File 0007-bnc#842120.dif of Package nss_ldap.13245

Index: nss_ldap-262/ldap-nss.c
===================================================================
--- nss_ldap-262.orig/ldap-nss.c
+++ nss_ldap-262/ldap-nss.c
@@ -121,6 +121,7 @@ extern int ldap_ld_free (LDAP * ld, int
 #endif /* HAVE_LDAP_LD_FREE */
 
 NSS_LDAP_DEFINE_LOCK (__lock);
+NSS_LDAP_DEFINE_LOCK (__child_atfork_lock);
 
 /*
  * the configuration is read by the first call to do_open().
@@ -532,11 +533,35 @@ do_atfork_parent (void)
   debug ("<== do_atfork_parent");
 }
 
+static int
+_nss_ldap_need_deferred_close_no_unbind;
+
+static void
+do_deferred_close_no_unbind (void)
+{
+  sigset_t unblock, mask;
+  debug ("==> do_deferred_close_no_unbind");
+
+  sigemptyset(&unblock);
+  sigaddset(&unblock, SIGPIPE);
+  sigprocmask(SIG_UNBLOCK, &unblock, &mask);
+  do_close_no_unbind ();
+  sigprocmask(SIG_SETMASK, &mask, NULL);
+  debug ("<== do_deferred_close_no_unbind");
+}
+
 static void
 do_atfork_child (void)
 {
+  int sd = -1;
+
   debug ("==> do_atfork_child");
-  do_close_no_unbind ();
+
+  NSS_LDAP_LOCK (__child_atfork_lock);
+  _nss_ldap_need_deferred_close_no_unbind = 1;
+  if (do_get_our_socket (&sd))
+    fcntl (sd, F_SETFD, FD_CLOEXEC);
+  NSS_LDAP_UNLOCK (__child_atfork_lock);
   _nss_ldap_leave ();
   debug ("<== do_atfork_child");
 }
@@ -600,6 +625,14 @@ _nss_ldap_enter (void)
   __sigpipe_handler = signal (SIGPIPE, SIG_IGN);
 #endif /* HAVE_SIGSET */
 
+  NSS_LDAP_LOCK (__child_atfork_lock);
+  if (_nss_ldap_need_deferred_close_no_unbind)
+    {
+      do_deferred_close_no_unbind ();
+      _nss_ldap_need_deferred_close_no_unbind = 0;
+    }
+  NSS_LDAP_UNLOCK (__child_atfork_lock);
+
   debug ("<== _nss_ldap_enter");
 }
 
@@ -823,6 +856,8 @@ do_get_our_socket(int *sd)
                                               peernamelen);
 	}
     }
+  else
+    isOurSocket = 0;
 #endif /* HAVE_LDAPSSL_CLIENT_INIT */
   return isOurSocket;
 }