add CLOEXEC to various DNS related code
Occasionally file descriptors seem to be leaking across execs
from DNS related calls. Set close-on-execute for the various
sockets / file to prevent file descriptor leakage.
Change-Id: I4724b47bc7236f40c29518a6075598a9bba48b0a
diff --git a/libc/dns/gethnamaddr.c b/libc/dns/gethnamaddr.c
index 1afad6d..6f30f75 100644
--- a/libc/dns/gethnamaddr.c
+++ b/libc/dns/gethnamaddr.c
@@ -539,7 +539,7 @@
const int one = 1;
struct sockaddr_un proxy_addr;
- sock = socket(AF_UNIX, SOCK_STREAM, 0);
+ sock = socket(AF_UNIX, SOCK_STREAM | SOCK_CLOEXEC, 0);
if (sock < 0) {
return NULL;
}
diff --git a/libc/dns/net/getaddrinfo.c b/libc/dns/net/getaddrinfo.c
index be692e3..65fd1c1 100644
--- a/libc/dns/net/getaddrinfo.c
+++ b/libc/dns/net/getaddrinfo.c
@@ -362,7 +362,7 @@
*/
static int
_test_connect(int pf, struct sockaddr *addr, size_t addrlen, unsigned mark) {
- int s = socket(pf, SOCK_DGRAM, IPPROTO_UDP);
+ int s = socket(pf, SOCK_DGRAM | SOCK_CLOEXEC, IPPROTO_UDP);
if (s < 0)
return 0;
if (mark != MARK_UNSET && setsockopt(s, SOL_SOCKET, SO_MARK, &mark, sizeof(mark)) < 0)
@@ -433,7 +433,7 @@
return EAI_NODATA;
}
- sock = socket(AF_UNIX, SOCK_STREAM, 0);
+ sock = socket(AF_UNIX, SOCK_STREAM | SOCK_CLOEXEC, 0);
if (sock < 0) {
return EAI_NODATA;
}
@@ -884,7 +884,7 @@
* filter out AFs that are not supported by the kernel
* XXX errno?
*/
- s = socket(pai->ai_family, SOCK_DGRAM, 0);
+ s = socket(pai->ai_family, SOCK_DGRAM | SOCK_CLOEXEC, 0);
if (s < 0) {
if (errno != EMFILE)
return 0;
@@ -1792,7 +1792,7 @@
return 0;
}
- sock = socket(addr->sa_family, SOCK_DGRAM, IPPROTO_UDP);
+ sock = socket(addr->sa_family, SOCK_DGRAM | SOCK_CLOEXEC, IPPROTO_UDP);
if (sock == -1) {
if (errno == EAFNOSUPPORT) {
return 0;
diff --git a/libc/dns/resolv/res_init.c b/libc/dns/resolv/res_init.c
index 9f3a9da..158466e 100644
--- a/libc/dns/resolv/res_init.c
+++ b/libc/dns/resolv/res_init.c
@@ -611,7 +611,7 @@
static int
real_randomid(u_int *random_value) {
/* open the nonblocking random device, returning -1 on failure */
- int random_device = open("/dev/urandom", O_RDONLY);
+ int random_device = open("/dev/urandom", O_RDONLY | O_CLOEXEC);
if (random_device < 0) {
return -1;
}
diff --git a/libc/dns/resolv/res_send.c b/libc/dns/resolv/res_send.c
index 9b36f55..b6a990a 100644
--- a/libc/dns/resolv/res_send.c
+++ b/libc/dns/resolv/res_send.c
@@ -779,7 +779,7 @@
if (statp->_vcsock >= 0)
res_nclose(statp);
- statp->_vcsock = socket(nsap->sa_family, SOCK_STREAM, 0);
+ statp->_vcsock = socket(nsap->sa_family, SOCK_STREAM | SOCK_CLOEXEC, 0);
if (statp->_vcsock > highestFD) {
res_nclose(statp);
errno = ENOTSOCK;
@@ -1062,7 +1062,7 @@
nsap = get_nsaddr(statp, (size_t)ns);
nsaplen = get_salen(nsap);
if (EXT(statp).nssocks[ns] == -1) {
- EXT(statp).nssocks[ns] = socket(nsap->sa_family, SOCK_DGRAM, 0);
+ EXT(statp).nssocks[ns] = socket(nsap->sa_family, SOCK_DGRAM | SOCK_CLOEXEC, 0);
if (EXT(statp).nssocks[ns] > highestFD) {
res_nclose(statp);
errno = ENOTSOCK;