diff options
author | Phil Sutter <phil@nwl.cc> | 2023-08-08 16:33:44 +0200 |
---|---|---|
committer | Phil Sutter <phil@nwl.cc> | 2023-08-10 14:14:55 +0200 |
commit | 2d6221641d66b502b1a49d3267bd8126b0448a1d (patch) | |
tree | 19bb7a57750581945536e3b48f0c66d94c2c2d00 /libxtables | |
parent | 99cd1282779beecf337c4587ffc133ecafb8130f (diff) |
Use SOCK_CLOEXEC/O_CLOEXEC where available
No need for the explicit fcntl() call, request the behaviour when
opening the descriptor.
One fcntl() call setting FD_CLOEXEC remains in extensions/libxt_bpf.c,
the indirect syscall seems not to support passing the flag directly.
Reported-by: Gaurav Gupta <g.gupta@samsung.com>
Closes: https://bugzilla.netfilter.org/show_bug.cgi?id=1104
Signed-off-by: Phil Sutter <phil@nwl.cc>
Diffstat (limited to 'libxtables')
-rw-r--r-- | libxtables/xtables.c | 15 |
1 files changed, 2 insertions, 13 deletions
diff --git a/libxtables/xtables.c b/libxtables/xtables.c index e3e444ac..ba9ceaeb 100644 --- a/libxtables/xtables.c +++ b/libxtables/xtables.c @@ -481,14 +481,9 @@ static char *get_modprobe(void) char *ret; int count; - procfile = open(PROC_SYS_MODPROBE, O_RDONLY); + procfile = open(PROC_SYS_MODPROBE, O_RDONLY | O_CLOEXEC); if (procfile < 0) return NULL; - if (fcntl(procfile, F_SETFD, FD_CLOEXEC) == -1) { - fprintf(stderr, "Could not set close on exec: %s\n", - strerror(errno)); - exit(1); - } ret = malloc(PATH_MAX); if (ret) { @@ -1023,7 +1018,7 @@ int xtables_compatible_revision(const char *name, uint8_t revision, int opt) socklen_t s = sizeof(rev); int max_rev, sockfd; - sockfd = socket(afinfo->family, SOCK_RAW, IPPROTO_RAW); + sockfd = socket(afinfo->family, SOCK_RAW | SOCK_CLOEXEC, IPPROTO_RAW); if (sockfd < 0) { if (errno == EPERM) { /* revision 0 is always supported. */ @@ -1039,12 +1034,6 @@ int xtables_compatible_revision(const char *name, uint8_t revision, int opt) exit(1); } - if (fcntl(sockfd, F_SETFD, FD_CLOEXEC) == -1) { - fprintf(stderr, "Could not set close on exec: %s\n", - strerror(errno)); - exit(1); - } - xtables_load_ko(xtables_modprobe_program, true); strncpy(rev.name, name, XT_EXTENSION_MAXNAMELEN - 1); |