Alexandre Julliard : secur32: Avoid the close-on-exec race with pipe() on kernels that support pipe2(). - wine-commits

1 Jul 2009

Module: wine
Branch: master
Commit: a6b05ea96c2ed3ea18eb82e2c871933f578b9c16
URL:    http://source.winehq.org/git/wine.git/?a=commit;h=a6b05ea96c2ed3ea18eb82e2c8...
Author: Alexandre Julliard julliard@winehq.org
Date:   Wed Jul  1 12:14:08 2009 +0200
secur32: Avoid the close-on-exec race with pipe() on kernels that support pipe2().
---
dlls/secur32/dispatcher.c |   30 +++++++++++++++++++-----------
 1 files changed, 19 insertions(+), 11 deletions(-)

diff --git a/dlls/secur32/dispatcher.c b/dlls/secur32/dispatcher.c
index 91f425c..666baea 100644
--- a/dlls/secur32/dispatcher.c
+++ b/dlls/secur32/dispatcher.c
@@ -19,6 +19,7 @@
  */
#include "config.h"
+#include "wine/port.h"
 #include <stdarg.h>
 #include <stdio.h>
 #ifdef HAVE_UNISTD_H
@@ -57,16 +58,28 @@ SECURITY_STATUS fork_helper(PNegoHelper *new_helper, const char *prog,
     }
     TRACE("\n");
-    if( pipe(pipe_in) < 0 )
+#ifdef HAVE_PIPE2
+    if (pipe2( pipe_in, O_CLOEXEC ) < 0 )
+#endif
     {
-        return SEC_E_INTERNAL_ERROR;
+        if( pipe(pipe_in) < 0 ) return SEC_E_INTERNAL_ERROR;
+        fcntl( pipe_in[0], F_SETFD, FD_CLOEXEC );
+        fcntl( pipe_in[1], F_SETFD, FD_CLOEXEC );
     }
-    if( pipe(pipe_out) < 0 )
+#ifdef HAVE_PIPE2
+    if (pipe2( pipe_out, O_CLOEXEC ) < 0 )
+#endif
     {
-        close(pipe_in[0]);
-        close(pipe_in[1]);
-        return SEC_E_INTERNAL_ERROR;
+        if( pipe(pipe_out) < 0 )
+        {
+            close(pipe_in[0]);
+            close(pipe_in[1]);
+            return SEC_E_INTERNAL_ERROR;
+        }
+        fcntl( pipe_out[0], F_SETFD, FD_CLOEXEC );
+        fcntl( pipe_out[1], F_SETFD, FD_CLOEXEC );
     }
+
     if (!(helper = HeapAlloc(GetProcessHeap(),0, sizeof(NegoHelper))))
     {
         close(pipe_in[0]);
@@ -91,9 +104,6 @@ SECURITY_STATUS fork_helper(PNegoHelper *new_helper, const char *prog,
     if(helper->helper_pid == 0)
     {
         /* We're in the child now */
-        close(0);
-        close(1);
-
         dup2(pipe_out[0], 0);
         close(pipe_out[0]);
         close(pipe_out[1]);
@@ -125,10 +135,8 @@ SECURITY_STATUS fork_helper(PNegoHelper *new_helper, const char *prog,
         helper->crypt.ntlm2.recv_sign_key = NULL;
         helper->crypt.ntlm2.recv_seal_key = NULL;
         helper->pipe_in = pipe_in[0];
-        fcntl( pipe_in[0], F_SETFD, 1 );
         close(pipe_in[1]);
         helper->pipe_out = pipe_out[1];
-        fcntl( pipe_out[1], F_SETFD, 1 );
         close(pipe_out[0]);
     }

    