAM | SOCK_CLOEXEC, htons(ETH_P_IPV6)); if (packetsock < 0) { logmsg(ANDROID_LOG_FATAL, "packet socket failed: %s", strerror(errno)); return -1; |