[Pkg-gnutls-maint] Bug#403613: the rndlinux module opens a file handle and never closes it

Mon Dec 18 18:30:20 CET 2006

On Mon, 18 Dec 2006 14:20, max at duempel.org said:

> The function _gcry_rndlinux_gather_random() in cipher/rndlinux.c opens
> two file handles (fd_random and fd_urandom) which are never closed.
> Since it does not apply the FD_CLOEXEC flag, all subprocesses will
> inherit these two handles without ever using them.

In general all file descriptors should be closed explicitly right
before an exec.  Thus it is more of an application error. I'll fix it
anyway.

The supplied patch is not correct as it does not preserve otehr file
flags.  The correct pacth is:

--- cipher/rndlinux.c   (revision 1174)
+++ cipher/rndlinux.c   (working copy)
@@ -42,6 +42,19 @@
                                   int requester,
                                   size_t length, int level );
 
+static int
+set_cloexec_flag (int fd)
+{
+  int oldflags;
+
+  oldflags= fcntl (fd, F_GETFD, 0);
+  if (oldflags < 0)
+    return oldflags;
+  oldflags |= FD_CLOEXEC;
+  return fcntl (fd, F_SETFD, oldflags);
+}
+
+
 /*
  * Used to open the /dev/random devices (Linux, xBSD, Solaris (if it exists)).
  */
@@ -54,6 +67,10 @@
   if( fd == -1 )
     log_fatal ("can't open %s: %s\n", name, strerror(errno) );
 
+  if (set_cloexec_flag (fd))
+    log_error ("error setting FD_CLOEXEC on fd %d: %s\n",
+               fd, strerror (errno));
+
   /* We used to do the follwing check, however it turned out that this
      is not portable since more OSes provide a random device which is
      sometimes implemented as anoteher device type. 




Shalom-Salam,

   Werner



