File openssl-ocloexec.patch of Package openssl
Index: crypto/bio/b_sock.c
===================================================================
--- crypto/bio/b_sock.c.orig 2017-05-04 23:40:14.174784586 +0200
+++ crypto/bio/b_sock.c 2017-05-04 23:40:25.798959126 +0200
@@ -723,7 +723,7 @@ int BIO_get_accept_socket(char *host, in
}
again:
- s = socket(server.sa.sa_family, SOCK_STREAM, SOCKET_PROTOCOL);
+ s = socket(server.sa.sa_family, SOCK_STREAM|SOCK_CLOEXEC, SOCKET_PROTOCOL);
if (s == INVALID_SOCKET) {
SYSerr(SYS_F_SOCKET, get_last_socket_error());
ERR_add_error_data(3, "port='", host, "'");
@@ -765,7 +765,7 @@ int BIO_get_accept_socket(char *host, in
} else
goto err;
}
- cs = socket(client.sa.sa_family, SOCK_STREAM, SOCKET_PROTOCOL);
+ cs = socket(client.sa.sa_family, SOCK_STREAM|SOCK_CLOEXEC, SOCKET_PROTOCOL);
if (cs != INVALID_SOCKET) {
int ii;
ii = connect(cs, &client.sa, addrlen);
@@ -847,7 +847,7 @@ int BIO_accept(int sock, char **addr)
sa.len.s = 0;
sa.len.i = sizeof(sa.from);
memset(&sa.from, 0, sizeof(sa.from));
- ret = accept(sock, &sa.from.sa, (void *)&sa.len);
+ ret = accept4(sock, &sa.from.sa, (void *)&sa.len, SOCK_CLOEXEC);
if (sizeof(sa.len.i) != sizeof(sa.len.s) && sa.len.i == 0) {
OPENSSL_assert(sa.len.s <= sizeof(sa.from));
sa.len.i = (int)sa.len.s;
Index: crypto/bio/bss_conn.c
===================================================================
--- crypto/bio/bss_conn.c.orig 2017-05-04 23:40:14.174784586 +0200
+++ crypto/bio/bss_conn.c 2017-05-04 23:40:25.798959126 +0200
@@ -195,7 +195,7 @@ static int conn_state(BIO *b, BIO_CONNEC
c->them.sin_addr.s_addr = htonl(l);
c->state = BIO_CONN_S_CREATE_SOCKET;
- ret = socket(AF_INET, SOCK_STREAM, SOCKET_PROTOCOL);
+ ret = socket(AF_INET, SOCK_STREAM|SOCK_CLOEXEC, SOCKET_PROTOCOL);
if (ret == INVALID_SOCKET) {
SYSerr(SYS_F_SOCKET, get_last_socket_error());
ERR_add_error_data(4, "host=", c->param_hostname,
Index: crypto/bio/bss_dgram.c
===================================================================
--- crypto/bio/bss_dgram.c.orig 2017-05-04 23:40:14.174784586 +0200
+++ crypto/bio/bss_dgram.c 2017-05-04 23:40:25.798959126 +0200
@@ -1175,7 +1175,7 @@ static int dgram_sctp_read(BIO *b, char
msg.msg_control = cmsgbuf;
msg.msg_controllen = 512;
msg.msg_flags = 0;
- n = recvmsg(b->num, &msg, 0);
+ n = recvmsg(b->num, &msg, MSG_CMSG_CLOEXEC);
if (n <= 0) {
if (n < 0)
@@ -1800,7 +1800,7 @@ int BIO_dgram_sctp_wait_for_dry(BIO *b)
msg.msg_controllen = 0;
msg.msg_flags = 0;
- n = recvmsg(b->num, &msg, MSG_PEEK);
+ n = recvmsg(b->num, &msg, MSG_PEEK|MSG_CMSG_CLOEXEC);
if (n <= 0) {
if ((n < 0) && (get_last_socket_error() != EAGAIN)
&& (get_last_socket_error() != EWOULDBLOCK))
@@ -1822,7 +1822,7 @@ int BIO_dgram_sctp_wait_for_dry(BIO *b)
msg.msg_controllen = 0;
msg.msg_flags = 0;
- n = recvmsg(b->num, &msg, 0);
+ n = recvmsg(b->num, &msg, MSG_CMSG_CLOEXEC);
if (n <= 0) {
if ((n < 0) && (get_last_socket_error() != EAGAIN)
&& (get_last_socket_error() != EWOULDBLOCK))
@@ -1887,7 +1887,7 @@ int BIO_dgram_sctp_wait_for_dry(BIO *b)
fcntl(b->num, F_SETFL, O_NONBLOCK);
}
- n = recvmsg(b->num, &msg, MSG_PEEK);
+ n = recvmsg(b->num, &msg, MSG_PEEK|MSG_CMSG_CLOEXEC);
if (is_dry) {
fcntl(b->num, F_SETFL, sockflags);
@@ -1929,7 +1929,7 @@ int BIO_dgram_sctp_msg_waiting(BIO *b)
sockflags = fcntl(b->num, F_GETFL, 0);
fcntl(b->num, F_SETFL, O_NONBLOCK);
- n = recvmsg(b->num, &msg, MSG_PEEK);
+ n = recvmsg(b->num, &msg, MSG_PEEK|MSG_CMSG_CLOEXEC);
fcntl(b->num, F_SETFL, sockflags);
/* if notification, process and try again */
@@ -1949,7 +1949,7 @@ int BIO_dgram_sctp_msg_waiting(BIO *b)
msg.msg_control = NULL;
msg.msg_controllen = 0;
msg.msg_flags = 0;
- n = recvmsg(b->num, &msg, 0);
+ n = recvmsg(b->num, &msg, MSG_CMSG_CLOEXEC);
if (data->handle_notifications != NULL)
data->handle_notifications(b, data->notification_context,
Index: crypto/bio/bss_file.c
===================================================================
--- crypto/bio/bss_file.c.orig 2017-05-04 23:40:14.174784586 +0200
+++ crypto/bio/bss_file.c 2017-05-04 23:40:25.798959126 +0200
@@ -118,6 +118,10 @@ static BIO_METHOD methods_filep = {
static FILE *file_fopen(const char *filename, const char *mode)
{
FILE *file = NULL;
+ size_t modelen = strlen (mode);
+ char newmode[modelen + 2];
+
+ memcpy (mempcpy (newmode, mode, modelen), "e", 2);
# if defined(_WIN32) && defined(CP_UTF8)
int sz, len_0 = (int)strlen(filename) + 1;
@@ -161,7 +165,7 @@ static FILE *file_fopen(const char *file
file = fopen(filename, mode);
}
# else
- file = fopen(filename, mode);
+ file = fopen(filename, newmode);
# endif
return (file);
}
@@ -286,7 +290,7 @@ static long MS_CALLBACK file_ctrl(BIO *b
long ret = 1;
FILE *fp = (FILE *)b->ptr;
FILE **fpp;
- char p[4];
+ char p[5];
switch (cmd) {
case BIO_C_FILE_SEEK:
@@ -397,6 +401,7 @@ static long MS_CALLBACK file_ctrl(BIO *b
else
strcat(p, "t");
# endif
+ strcat(p, "e");
fp = file_fopen(ptr, p);
if (fp == NULL) {
SYSerr(SYS_F_FOPEN, get_last_sys_error());
Index: crypto/rand/randfile.c
===================================================================
--- crypto/rand/randfile.c.orig 2017-05-04 23:40:14.174784586 +0200
+++ crypto/rand/randfile.c 2017-05-04 23:40:25.798959126 +0200
@@ -182,7 +182,7 @@ int RAND_load_file(const char *file, lon
#ifdef OPENSSL_SYS_VMS
in = vms_fopen(file, "rb", VMS_OPEN_ATTRS);
#else
- in = fopen(file, "rb");
+ in = fopen(file, "rbe");
#endif
if (in == NULL)
goto err;
@@ -265,7 +265,7 @@ int RAND_write_file(const char *file)
* chmod(..., 0600) is too late to protect the file, permissions
* should be restrictive from the start
*/
- int fd = open(file, O_WRONLY | O_CREAT | O_BINARY, 0600);
+ int fd = open(file, O_WRONLY | O_CREAT | O_BINARY | O_CLOEXEC, 0600);
if (fd != -1)
out = fdopen(fd, "wb");
}
@@ -295,7 +295,7 @@ int RAND_write_file(const char *file)
out = vms_fopen(file, "wb", VMS_OPEN_ATTRS);
#else
if (out == NULL)
- out = fopen(file, "wb");
+ out = fopen(file, "wbe");
#endif
if (out == NULL)
goto err;
