Commit a6b05ea9 authored by Alexandre Julliard's avatar Alexandre Julliard

secur32: Avoid the close-on-exec race with pipe() on kernels that support pipe2().

parent 887af612
...@@ -19,6 +19,7 @@ ...@@ -19,6 +19,7 @@
*/ */
#include "config.h" #include "config.h"
#include "wine/port.h"
#include <stdarg.h> #include <stdarg.h>
#include <stdio.h> #include <stdio.h>
#ifdef HAVE_UNISTD_H #ifdef HAVE_UNISTD_H
...@@ -57,16 +58,28 @@ SECURITY_STATUS fork_helper(PNegoHelper *new_helper, const char *prog, ...@@ -57,16 +58,28 @@ SECURITY_STATUS fork_helper(PNegoHelper *new_helper, const char *prog,
} }
TRACE("\n"); TRACE("\n");
if( pipe(pipe_in) < 0 ) #ifdef HAVE_PIPE2
if (pipe2( pipe_in, O_CLOEXEC ) < 0 )
#endif
{ {
return SEC_E_INTERNAL_ERROR; if( pipe(pipe_in) < 0 ) return SEC_E_INTERNAL_ERROR;
fcntl( pipe_in[0], F_SETFD, FD_CLOEXEC );
fcntl( pipe_in[1], F_SETFD, FD_CLOEXEC );
} }
#ifdef HAVE_PIPE2
if (pipe2( pipe_out, O_CLOEXEC ) < 0 )
#endif
{
if( pipe(pipe_out) < 0 ) if( pipe(pipe_out) < 0 )
{ {
close(pipe_in[0]); close(pipe_in[0]);
close(pipe_in[1]); close(pipe_in[1]);
return SEC_E_INTERNAL_ERROR; return SEC_E_INTERNAL_ERROR;
} }
fcntl( pipe_out[0], F_SETFD, FD_CLOEXEC );
fcntl( pipe_out[1], F_SETFD, FD_CLOEXEC );
}
if (!(helper = HeapAlloc(GetProcessHeap(),0, sizeof(NegoHelper)))) if (!(helper = HeapAlloc(GetProcessHeap(),0, sizeof(NegoHelper))))
{ {
close(pipe_in[0]); close(pipe_in[0]);
...@@ -91,9 +104,6 @@ SECURITY_STATUS fork_helper(PNegoHelper *new_helper, const char *prog, ...@@ -91,9 +104,6 @@ SECURITY_STATUS fork_helper(PNegoHelper *new_helper, const char *prog,
if(helper->helper_pid == 0) if(helper->helper_pid == 0)
{ {
/* We're in the child now */ /* We're in the child now */
close(0);
close(1);
dup2(pipe_out[0], 0); dup2(pipe_out[0], 0);
close(pipe_out[0]); close(pipe_out[0]);
close(pipe_out[1]); close(pipe_out[1]);
...@@ -125,10 +135,8 @@ SECURITY_STATUS fork_helper(PNegoHelper *new_helper, const char *prog, ...@@ -125,10 +135,8 @@ SECURITY_STATUS fork_helper(PNegoHelper *new_helper, const char *prog,
helper->crypt.ntlm2.recv_sign_key = NULL; helper->crypt.ntlm2.recv_sign_key = NULL;
helper->crypt.ntlm2.recv_seal_key = NULL; helper->crypt.ntlm2.recv_seal_key = NULL;
helper->pipe_in = pipe_in[0]; helper->pipe_in = pipe_in[0];
fcntl( pipe_in[0], F_SETFD, 1 );
close(pipe_in[1]); close(pipe_in[1]);
helper->pipe_out = pipe_out[1]; helper->pipe_out = pipe_out[1];
fcntl( pipe_out[1], F_SETFD, 1 );
close(pipe_out[0]); close(pipe_out[0]);
} }
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment