commit 063406214771fb1483c7582bc7bd45f5d6b26c48
from: Stefan Sperling <stsp@stsp.name>
via: Thomas Adam <thomas@xteddy.org>
date: Fri Dec 31 12:00:42 2021 UTC

add O_CLOEXEC (close-on-exec) flag to open(2) calls

suggested by millert
ok thomas_adam

commit - c56c5d8a20e8209334b5357111eddee0861cddae
commit + 063406214771fb1483c7582bc7bd45f5d6b26c48
blob - 80ebfff77699c5f142553d1bb53741dd96067f3f
blob + 74fe659e70bb073b8f4a4b266a409395c5b01931
--- got/got.c
+++ got/got.c
@@ -4448,7 +4448,7 @@ print_diff(void *arg, unsigned char status, unsigned c
 					goto done;
 			}
 		} else {
-			fd = open(abspath, O_RDONLY | O_NOFOLLOW);
+			fd = open(abspath, O_RDONLY | O_NOFOLLOW | O_CLOEXEC);
 			if (fd == -1) {
 				if (!got_err_open_nofollow_on_symlink()) {
 					err = got_error_from_errno2("open",
blob - 38acc9c78c5f563fd844785003973ca9c8bcd73e
blob + 81cb102bcbf8ddf00aaaf664ea966a84e5765f0b
--- lib/buf.c
+++ lib/buf.c
@@ -279,7 +279,7 @@ buf_write(BUF *b, const char *path, mode_t mode)
 	const struct got_error *err = NULL;
 	int fd;
  open:
-	if ((fd = open(path, O_WRONLY|O_CREAT|O_TRUNC, mode)) == -1) {
+	if ((fd = open(path, O_WRONLY|O_CREAT|O_TRUNC|O_CLOEXEC, mode)) == -1) {
 		err = got_error_from_errno2("open", path);
 		if (errno == EACCES && unlink(path) != -1)
 			goto open;
blob - 52d754a3a69afa383b42fc9f243286a0fecf6e54
blob + 1ddbfbd79094402036ca23f218434375d9870239
--- lib/gotconfig.c
+++ lib/gotconfig.c
@@ -50,7 +50,7 @@ got_gotconfig_read(struct got_gotconfig **conf, const 
 	if (*conf == NULL)
 		return got_error_from_errno("calloc");
 
-	fd = open(gotconfig_path, O_RDONLY);
+	fd = open(gotconfig_path, O_RDONLY | O_CLOEXEC);
 	if (fd == -1) {
 		if (errno == ENOENT)
 			return NULL;
blob - 165216e417422d26d0b171457e55841b60a1fe94
blob + f329f0ce1b044f1a4e9d126d1601c61dcec503cf
--- lib/lockfile.c
+++ lib/lockfile.c
@@ -58,7 +58,7 @@ got_lockfile_lock(struct got_lockfile **lf, const char
 			    GOT_DEFAULT_FILE_MODE);
 		} else {
 			(*lf)->fd = open((*lf)->path,
-			    O_RDONLY | O_CREAT | O_EXCL | O_EXLOCK,
+			    O_RDONLY | O_CREAT | O_EXCL | O_EXLOCK | O_CLOEXEC,
 			    GOT_DEFAULT_FILE_MODE);
 		}
 		if ((*lf)->fd != -1)
blob - f997c6e8b0b6ca0e1730e6d4660cfef42b2e8ea9
blob + 0e77d684720b67f6919ed8aa2215ca28b4c08ace
--- lib/object.c
+++ lib/object.c
@@ -134,7 +134,7 @@ got_object_open_loose_fd(int *fd, struct got_object_id
 	err = got_object_get_path(&path, id, repo);
 	if (err)
 		return err;
-	*fd = open(path, O_RDONLY | O_NOFOLLOW);
+	*fd = open(path, O_RDONLY | O_NOFOLLOW | O_CLOEXEC);
 	if (*fd == -1) {
 		err = got_error_from_errno2("open", path);
 		goto done;
blob - d171abf9397410bf71dad3f0814476feecd33231
blob + 51c96606e75fe17ae655cdbfbebff6e2b366783c
--- lib/object_create.c
+++ lib/object_create.c
@@ -127,7 +127,7 @@ got_object_blob_file_create(struct got_object_id **id,
 
 	SHA1Init(&sha1_ctx);
 
-	fd = open(ondisk_path, O_RDONLY | O_NOFOLLOW);
+	fd = open(ondisk_path, O_RDONLY | O_NOFOLLOW | O_CLOEXEC);
 	if (fd == -1) {
 		if (!got_err_open_nofollow_on_symlink())
 			return got_error_from_errno2("open", ondisk_path);
blob - c35a92ea03b51f220e0188cf6a0c9afae627094f
blob + 84618978884eb4dafa26d9ca5e223741bb88cf1f
--- lib/path.c
+++ lib/path.c
@@ -501,7 +501,7 @@ got_path_create_file(const char *path, const char *con
 	const struct got_error *err = NULL;
 	int fd = -1;
 
-	fd = open(path, O_RDWR | O_CREAT | O_EXCL | O_NOFOLLOW,
+	fd = open(path, O_RDWR | O_CREAT | O_EXCL | O_NOFOLLOW | O_CLOEXEC,
 	    GOT_DEFAULT_FILE_MODE);
 	if (fd == -1) {
 		err = got_error_from_errno2("open", path);
blob - a5d6593a9f5cdcacb01699ad5efa1bbfc2aa78f8
blob + 1a48cc6fbe11cca415c2f0cf8bec78db23888941
--- lib/repository.c
+++ lib/repository.c
@@ -386,7 +386,8 @@ open_repo(struct got_repository *repo, const char *pat
 			err = got_error_from_errno("strdup");
 			goto done;
 		}
-		repo->gitdir_fd = open(repo->path_git_dir, O_DIRECTORY);
+		repo->gitdir_fd = open(repo->path_git_dir,
+		    O_DIRECTORY | O_CLOEXEC);
 		if (repo->gitdir_fd == -1) {
 			err = got_error_from_errno2("open",
 			    repo->path_git_dir);
@@ -408,7 +409,8 @@ open_repo(struct got_repository *repo, const char *pat
 			err = got_error_from_errno("strdup");
 			goto done;
 		}
-		repo->gitdir_fd = open(repo->path_git_dir, O_DIRECTORY);
+		repo->gitdir_fd = open(repo->path_git_dir,
+		    O_DIRECTORY | O_CLOEXEC);
 		if (repo->gitdir_fd == -1) {
 			err = got_error_from_errno2("open",
 			    repo->path_git_dir);
@@ -459,7 +461,7 @@ parse_gitconfig_file(int *gitconfig_repository_format_
 	if (gitconfig_owner)
 		*gitconfig_owner = NULL;
 
-	fd = open(gitconfig_path, O_RDONLY);
+	fd = open(gitconfig_path, O_RDONLY | O_CLOEXEC);
 	if (fd == -1) {
 		if (errno == ENOENT)
 			return NULL;
blob - f73c38388a2637a76122e000a939cc43c4314c89
blob + 6b3999173b914646a3f1c15bceeafb2cb21db292
--- lib/repository_admin.c
+++ lib/repository_admin.c
@@ -478,7 +478,7 @@ got_repo_find_pack(FILE **packfile, struct got_object_
 		goto done;
 	}
 
-	packfd = open(packfile_path, O_RDONLY | O_NOFOLLOW);
+	packfd = open(packfile_path, O_RDONLY | O_NOFOLLOW | O_CLOEXEC);
 	if (packfd == -1) {
 		err = got_error_from_errno2("open", packfile_path);
 		goto done;
blob - d94768b2398accc766c38e127453d48e2393841b
blob + 2dcfd9925316591111540d22e46e18eda34a0249
--- lib/worktree.c
+++ lib/worktree.c
@@ -1042,7 +1042,7 @@ merge_blob(int *local_changes_subsumed, struct got_wor
 			goto done;
 	} else {
 		int fd;
-		fd = open(ondisk_path, O_RDONLY | O_NOFOLLOW);
+		fd = open(ondisk_path, O_RDONLY | O_NOFOLLOW | O_CLOEXEC);
 		if (fd == -1) {
 			err = got_error_from_errno2("open", ondisk_path);
 			goto done;
@@ -1157,7 +1157,7 @@ replace_existing_symlink(int *did_something, const cha
 	 * caller. If we can successfully open a regular file then we simply
 	 * replace this file with a symlink below.
 	 */
-	fd = open(ondisk_path, O_RDWR | O_EXCL | O_NOFOLLOW);
+	fd = open(ondisk_path, O_RDWR | O_EXCL | O_NOFOLLOW | O_CLOEXEC);
 	if (fd == -1) {
 		if (!got_err_open_nofollow_on_symlink())
 			return got_error_from_errno2("open", ondisk_path);
@@ -1387,8 +1387,8 @@ install_blob(struct got_worktree *worktree, const char
 	int update = 0;
 	char *tmppath = NULL;
 
-	fd = open(ondisk_path, O_RDWR | O_CREAT | O_EXCL | O_NOFOLLOW,
-	    GOT_DEFAULT_FILE_MODE);
+	fd = open(ondisk_path, O_RDWR | O_CREAT | O_EXCL | O_NOFOLLOW |
+	    O_CLOEXEC, GOT_DEFAULT_FILE_MODE);
 	if (fd == -1) {
 		if (errno == ENOENT) {
 			char *parent;
@@ -1400,7 +1400,7 @@ install_blob(struct got_worktree *worktree, const char
 			if (err)
 				return err;
 			fd = open(ondisk_path,
-			    O_RDWR | O_CREAT | O_EXCL | O_NOFOLLOW,
+			    O_RDWR | O_CREAT | O_EXCL | O_NOFOLLOW | O_CLOEXEC,
 			    GOT_DEFAULT_FILE_MODE);
 			if (fd == -1)
 				return got_error_from_errno2("open",
@@ -1655,7 +1655,7 @@ get_file_status(unsigned char *status, struct stat *sb
 			goto done;
 		}
 	} else {
-		fd = open(abspath, O_RDONLY | O_NOFOLLOW);
+		fd = open(abspath, O_RDONLY | O_NOFOLLOW | O_CLOEXEC);
 		if (fd == -1 && errno != ENOENT &&
 		    !got_err_open_nofollow_on_symlink())
 			return got_error_from_errno2("open", abspath);
@@ -2814,7 +2814,7 @@ merge_file_cb(void *arg, struct got_blob_object *blob1
 			if (err)
 				goto done;
 
-			fd = open(ondisk_path, O_RDONLY | O_NOFOLLOW);
+			fd = open(ondisk_path, O_RDONLY | O_NOFOLLOW | O_CLOEXEC);
 			if (fd == -1) {
 				err = got_error_from_errno2("open",
 				    ondisk_path);
@@ -3647,7 +3647,7 @@ worktree_status(struct got_worktree *worktree, const c
 	    worktree->root_path, path[0] ? "/" : "", path) == -1)
 		return got_error_from_errno("asprintf");
 
-	fd = open(ondisk_path, O_RDONLY | O_NOFOLLOW | O_DIRECTORY);
+	fd = open(ondisk_path, O_RDONLY | O_NOFOLLOW | O_DIRECTORY | O_CLOEXEC);
 	if (fd == -1) {
 		if (errno != ENOTDIR && errno != ENOENT && errno != EACCES &&
 		    !got_err_open_nofollow_on_symlink())
@@ -4368,7 +4368,7 @@ create_patched_content(char **path_outfile, int revers
 			sb2.st_size = link_len;
 		}
 	} else {
-		fd2 = open(path2, O_RDONLY | O_NOFOLLOW);
+		fd2 = open(path2, O_RDONLY | O_NOFOLLOW | O_CLOEXEC);
 		if (fd2 == -1) {
 			if (!got_err_open_nofollow_on_symlink()) {
 				err = got_error_from_errno2("open", path2);
@@ -8345,7 +8345,8 @@ unstage_hunks(struct got_object_id *staged_blob_id,
 				goto done;
 		} else {
 			int fd;
-			fd = open(ondisk_path, O_RDONLY | O_NOFOLLOW);
+			fd = open(ondisk_path,
+			    O_RDONLY | O_NOFOLLOW | O_CLOEXEC);
 			if (fd == -1) {
 				err = got_error_from_errno2("open", ondisk_path);
 				goto done;
blob - b1be918797b1c5017af449c92ce580ae9a11ffe9
blob + c2e7cf9af0b789d231a7426c323a6b7ddfafb726
--- lib/worktree_open.c
+++ lib/worktree_open.c
@@ -55,7 +55,7 @@ read_meta_file(char **content, const char *path_got, c
 		goto done;
 	}
 
-	fd = open(path, O_RDONLY | O_NOFOLLOW);
+	fd = open(path, O_RDONLY | O_NOFOLLOW | O_CLOEXEC);
 	if (fd == -1) {
 		if (errno == ENOENT)
 			err = got_error_path(path, GOT_ERR_WORKTREE_META);
@@ -130,7 +130,7 @@ open_worktree(struct got_worktree **worktree, const ch
 		goto done;
 	}
 
-	fd = open(path_lock, O_RDWR | O_EXLOCK | O_NONBLOCK);
+	fd = open(path_lock, O_RDWR | O_EXLOCK | O_NONBLOCK | O_CLOEXEC);
 	if (fd == -1) {
 		err = (errno == EWOULDBLOCK ? got_error(GOT_ERR_WORKTREE_BUSY)
 		    : got_error_from_errno2("open", path_lock));
@@ -212,7 +212,8 @@ open_worktree(struct got_worktree **worktree, const ch
 	err = got_gotconfig_read(&(*worktree)->gotconfig,
 	    (*worktree)->gotconfig_path);
 
-	(*worktree)->root_fd = open((*worktree)->root_path, O_DIRECTORY);
+	(*worktree)->root_fd = open((*worktree)->root_path,
+	    O_DIRECTORY | O_CLOEXEC);
 	if ((*worktree)->root_fd == -1) {
 		err = got_error_from_errno2("open", (*worktree)->root_path);
 		goto done;