commit - 8bd0cdad05519cbb08d8d11223bdde0472678150
commit + e7ae0bafeffce6697bc3b67fda753e5bac995cb6
blob - 49c56bc9c0b68bfb9d7d28804b171f641b6baef8
blob + 0b61ca99747d4d1bde47a50eecd572ce88c838f8
--- got/got.c
+++ got/got.c
}
if (dirfd != -1) {
- fd = openat(dirfd, de_name, O_RDONLY | O_NOFOLLOW);
+ fd = openat(dirfd, de_name,
+ O_RDONLY | O_NOFOLLOW | O_CLOEXEC);
if (fd == -1) {
if (!got_err_open_nofollow_on_symlink()) {
err = got_error_from_errno2("openat",
blob - 91a35e46fce2547ae0c44ba7edf82da9edd9e097
blob + 60539f2a09b85e1abbc55e1e6fb94f7210db3b14
--- lib/fileindex.c
+++ lib/fileindex.c
}
subdirfd = openat(fd, de->d_name,
- O_RDONLY | O_NOFOLLOW | O_DIRECTORY);
+ O_RDONLY | O_NOFOLLOW | O_DIRECTORY | O_CLOEXEC);
if (subdirfd == -1) {
if (errno == EACCES) {
*next = TAILQ_NEXT(dle, entry);
blob - 7d5db032fc35c2694da442ac214b29a5307fbc8f
blob + e1a1870147bfefcb7e3caaaedf16d6b92e78a5c1
--- lib/lockfile.c
+++ lib/lockfile.c
do {
if (dir_fd != -1) {
(*lf)->fd = openat(dir_fd, (*lf)->path,
- O_RDONLY | O_CREAT | O_EXCL | O_EXLOCK,
+ O_RDONLY | O_CREAT | O_EXCL | O_EXLOCK | O_CLOEXEC,
GOT_DEFAULT_FILE_MODE);
} else {
(*lf)->fd = open((*lf)->path,
blob - b29f6d25ce45802ebffcccce90ca9975efdbf260
blob + cda2a94c06d5421f629332f0997eca5ce2c66c5c
--- lib/pack.c
+++ lib/pack.c
goto done;
}
- p->fd = openat(dir_fd, relpath, O_RDONLY | O_NOFOLLOW);
+ p->fd = openat(dir_fd, relpath, O_RDONLY | O_NOFOLLOW | O_CLOEXEC);
if (p->fd == -1) {
err = got_error_from_errno2("openat", relpath);
free(p);
blob - 76be29a1defe649f248e3d3f58461d3750f2cf49
blob + 41da7b15ca61d79a06862f1f0a9534002c2cdfca
--- lib/repository.c
+++ lib/repository.c
/* No luck. Search the filesystem. */
packdir_fd = openat(got_repo_get_fd(repo),
- GOT_OBJECTS_PACK_DIR, O_DIRECTORY);
+ GOT_OBJECTS_PACK_DIR, O_DIRECTORY | O_CLOEXEC);
if (packdir_fd == -1) {
if (errno == ENOENT)
err = got_error_no_obj(id);
{
const struct got_error *err = NULL;
- *fd = openat(got_repo_get_fd(repo), relpath, O_RDONLY | O_NOFOLLOW);
+ *fd = openat(got_repo_get_fd(repo), relpath,
+ O_RDONLY | O_NOFOLLOW | O_CLOEXEC);
if (*fd == -1)
return got_error_from_errno_fmt("openat: %s/%s",
got_repo_get_path_git_dir(repo), relpath);
STAILQ_INIT(&matched_ids);
packdir_fd = openat(got_repo_get_fd(repo),
- GOT_OBJECTS_PACK_DIR, O_DIRECTORY);
+ GOT_OBJECTS_PACK_DIR, O_DIRECTORY | O_CLOEXEC);
if (packdir_fd == -1) {
if (errno != ENOENT)
err = got_error_from_errno2("openat", GOT_OBJECTS_PACK_DIR);
blob - 3eb6c068c9ec8ad604a9aed5b210039352af5827
blob + 4e1253bcafe34044a40c52250b6a96a552b4b609
--- lib/repository_admin.c
+++ lib/repository_admin.c
struct stat sb;
packdir_fd = openat(got_repo_get_fd(repo),
- GOT_OBJECTS_PACK_DIR, O_DIRECTORY);
+ GOT_OBJECTS_PACK_DIR, O_DIRECTORY | O_CLOEXEC);
if (packdir_fd == -1) {
if (errno == ENOENT)
return NULL;
blob - 213dabaab415529a22bc24fe5a59b6232be0184a
blob + 87959af131f11571b21d37fe9087acd551dd9250
--- lib/worktree.c
+++ lib/worktree.c
}
if (dirfd != -1) {
- fd = openat(dirfd, de_name, O_RDONLY | O_NOFOLLOW);
+ fd = openat(dirfd, de_name, O_RDONLY | O_NOFOLLOW | O_CLOEXEC);
if (fd == -1) {
err = got_error_from_errno2("openat", abspath);
goto done;
return got_error_from_errno("asprintf");
if (dirfd != -1) {
- fd = openat(dirfd, ignores_filename, O_RDONLY | O_NOFOLLOW);
+ fd = openat(dirfd, ignores_filename,
+ O_RDONLY | O_NOFOLLOW | O_CLOEXEC);
if (fd == -1) {
if (errno != ENOENT && errno != EACCES)
err = got_error_from_errno2("openat",
return err;
if (dirfd2 != -1) {
- fd2 = openat(dirfd2, de_name2, O_RDONLY | O_NOFOLLOW);
+ fd2 = openat(dirfd2, de_name2,
+ O_RDONLY | O_NOFOLLOW | O_CLOEXEC);
if (fd2 == -1) {
if (!got_err_open_nofollow_on_symlink()) {
err = got_error_from_errno2("openat", path2);