diff --git a/duiaid.c b/duiaid.c index 3363c82..3e0c9a0 100644 --- a/duiaid.c +++ b/duiaid.c @@ -42,7 +42,7 @@ static int open_duidfile_read(void) { char duidfile[PATH_MAX]; get_duid_path(duidfile, sizeof duidfile); - int fd = open(duidfile, O_RDONLY, 0); + int fd = open(duidfile, O_RDONLY|O_CLOEXEC, 0); if (fd < 0) { log_line("Failed to open duidfile '%s' for reading: %s", duidfile, strerror(errno)); @@ -54,7 +54,7 @@ static int open_duidfile_write(void) { char duidfile[PATH_MAX]; get_duid_path(duidfile, sizeof duidfile); - int fd = open(duidfile, O_WRONLY|O_TRUNC|O_CREAT, 0644); + int fd = open(duidfile, O_WRONLY|O_TRUNC|O_CREAT|O_CLOEXEC, 0644); if (fd < 0) suicide("Failed to open duidfile '%s' for writing: %s", duidfile, strerror(errno)); @@ -65,7 +65,7 @@ static int open_iaidfile_read(const uint8_t hwaddr[static 6], size_t hwaddrlen) { char iaidfile[PATH_MAX]; get_iaid_path(iaidfile, sizeof iaidfile, hwaddr, hwaddrlen); - int fd = open(iaidfile, O_RDONLY, 0); + int fd = open(iaidfile, O_RDONLY|O_CLOEXEC, 0); if (fd < 0) { log_line("Failed to open iaidfile '%s' for reading: %s", iaidfile, strerror(errno)); @@ -78,7 +78,7 @@ static int open_iaidfile_write(const uint8_t hwaddr[static 6], { char iaidfile[PATH_MAX]; get_iaid_path(iaidfile, sizeof iaidfile, hwaddr, hwaddrlen); - int fd = open(iaidfile, O_WRONLY|O_TRUNC|O_CREAT, 0644); + int fd = open(iaidfile, O_WRONLY|O_TRUNC|O_CREAT|O_CLOEXEC, 0644); if (fd < 0) suicide("Failed to open iaidfile '%s' for writing: %s", iaidfile, strerror(errno)); diff --git a/ifset.c b/ifset.c index cc7b9cc..6d12d67 100644 --- a/ifset.c +++ b/ifset.c @@ -305,7 +305,7 @@ int perform_carrier(void) { int ret = -1; uint32_t flags; - int fd = socket(AF_NETLINK, SOCK_DGRAM | SOCK_NONBLOCK, NETLINK_ROUTE); + int fd = socket(AF_NETLINK, SOCK_DGRAM | SOCK_NONBLOCK | SOCK_CLOEXEC, NETLINK_ROUTE); if (fd < 0) { log_line("%s: (%s) netlink socket open failed: %s", client_config.interface, __func__, strerror(errno)); @@ -472,7 +472,7 @@ static ssize_t rtnl_if_mtu_set(int fd, unsigned int mtu) int perform_ifup(void) { - int fd = socket(AF_NETLINK, SOCK_DGRAM | SOCK_NONBLOCK, NETLINK_ROUTE); + int fd = socket(AF_NETLINK, SOCK_DGRAM | SOCK_NONBLOCK | SOCK_CLOEXEC, NETLINK_ROUTE); if (fd < 0) { log_line("%s: (%s) netlink socket open failed: %s", client_config.interface, __func__, strerror(errno)); @@ -525,7 +525,7 @@ int perform_ip_subnet_bcast(const char *str_ipaddr, bcast.s_addr = ipaddr.s_addr | htonl(0xfffffffflu >> prefixlen); } - fd = socket(AF_NETLINK, SOCK_DGRAM | SOCK_NONBLOCK, NETLINK_ROUTE); + fd = socket(AF_NETLINK, SOCK_DGRAM | SOCK_NONBLOCK | SOCK_CLOEXEC, NETLINK_ROUTE); if (fd < 0) { log_line("%s: (%s) netlink socket open failed: %s", client_config.interface, __func__, strerror(errno)); @@ -587,7 +587,7 @@ int perform_router(const char *str_router, size_t len) goto fail; } - int fd = socket(AF_NETLINK, SOCK_DGRAM | SOCK_NONBLOCK, NETLINK_ROUTE); + int fd = socket(AF_NETLINK, SOCK_DGRAM | SOCK_NONBLOCK | SOCK_CLOEXEC, NETLINK_ROUTE); if (fd < 0) { log_line("%s: (%s) netlink socket open failed: %s", client_config.interface, __func__, strerror(errno)); @@ -640,7 +640,7 @@ int perform_mtu(const char *str, size_t len) } mtu = (unsigned int)tmtu; - fd = socket(AF_NETLINK, SOCK_DGRAM | SOCK_NONBLOCK, NETLINK_ROUTE); + fd = socket(AF_NETLINK, SOCK_DGRAM | SOCK_NONBLOCK | SOCK_CLOEXEC, NETLINK_ROUTE); if (fd < 0) { log_line("%s: (%s) netlink socket open failed: %s", client_config.interface, __func__, strerror(errno)); diff --git a/leasefile.c b/leasefile.c index 20c78d2..c8b7e66 100644 --- a/leasefile.c +++ b/leasefile.c @@ -34,7 +34,7 @@ void open_leasefile(void) { char leasefile[PATH_MAX]; get_leasefile_path(leasefile, sizeof leasefile, client_config.interface); - leasefilefd = open(leasefile, O_WRONLY|O_TRUNC|O_CREAT, 0644); + leasefilefd = open(leasefile, O_WRONLY|O_TRUNC|O_CREAT|O_CLOEXEC, 0644); if (leasefilefd < 0) suicide("%s: (%s) Failed to create lease file '%s': %s", client_config.interface, __func__, leasefile, strerror(errno)); diff --git a/netlink.c b/netlink.c index de34ab0..8a17020 100644 --- a/netlink.c +++ b/netlink.c @@ -138,7 +138,7 @@ static int handle_getifdata(int fd, uint32_t seq) int nl_getifdata(void) { int ret = -1; - int fd = socket(AF_NETLINK, SOCK_DGRAM, NETLINK_ROUTE); + int fd = socket(AF_NETLINK, SOCK_DGRAM|SOCK_CLOEXEC, NETLINK_ROUTE); if (fd < 0) { log_line("%s: (%s) netlink socket open failed: %s", client_config.interface, __func__, strerror(errno)); diff --git a/nk/hwrng.c b/nk/hwrng.c index 335649c..e82d9fd 100644 --- a/nk/hwrng.c +++ b/nk/hwrng.c @@ -78,7 +78,7 @@ static bool nk_get_rnd_clk(char *seed, size_t len) static bool nk_get_urandom(char *seed, size_t len) { - int fd = open("/dev/urandom", O_RDONLY); + int fd = open("/dev/urandom", O_RDONLY|O_CLOEXEC); if (fd < 0) { log_line("%s: Could not open /dev/urandom: %s", __func__, strerror(errno)); diff --git a/sockd.c b/sockd.c index 2eff2ba..120bd67 100644 --- a/sockd.c +++ b/sockd.c @@ -85,7 +85,7 @@ int request_sockd_fd(char *buf, size_t buflen, char *response) static int create_arp_socket(void) { - int fd = socket(AF_PACKET, SOCK_RAW | SOCK_NONBLOCK, htons(ETH_P_ARP)); + int fd = socket(AF_PACKET, SOCK_RAW | SOCK_NONBLOCK | SOCK_CLOEXEC, htons(ETH_P_ARP)); if (fd < 0) { log_line("%s: (%s) socket failed: %s", client_config.interface, __func__, strerror(errno)); @@ -124,7 +124,7 @@ static int create_arp_socket(void) static int create_udp_socket(uint32_t ip, uint16_t port, char *iface) { int fd; - if ((fd = socket(AF_INET, SOCK_DGRAM | SOCK_NONBLOCK, IPPROTO_UDP)) < 0) { + if ((fd = socket(AF_INET, SOCK_DGRAM | SOCK_NONBLOCK | SOCK_CLOEXEC, IPPROTO_UDP)) < 0) { log_line("%s: (%s) socket failed: %s", client_config.interface, __func__, strerror(errno)); goto out; @@ -180,7 +180,7 @@ static int create_raw_socket(struct sockaddr_ll *sa, bool *using_bpf, const struct sock_fprog *filter_prog) { int fd; - if ((fd = socket(AF_PACKET, SOCK_DGRAM | SOCK_NONBLOCK, + if ((fd = socket(AF_PACKET, SOCK_DGRAM | SOCK_NONBLOCK | SOCK_CLOEXEC, htons(ETH_P_IP))) < 0) { log_line("create_raw_socket: socket failed: %s", strerror(errno)); goto out;