Problem: tweetnacl leaks file descriptor on fork+exec

Solution: open with O_CLOEXEC if available or set FD_CLOEXEC if not
2024-12-12 10:33:52 +01:00 · 2017-07-27 23:29:33 +01:00 · 2017-07-27 23:29:33 +01:00 · 2626fdfa23
commit 2626fdfa23
parent e015a0f8b9
5 changed files with 58 additions and 1 deletions
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@ -323,6 +323,7 @@ endif ()
 #-----------------------------------------------------------------------------
 if (NOT CMAKE_CROSSCOMPILING)
  zmq_check_sock_cloexec ()
+  zmq_check_o_cloexec ()
  zmq_check_so_keepalive ()
  zmq_check_tcp_keepcnt ()
  zmq_check_tcp_keepidle ()
--- a/acinclude.m4
+++ b/acinclude.m4
@ -614,6 +614,31 @@ int main (int argc, char *argv [])
    AS_IF([test "x$libzmq_cv_sock_cloexec" = "xyes"], [$1], [$2])
 }])

+dnl ################################################################################
+dnl # LIBZMQ_CHECK_O_CLOEXEC([action-if-found], [action-if-not-found])          #
+dnl # Check if O_CLOEXEC is supported                                           #
+dnl ################################################################################
+AC_DEFUN([LIBZMQ_CHECK_O_CLOEXEC], [{
+    AC_CACHE_CHECK([whether O_CLOEXEC is supported], [libzmq_cv_o_cloexec],
+        [AC_TRY_RUN([/* O_CLOEXEC test */
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <fcntl.h>
+
+int main (int argc, char *argv [])
+{
+    int s = open ("/dev/null", O_CLOEXEC | O_RDONLY);
+    return (s == -1);
+}
+        ],
+        [libzmq_cv_o_cloexec="yes"],
+        [libzmq_cv_o_cloexec="no"],
+        [libzmq_cv_o_cloexec="not during cross-compile"]
+        )]
+    )
+    AS_IF([test "x$libzmq_cv_o_cloexec" = "xyes"], [$1], [$2])
+}])
+
 dnl ################################################################################
 dnl # LIBZMQ_CHECK_EVENTFD_CLOEXEC([action-if-found], [action-if-not-found])          #
 dnl # Check if EFD_CLOEXEC is supported                                           #
--- a/builds/cmake/Modules/ZMQSourceRunChecks.cmake
+++ b/builds/cmake/Modules/ZMQSourceRunChecks.cmake
@ -31,6 +31,23 @@ int main(int argc, char *argv [])
    ZMQ_HAVE_EVENTFD_CLOEXEC)
 endmacro()

+macro(zmq_check_o_cloexec)
+  message(STATUS "Checking whether O_CLOEXEC is supported")
+  check_c_source_runs(
+    "
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <fcntl.h>
+
+int main(int argc, char *argv [])
+{
+    int s = open ("/dev/null", O_CLOEXEC | O_RDONLY);
+    return (s == -1);
+}
+"
+    ZMQ_HAVE_O_CLOEXEC)
+endmacro()
+
 # TCP keep-alives Checks.

 macro(zmq_check_so_keepalive)
--- a/configure.ac
+++ b/configure.ac
@ -662,6 +662,12 @@ LIBZMQ_CHECK_SOCK_CLOEXEC([
        [Whether SOCK_CLOEXEC is defined and functioning.])
    ])

+LIBZMQ_CHECK_O_CLOEXEC([
+    AC_DEFINE([ZMQ_HAVE_O_CLOEXEC],
+        [1],
+        [Whether O_CLOEXEC is defined and functioning.])
+    ])
+
 # TCP keep-alives Checks.
 LIBZMQ_CHECK_SO_KEEPALIVE([
    AC_DEFINE([ZMQ_HAVE_SO_KEEPALIVE],
--- a/src/tweetnacl.c
+++ b/src/tweetnacl.c
@ -951,11 +951,19 @@ int sodium_init (void)
 {
    if (fd == -1) {
        for (;;) {
-            fd = open("/dev/urandom",O_RDONLY);
+            int flags = O_RDONLY;
+#ifdef ZMQ_HAVE_O_CLOEXEC
+            flags |= O_CLOEXEC;
+#endif
+            fd = open ("/dev/urandom", flags);
            if (fd != -1)
                break;
            sleep (1);
        }
+#if !defined ZMQ_HAVE_O_CLOEXEC && defined FD_CLOEXEC
+        int rc = fcntl (fd, F_SETFD, FD_CLOEXEC);
+        assert (rc != -1);
+#endif
    }
    return 0;
 }