add CLOEXEC to various DNS related code

Occasionally file descriptors seem to be leaking across execs from DNS related calls. Set close-on-execute for the various sockets / file to prevent file descriptor leakage. Change-Id: I4724b47bc7236f40c29518a6075598a9bba48b0a
2014-06-29 20:46:17 -07:00 · 2014-06-29 20:46:17 -07:00 · 1781ed7774
commit 1781ed7774
parent ddc449748b
4 changed files with 8 additions and 8 deletions
--- a/libc/dns/gethnamaddr.c
+++ b/libc/dns/gethnamaddr.c
@ -539,7 +539,7 @@ static FILE* android_open_proxy()
 	const int one = 1;
 	struct sockaddr_un proxy_addr;

-	sock = socket(AF_UNIX, SOCK_STREAM, 0);
+	sock = socket(AF_UNIX, SOCK_STREAM | SOCK_CLOEXEC, 0);
 	if (sock < 0) {
 		return NULL;
 	}
--- a/libc/dns/net/getaddrinfo.c
+++ b/libc/dns/net/getaddrinfo.c
@ -362,7 +362,7 @@ str2number(const char *p)
 */
 static int
 _test_connect(int pf, struct sockaddr *addr, size_t addrlen, unsigned mark) {
-	int s = socket(pf, SOCK_DGRAM, IPPROTO_UDP);
+	int s = socket(pf, SOCK_DGRAM | SOCK_CLOEXEC, IPPROTO_UDP);
 	if (s < 0)
 		return 0;
 	if (mark != MARK_UNSET && setsockopt(s, SOL_SOCKET, SO_MARK, &mark, sizeof(mark)) < 0)
@ -433,7 +433,7 @@ android_getaddrinfo_proxy(
 		return EAI_NODATA;
 	}

-	sock = socket(AF_UNIX, SOCK_STREAM, 0);
+	sock = socket(AF_UNIX, SOCK_STREAM | SOCK_CLOEXEC, 0);
 	if (sock < 0) {
 		return EAI_NODATA;
 	}
@ -884,7 +884,7 @@ explore_null(const struct addrinfo *pai, const char *servname,
 	 * filter out AFs that are not supported by the kernel
 	 * XXX errno?
 	 */
-	s = socket(pai->ai_family, SOCK_DGRAM, 0);
+	s = socket(pai->ai_family, SOCK_DGRAM | SOCK_CLOEXEC, 0);
 	if (s < 0) {
 		if (errno != EMFILE)
 			return 0;
@ -1792,7 +1792,7 @@ _find_src_addr(const struct sockaddr *addr, struct sockaddr *src_addr, unsigned
 		return 0;
 	}

-	sock = socket(addr->sa_family, SOCK_DGRAM, IPPROTO_UDP);
+	sock = socket(addr->sa_family, SOCK_DGRAM | SOCK_CLOEXEC, IPPROTO_UDP);
 	if (sock == -1) {
 		if (errno == EAFNOSUPPORT) {
 			return 0;
--- a/libc/dns/resolv/res_init.c
+++ b/libc/dns/resolv/res_init.c
@ -611,7 +611,7 @@ net_mask(in)		/* XXX - should really use system's version of this */
 static int
 real_randomid(u_int *random_value) {
 	/* open the nonblocking random device, returning -1 on failure */
-	int random_device = open("/dev/urandom", O_RDONLY);
+	int random_device = open("/dev/urandom", O_RDONLY | O_CLOEXEC);
 	if (random_device < 0) {
 		return -1;
 	}
--- a/libc/dns/resolv/res_send.c
+++ b/libc/dns/resolv/res_send.c
@ -779,7 +779,7 @@ send_vc(res_state statp,
 		if (statp->_vcsock >= 0)
 			res_nclose(statp);

-		statp->_vcsock = socket(nsap->sa_family, SOCK_STREAM, 0);
+		statp->_vcsock = socket(nsap->sa_family, SOCK_STREAM | SOCK_CLOEXEC, 0);
 		if (statp->_vcsock > highestFD) {
 			res_nclose(statp);
 			errno = ENOTSOCK;
@ -1062,7 +1062,7 @@ send_dg(res_state statp,
 	nsap = get_nsaddr(statp, (size_t)ns);
 	nsaplen = get_salen(nsap);
 	if (EXT(statp).nssocks[ns] == -1) {
-		EXT(statp).nssocks[ns] = socket(nsap->sa_family, SOCK_DGRAM, 0);
+		EXT(statp).nssocks[ns] = socket(nsap->sa_family, SOCK_DGRAM | SOCK_CLOEXEC, 0);
 		if (EXT(statp).nssocks[ns] > highestFD) {
 			res_nclose(statp);
 			errno = ENOTSOCK;