Add "e" flag to fopen() calls

This adds the `e` flag to fopen() calls, making sure the `O_CLOEXEC` flag is used. This makes sure that the file descriptor is being closed and not leaked into child processes. This was an issues previously due to a missing fclose() (#136).
2025-01-20 10:52:16 +01:00 · 2018-04-05 14:32:04 +02:00 · 2018-04-05 14:32:04 +02:00 · d51124e884
commit d51124e884
parent 079b975469
3 changed files with 3 additions and 3 deletions
--- a/pam_yubico.c
+++ b/pam_yubico.c
@ -819,7 +819,7 @@ parse_cfg (int flags, int argc, const char **argv, struct cfg *cfg)
                {
                  if(S_ISREG(st.st_mode))
                    {
-                      file = fopen(filename, "a");
+                      file = fopen(filename, "ae");
                      if(file)
                        {
                          cfg->debug_file = file;
--- a/util.c
+++ b/util.c
@ -188,7 +188,7 @@ int generate_random(void *buf, int len)
 	FILE *u;
 	int res;

-	u = fopen("/dev/urandom", "r");
+	u = fopen("/dev/urandom", "re");
 	if (!u) {
 		return -1;
 	}
--- a/ykpamcfg.c
+++ b/ykpamcfg.c
@ -237,7 +237,7 @@ do_add_hmac_chalresp(YK_KEY *yk, uint8_t slot, bool verbose, char *output_dir, u

  umask(077);

-  f = fopen (fn, "w");
+  f = fopen (fn, "we");
  if (! f) {
    fprintf (stderr, "Failed opening '%s' for writing : %s\n", fn, strerror (errno));
    goto out;