commit fc63f50d9b54fdd7a892d5a770542bdb07fb05d1
from: Stefan Sperling <stsp@stsp.name>
via: Thomas Adam <thomas@xteddy.org>
date: Fri Dec 31 12:00:42 2021 UTC

add O_CLOEXEC (close-on-exec) to openat(2) calls

suggested by millert
ok thomas_adam

commit - 063406214771fb1483c7582bc7bd45f5d6b26c48
commit + fc63f50d9b54fdd7a892d5a770542bdb07fb05d1
blob - 74fe659e70bb073b8f4a4b266a409395c5b01931
blob + 722952754253ee0d9a9c6c0f8631e3877a540634
--- got/got.c
+++ got/got.c
@@ -4435,7 +4435,8 @@ print_diff(void *arg, unsigned char status, unsigned c
 		}
 
 		if (dirfd != -1) {
-			fd = openat(dirfd, de_name, O_RDONLY | O_NOFOLLOW);
+			fd = openat(dirfd, de_name,
+			    O_RDONLY | O_NOFOLLOW | O_CLOEXEC);
 			if (fd == -1) {
 				if (!got_err_open_nofollow_on_symlink()) { 
 					err = got_error_from_errno2("openat",
blob - c1f88d0af838f822b1b8acf17870ecafaf1755c0
blob + 09594d5d6583729be1e8a986168dd0e06386ada4
--- lib/fileindex.c
+++ lib/fileindex.c
@@ -1057,7 +1057,7 @@ walk_dir(struct got_pathlist_entry **next, struct got_
 		}
 
 		subdirfd = openat(fd, de->d_name,
-		    O_RDONLY | O_NOFOLLOW | O_DIRECTORY);
+		    O_RDONLY | O_NOFOLLOW | O_DIRECTORY | O_CLOEXEC);
 		if (subdirfd == -1) {
 			if (errno == EACCES) {
 				*next = TAILQ_NEXT(dle, entry);
blob - f329f0ce1b044f1a4e9d126d1601c61dcec503cf
blob + 2d85d99def0e84249e38b3f4724dd5e35e1a18a9
--- lib/lockfile.c
+++ lib/lockfile.c
@@ -54,7 +54,7 @@ got_lockfile_lock(struct got_lockfile **lf, const char
 	do {
 		if (dir_fd != -1) {
 			(*lf)->fd = openat(dir_fd, (*lf)->path,
-			    O_RDONLY | O_CREAT | O_EXCL | O_EXLOCK,
+			    O_RDONLY | O_CREAT | O_EXCL | O_EXLOCK | O_CLOEXEC,
 			    GOT_DEFAULT_FILE_MODE);
 		} else {
 			(*lf)->fd = open((*lf)->path,
blob - 0dd65c8a831a778b1fb0333b3c7f20b4b0700e43
blob + 3ba7b56d06178ad4108d482597b641ac537cdd0a
--- lib/pack.c
+++ lib/pack.c
@@ -364,7 +364,7 @@ got_packidx_open(struct got_packidx **packidx,
 		goto done;
 	}
 
-	p->fd = openat(dir_fd, relpath, O_RDONLY | O_NOFOLLOW);
+	p->fd = openat(dir_fd, relpath, O_RDONLY | O_NOFOLLOW | O_CLOEXEC);
 	if (p->fd == -1) {
 		err = got_error_from_errno2("openat", relpath);
 		free(p);
blob - 1a48cc6fbe11cca415c2f0cf8bec78db23888941
blob + 0abbba735fa136834bb9dca379d704cb0cd1fb6c
--- lib/repository.c
+++ lib/repository.c
@@ -1120,7 +1120,7 @@ got_repo_search_packidx(struct got_packidx **packidx, 
 	/* No luck. Search the filesystem. */
 
 	packdir_fd = openat(got_repo_get_fd(repo),
-	    GOT_OBJECTS_PACK_DIR, O_DIRECTORY);
+	    GOT_OBJECTS_PACK_DIR, O_DIRECTORY | O_CLOEXEC);
 	if (packdir_fd == -1) {
 		if (errno == ENOENT)
 			err = got_error_no_obj(id);
@@ -1229,7 +1229,8 @@ open_packfile(int *fd, struct got_repository *repo,
 {
 	const struct got_error *err = NULL;
 
-	*fd = openat(got_repo_get_fd(repo), relpath, O_RDONLY | O_NOFOLLOW);
+	*fd = openat(got_repo_get_fd(repo), relpath,
+	    O_RDONLY | O_NOFOLLOW | O_CLOEXEC);
 	if (*fd == -1)
 		return got_error_from_errno_fmt("openat: %s/%s",
 		    got_repo_get_path_git_dir(repo), relpath);
@@ -1403,7 +1404,7 @@ match_packed_object(struct got_object_id **unique_id,
 	STAILQ_INIT(&matched_ids);
 
 	packdir_fd = openat(got_repo_get_fd(repo),
-	    GOT_OBJECTS_PACK_DIR, O_DIRECTORY);
+	    GOT_OBJECTS_PACK_DIR, O_DIRECTORY | O_CLOEXEC);
 	if (packdir_fd == -1) {
 		if (errno != ENOENT)
 			err = got_error_from_errno2("openat", GOT_OBJECTS_PACK_DIR);
blob - 6b3999173b914646a3f1c15bceeafb2cb21db292
blob + 739ff3d01b9b761e9af99eed1c1ef1141465eb90
--- lib/repository_admin.c
+++ lib/repository_admin.c
@@ -1210,7 +1210,7 @@ got_repo_remove_lonely_packidx(struct got_repository *
 	struct stat sb;
 
 	packdir_fd = openat(got_repo_get_fd(repo),
-	    GOT_OBJECTS_PACK_DIR, O_DIRECTORY);
+	    GOT_OBJECTS_PACK_DIR, O_DIRECTORY | O_CLOEXEC);
 	if (packdir_fd == -1) {
 		if (errno == ENOENT)
 			return NULL;
blob - 2dcfd9925316591111540d22e46e18eda34a0249
blob + 393ab8001b98f2af8c123775d21fc1512d6c3b7e
--- lib/worktree.c
+++ lib/worktree.c
@@ -1715,7 +1715,7 @@ get_file_status(unsigned char *status, struct stat *sb
 	}
 
 	if (dirfd != -1) {
-		fd = openat(dirfd, de_name, O_RDONLY | O_NOFOLLOW);
+		fd = openat(dirfd, de_name, O_RDONLY | O_NOFOLLOW | O_CLOEXEC);
 		if (fd == -1) {
 			err = got_error_from_errno2("openat", abspath);
 			goto done;
@@ -3458,7 +3458,8 @@ add_ignores(struct got_pathlist_head *ignores, const c
 		return got_error_from_errno("asprintf");
 
 	if (dirfd != -1) {
-		fd = openat(dirfd, ignores_filename, O_RDONLY | O_NOFOLLOW);
+		fd = openat(dirfd, ignores_filename,
+		    O_RDONLY | O_NOFOLLOW | O_CLOEXEC);
 		if (fd == -1) {
 			if (errno != ENOENT && errno != EACCES)
 				err = got_error_from_errno2("openat",
@@ -4354,7 +4355,8 @@ create_patched_content(char **path_outfile, int revers
 		return err;
 
 	if (dirfd2 != -1) {
-		fd2 = openat(dirfd2, de_name2, O_RDONLY | O_NOFOLLOW);
+		fd2 = openat(dirfd2, de_name2,
+		    O_RDONLY | O_NOFOLLOW | O_CLOEXEC);
 		if (fd2 == -1) {
 			if (!got_err_open_nofollow_on_symlink()) {
 				err = got_error_from_errno2("openat", path2);