Problem: tweetnacl leaks file descriptor on fork+exec

Solution: open with O_CLOEXEC if available or set FD_CLOEXEC if not
2025-10-28 11:31:56 +01:00 · 2017-07-27 23:29:33 +01:00
parent e015a0f8b9
commit 2626fdfa23
5 changed files with 58 additions and 1 deletions
--- a/src/tweetnacl.c
+++ b/src/tweetnacl.c
@@ -951,11 +951,19 @@ int sodium_init (void)
 {
    if (fd == -1) {
        for (;;) {
-            fd = open("/dev/urandom",O_RDONLY);
+            int flags = O_RDONLY;
+#ifdef ZMQ_HAVE_O_CLOEXEC
+            flags |= O_CLOEXEC;
+#endif
+            fd = open ("/dev/urandom", flags);
            if (fd != -1)
                break;
            sleep (1);
        }
+#if !defined ZMQ_HAVE_O_CLOEXEC && defined FD_CLOEXEC
+        int rc = fcntl (fd, F_SETFD, FD_CLOEXEC);
+        assert (rc != -1);
+#endif
    }
    return 0;
 }