1
0
mirror of https://github.com/Yubico/yubico-pam.git synced 2025-01-20 10:52:16 +01:00

Open file descriptors with O_CLOEXEC

This opens any file descriptors with the O_CLOEXEC flag, which will make sure
that file descriptors won't be leaked into any child process. This was
previously an issue due to a forgotten fclose() (#136).
This commit is contained in:
Karol Babioch 2018-04-05 14:20:08 +02:00
parent c773044edc
commit 079b975469
2 changed files with 2 additions and 2 deletions

View File

@ -535,7 +535,7 @@ do_challenge_response(pam_handle_t *pamh, struct cfg *cfg, const char *username)
} }
} }
fd = open(userfile, O_RDONLY, 0); fd = open(userfile, O_RDONLY | O_CLOEXEC, 0);
if (fd < 0) { if (fd < 0) {
DBG ("Cannot open file: %s (%s)", userfile, strerror(errno)); DBG ("Cannot open file: %s (%s)", userfile, strerror(errno));
goto restpriv_out; goto restpriv_out;

2
util.c
View File

@ -109,7 +109,7 @@ check_user_token (const char *authfile,
struct stat st; struct stat st;
FILE *opwfile; FILE *opwfile;
fd = open(authfile, O_RDONLY, 0); fd = open(authfile, O_RDONLY | O_CLOEXEC, 0);
if (fd < 0) { if (fd < 0) {
if(verbose) if(verbose)
D (debug_file, "Cannot open file: %s (%s)", authfile, strerror(errno)); D (debug_file, "Cannot open file: %s (%s)", authfile, strerror(errno));