From 60bce378cfa29463f57756fc724d1572747f4fc5 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Maciej=20=C5=BBenczykowski?= <maze@google.com>
Date: Tue, 9 Apr 2019 01:58:52 -0700
Subject: Fix some clatd cloexec and file descriptor leaking via missing
 close()
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Not terribly important since clatd doesn't exec anything,
but was muddying the waters while I was searching for other
fd-survives-across-exec leakage in netd.  While at it also
fix another leaked fd which we forgot to close().

Test: builds and boots

Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: Iceb7d4052dc9be29db5c7bb3fe2ee27da7864379
---
 clatd.c  | 2 +-
 config.c | 2 +-
 mtu.c    | 5 ++++-
 ring.c   | 2 +-
 4 files changed, 7 insertions(+), 4 deletions(-)

diff --git a/clatd.c b/clatd.c
index 94a0f06..06ca799 100644
--- a/clatd.c
+++ b/clatd.c
@@ -231,7 +231,7 @@ void drop_root_but_keep_caps() {
  *   mark - the socket mark to use for the sending raw socket
  */
 void open_sockets(struct tun_data *tunnel, uint32_t mark) {
-  int rawsock = socket(AF_INET6, SOCK_RAW | SOCK_NONBLOCK, IPPROTO_RAW);
+  int rawsock = socket(AF_INET6, SOCK_RAW | SOCK_NONBLOCK | SOCK_CLOEXEC, IPPROTO_RAW);
   if (rawsock < 0) {
     logmsg(ANDROID_LOG_FATAL, "raw socket failed: %s", strerror(errno));
     exit(1);
diff --git a/config.c b/config.c
index 5a9d599..f84a61f 100644
--- a/config.c
+++ b/config.c
@@ -227,7 +227,7 @@ void gen_random_iid(struct in6_addr *myaddr, struct in_addr *ipv4_local_subnet,
 
 // Factored out to a separate function for testability.
 int connect_is_ipv4_address_free(in_addr_t addr) {
-  int s = socket(AF_INET, SOCK_DGRAM, 0);
+  int s = socket(AF_INET, SOCK_DGRAM | SOCK_CLOEXEC, 0);
   if (s == -1) {
     return 0;
   }
diff --git a/mtu.c b/mtu.c
index 567d177..472bd4e 100644
--- a/mtu.c
+++ b/mtu.c
@@ -22,6 +22,7 @@
 #include <sys/ioctl.h>
 #include <sys/socket.h>
 #include <sys/types.h>
+#include <unistd.h>
 
 #include "mtu.h"
 
@@ -33,14 +34,16 @@ int getifmtu(const char *ifname) {
   int fd;
   struct ifreq if_mtu;
 
-  fd = socket(AF_INET, SOCK_STREAM, 0);
+  fd = socket(AF_INET, SOCK_STREAM | SOCK_CLOEXEC, 0);
   if (fd < 0) {
     return -1;
   }
   strncpy(if_mtu.ifr_name, ifname, IFNAMSIZ);
   if_mtu.ifr_name[IFNAMSIZ - 1] = '\0';
   if (ioctl(fd, SIOCGIFMTU, &if_mtu) < 0) {
+    close(fd);
     return -1;
   }
+  close(fd);
   return if_mtu.ifr_mtu;
 }
diff --git a/ring.c b/ring.c
index 61d40d2..e836a55 100644
--- a/ring.c
+++ b/ring.c
@@ -30,7 +30,7 @@
 #include "tun.h"
 
 int ring_create(struct tun_data *tunnel) {
-  int packetsock = socket(AF_PACKET, SOCK_DGRAM, htons(ETH_P_IPV6));
+  int packetsock = socket(AF_PACKET, SOCK_DGRAM | SOCK_CLOEXEC, htons(ETH_P_IPV6));
   if (packetsock < 0) {
     logmsg(ANDROID_LOG_FATAL, "packet socket failed: %s", strerror(errno));
     return -1;
-- 
cgit v1.2.3