From 62a669d9f04e83debe729347617a935707badc7e Mon Sep 17 00:00:00 2001 From: Chris Rankin Date: Sat, 1 Oct 2011 14:14:27 +0100 Subject: Mark simple file and socket descriptors as uninheritable. This patch creates two utility functions: int open_cloexec(pathname, flags) int create_cloexec(pathname, flags, mode) These return a file descriptor with the CLOEXEC flag set, to ensure that the descriptor is not inherited across a fork/exec operation. The sockets returned by: _x_io_tcp_connect_ipv4() _x_io_tcp_connect() now also have their CLOEXEC flag set. --- src/audio_out/audio_file_out.c | 2 +- src/audio_out/audio_oss_out.c | 8 ++++---- src/audio_out/audio_sun_out.c | 8 ++++---- src/input/input_cdda.c | 2 +- src/input/input_dvb.c | 14 +++++++------- src/input/input_file.c | 2 +- src/input/input_net.c | 24 ++++++++++++++++++++++++ src/input/input_pvr.c | 10 +++++----- src/input/input_stdin_fifo.c | 2 +- src/input/input_v4l.c | 10 +++++----- src/input/input_vcd.c | 6 +++--- src/input/media_helper.c | 2 +- src/libw32dll/wine/registry.c | 4 ++-- src/video_out/video_out_fb.c | 6 +++--- src/video_out/video_out_pgx64.c | 2 +- src/video_out/video_out_syncfb.c | 4 ++-- src/video_out/video_out_vidix.c | 2 +- src/xine-engine/io_helper.c | 20 ++++++++++++++++++++ src/xine-utils/utils.c | 39 +++++++++++++++++++++++++++++++++++++++ src/xine-utils/xine_check.c | 6 +++--- src/xine-utils/xineutils.h | 12 ++++++++++++ 21 files changed, 140 insertions(+), 45 deletions(-) (limited to 'src') diff --git a/src/audio_out/audio_file_out.c b/src/audio_out/audio_file_out.c index 7b7bfe950..e39291f4e 100644 --- a/src/audio_out/audio_file_out.c +++ b/src/audio_out/audio_file_out.c @@ -115,7 +115,7 @@ static int ao_file_open(ao_driver_t *this_gen, uint32_t bits, uint32_t rate, int if (!this->fname) this->fname = "xine-out.wav"; - this->fd = open(this->fname, O_WRONLY|O_TRUNC|O_CREAT, 0644); + this->fd = create_cloexec(this->fname, O_WRONLY|O_TRUNC, S_IRUSR|S_IWUSR|S_IRGRP|S_IROTH); if (this->fd == -1) { xprintf (this->xine, XINE_VERBOSITY_LOG, "audio_file_out: Failed to open file '%s': %s\n", diff --git a/src/audio_out/audio_oss_out.c b/src/audio_out/audio_oss_out.c index bd16a6dd3..a7e320107 100644 --- a/src/audio_out/audio_oss_out.c +++ b/src/audio_out/audio_oss_out.c @@ -190,7 +190,7 @@ static int ao_oss_open(ao_driver_t *this_gen, * open audio device */ - this->audio_fd=open(this->audio_dev,O_WRONLY|O_NONBLOCK); + this->audio_fd = open_cloexec(this->audio_dev, O_WRONLY|O_NONBLOCK); if (this->audio_fd < 0) { xprintf(this->xine, XINE_VERBOSITY_LOG, _("audio_oss_out: Opening audio device %s: %s\n"), this->audio_dev, strerror(errno)); @@ -781,7 +781,7 @@ static ao_driver_t *open_plugin (audio_driver_class_t *class_gen, const void *da xprintf(class->xine, XINE_VERBOSITY_LOG, _("audio_oss_out: using device >%s<\n"), this->audio_dev); - audio_fd = open(this->audio_dev, O_WRONLY|O_NONBLOCK); + audio_fd = open_cloexec(this->audio_dev, O_WRONLY|O_NONBLOCK); if (audio_fd < 0) { xprintf(class->xine, XINE_VERBOSITY_LOG, @@ -894,7 +894,7 @@ static ao_driver_t *open_plugin (audio_driver_class_t *class_gen, const void *da _("audio_oss_out: Audio driver realtime sync disabled...\n" "audio_oss_out: ...probing output buffer size: %d bytes\naudio_oss_out: ...there may be audio/video synchronization issues\n"), this->buffer_size); - audio_fd=open(this->audio_dev, O_WRONLY|O_NONBLOCK); + audio_fd = open_cloexec(this->audio_dev, O_WRONLY|O_NONBLOCK); if(audio_fd < 0) { @@ -1051,7 +1051,7 @@ static ao_driver_t *open_plugin (audio_driver_class_t *class_gen, const void *da _x_abort(); } - this->mixer.fd = open(this->mixer.name, O_RDONLY); + this->mixer.fd = open_cloexec(this->mixer.name, O_RDONLY); if(this->mixer.fd != -1) { diff --git a/src/audio_out/audio_sun_out.c b/src/audio_out/audio_sun_out.c index 2a154c09d..552d521bb 100644 --- a/src/audio_out/audio_sun_out.c +++ b/src/audio_out/audio_sun_out.c @@ -160,7 +160,7 @@ static int realtime_samplecounter_available(xine_t *xine, char *dev) if (silence == NULL) goto error; - if ((fd = open(dev, O_WRONLY|O_NONBLOCK)) < 0) + if ((fd = open_cloexec(dev, O_WRONLY|O_NONBLOCK)) < 0) goto error; /* We wanted non blocking open but now put it back to normal */ @@ -451,7 +451,7 @@ static int ao_sun_open(ao_driver_t *this_gen, * open audio device */ - this->audio_fd = open(this->audio_dev, O_WRONLY|O_NONBLOCK); + this->audio_fd = open_cloexec(this->audio_dev, O_WRONLY|O_NONBLOCK); if(this->audio_fd < 0) { xprintf(this->xine, XINE_VERBOSITY_LOG, _("audio_sun_out: opening audio device %s failed: %s\n"), this->audio_dev, strerror(errno)); @@ -941,8 +941,8 @@ static ao_driver_t *ao_sun_open_plugin (audio_driver_class_t *class_gen, const v /* * open the device */ - - this->audio_fd = open(this->audio_dev = devname, O_WRONLY|O_NONBLOCK); + this->audio_dev = devname; + this->audio_fd = open_cloexec(devname, O_WRONLY|O_NONBLOCK); if(this->audio_fd < 0) { diff --git a/src/input/input_cdda.c b/src/input/input_cdda.c index 567f38dd0..00c305ea1 100644 --- a/src/input/input_cdda.c +++ b/src/input/input_cdda.c @@ -1951,7 +1951,7 @@ static int cdda_open(cdda_input_plugin_t *this_gen, /* We use O_NONBLOCK for when /proc/sys/dev/cdrom/check_media is at 1 on * Linux systems */ - fd = open (cdda_device, O_RDONLY | O_NONBLOCK); + fd = open_cloexec(cdda_device, O_RDONLY | O_NONBLOCK); if (fd == -1) { return -1; } diff --git a/src/input/input_dvb.c b/src/input/input_dvb.c index e6abfd3d5..e56c3d260 100644 --- a/src/input/input_dvb.c +++ b/src/input/input_dvb.c @@ -606,7 +606,7 @@ static tuner_t *XINE_MALLOC tuner_init(xine_t * xine, int adapter) snprintf(this->dvr_device,100,"/dev/dvb/adapter%i/dvr0",this->adapter_num); snprintf(video_device,100,"/dev/dvb/adapter%i/video0",this->adapter_num); - if ((this->fd_frontend = open(this->frontend_device, O_RDWR)) < 0) { + if ((this->fd_frontend = open_cloexec(this->frontend_device, O_RDWR)) < 0) { xprintf(this->xine, XINE_VERBOSITY_DEBUG, "FRONTEND DEVICE: %s\n", strerror(errno)); tuner_dispose(this); return NULL; @@ -619,7 +619,7 @@ static tuner_t *XINE_MALLOC tuner_init(xine_t * xine, int adapter) } for (x = 0; x < MAX_FILTERS; x++) { - this->fd_pidfilter[x] = open(this->demux_device, O_RDWR); + this->fd_pidfilter[x] = open_cloexec(this->demux_device, O_RDWR); if (this->fd_pidfilter[x] < 0) { xprintf(this->xine, XINE_VERBOSITY_DEBUG, "DEMUX DEVICE PIDfilter: %s\n", strerror(errno)); tuner_dispose(this); @@ -627,7 +627,7 @@ static tuner_t *XINE_MALLOC tuner_init(xine_t * xine, int adapter) } } for (x = 0; x < MAX_SUBTITLES; x++) { - this->fd_subfilter[x] = open(this->demux_device, O_RDWR); + this->fd_subfilter[x] = open_cloexec(this->demux_device, O_RDWR); if (this->fd_subfilter[x] < 0) { xprintf(this->xine, XINE_VERBOSITY_DEBUG, "DEMUX DEVICE Subtitle filter: %s\n", strerror(errno)); } @@ -2140,7 +2140,7 @@ static int switch_channel(dvb_input_plugin_t *this, int channel) { for (x = 0; x < MAX_FILTERS; x++) { close(this->tuner->fd_pidfilter[x]); - this->tuner->fd_pidfilter[x] = open(this->tuner->demux_device, O_RDWR); + this->tuner->fd_pidfilter[x] = open_cloexec(this->tuner->demux_device, O_RDWR); } if (!tuner_set_channel (this, &this->channels[channel])) { @@ -2174,7 +2174,7 @@ static int switch_channel(dvb_input_plugin_t *this, int channel) { this->channel = channel; - this->fd = open (this->tuner->dvr_device, O_RDONLY | O_NONBLOCK); + this->fd = open_cloexec(this->tuner->dvr_device, O_RDONLY | O_NONBLOCK); this->tuned_in = 1; pthread_mutex_unlock (&this->channel_change_mutex); @@ -2248,7 +2248,7 @@ static void do_record (dvb_input_plugin_t *this) { } /* start recording */ - this->record_fd = open (filename, O_CREAT | O_APPEND | O_WRONLY, 0644); + this->record_fd = create_cloexec(filename, O_APPEND | O_WRONLY, S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH); this->stream->osd_renderer->clear (this->rec_osd); @@ -2992,7 +2992,7 @@ static int dvb_plugin_open(input_plugin_t * this_gen) return 0; } - if ((this->fd = open(this->tuner->dvr_device, O_RDONLY |O_NONBLOCK)) < 0) { + if ((this->fd = open_cloexec(this->tuner->dvr_device, O_RDONLY |O_NONBLOCK)) < 0) { xprintf(this->class->xine, XINE_VERBOSITY_LOG, _("input_dvb: cannot open dvr device '%s'\n"), this->tuner->dvr_device); return 0; diff --git a/src/input/input_file.c b/src/input/input_file.c index 4a1937390..b8d2b12b7 100644 --- a/src/input/input_file.c +++ b/src/input/input_file.c @@ -362,7 +362,7 @@ static int file_plugin_open (input_plugin_t *this_gen ) { else filename = strdup(this->mrl); /* NEVER unescape plain file names! */ - this->fh = open (filename, O_RDONLY|O_BINARY); + this->fh = open_cloexec(filename, O_RDONLY|O_BINARY); if (this->fh == -1) { if (errno == EACCES) { diff --git a/src/input/input_net.c b/src/input/input_net.c index 55339b2bb..076c11634 100644 --- a/src/input/input_net.c +++ b/src/input/input_net.c @@ -122,6 +122,18 @@ static int host_connect_attempt_ipv4(struct in_addr ia, int port, xine_t *xine) return -1; } +#ifndef WIN32 + if (fcntl(s, F_SETFD, FD_CLOEXEC) < 0) { + xine_log(xine, XINE_LOG_MSG, + _("input_net: Failed to make socket uninheritable (%s)\n"), + strerror(errno)); + } +#else + if (!SetHandleInformation((HANDLE)s, HANDLE_FLAG_INHERIT, 0)) { + xine_log(xine, XINE_LOG_MSG, "Failed to make socket uninheritable\n"); + } +#endif + sin.sin_family = AF_INET; sin.sin_addr = ia; sin.sin_port = htons(port); @@ -152,6 +164,18 @@ static int host_connect_attempt(int family, struct sockaddr* sin, int addrlen, x return -1; } +#ifndef WIN32 + if (fcntl(s, F_SETFD, FD_CLOEXEC) < 0) { + xine_log(xine, XINE_LOG_MSG, + _("input_net: Failed to make socket uninheritable (%s)\n"), + strerror(errno)); + } +#else + if (!SetHandleInformation((HANDLE)s, HANDLE_FLAG_INHERIT, 0)) { + xine_log(xine, XINE_LOG_MSG, "Failed to make socket uninheritable\n"); + } +#endif + #ifndef WIN32 if (connect(s, sin, addrlen)==-1 && errno != EINPROGRESS) #else diff --git a/src/input/input_pvr.c b/src/input/input_pvr.c index 5e7f7bca9..7ccad806e 100644 --- a/src/input/input_pvr.c +++ b/src/input/input_pvr.c @@ -583,7 +583,7 @@ static int pvr_break_rec_page (pvr_input_plugin_t *this) { lprintf("opening pvr file for writing (%s)\n", filename); - this->rec_fd = open(filename, O_RDWR | O_CREAT | O_TRUNC, 0666 ); + this->rec_fd = create_cloexec(filename, O_RDWR | O_TRUNC, S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH); if( this->rec_fd == -1 ) { xprintf(this->stream->xine, XINE_VERBOSITY_LOG, _("input_pvr: error creating pvr file (%s)\n"), filename); @@ -740,7 +740,7 @@ static int pvr_play_file(pvr_input_plugin_t *this, fifo_buffer_t *fifo, uint8_t lprintf("opening pvr file for reading (%s)\n", filename); - this->play_fd = open(filename, O_RDONLY ); + this->play_fd = open_cloexec(filename, O_RDONLY); if( this->play_fd == -1 ) { xprintf(this->stream->xine, XINE_VERBOSITY_LOG, _("input_pvr: error opening pvr file (%s)\n"), filename); @@ -1008,7 +1008,7 @@ static void pvr_event_handler (pvr_input_plugin_t *this) { /* as of ivtv 0.10.6: must close and reopen to set input */ close(this->dev_fd); - this->dev_fd = open (this->class->devname, O_RDWR); + this->dev_fd = open_cloexec(this->class->devname, O_RDWR); if (this->dev_fd < 0) { xprintf(this->stream->xine, XINE_VERBOSITY_DEBUG, "input_pvr: error opening device %s\n", this->class->devname ); @@ -1155,7 +1155,7 @@ static void pvr_event_handler (pvr_input_plugin_t *this) { /* how lame. we must close and reopen to change bitrate. */ close(this->dev_fd); - this->dev_fd = open (this->class->devname, O_RDWR); + this->dev_fd = open_cloexec(this->class->devname, O_RDWR); if (this->dev_fd == -1) { xprintf(this->stream->xine, XINE_VERBOSITY_LOG, _("input_pvr: error opening device %s\n"), this->class->devname ); @@ -1415,7 +1415,7 @@ static int pvr_plugin_open (input_plugin_t *this_gen ) { this->saved_id = 0; - this->dev_fd = open (this->class->devname, O_RDWR); + this->dev_fd = open_cloexec(this->class->devname, O_RDWR); if (this->dev_fd == -1) { xprintf(this->stream->xine, XINE_VERBOSITY_LOG, _("input_pvr: error opening device %s\n"), this->class->devname ); diff --git a/src/input/input_stdin_fifo.c b/src/input/input_stdin_fifo.c index 74f2a1014..c73488722 100644 --- a/src/input/input_stdin_fifo.c +++ b/src/input/input_stdin_fifo.c @@ -253,7 +253,7 @@ static int stdin_plugin_open (input_plugin_t *this_gen ) { char *filename; filename = (char *) &this->mrl[5]; - this->fh = open (filename, FILE_FLAGS); + this->fh = open_cloexec(filename, FILE_FLAGS); lprintf("filename '%s'\n", filename); diff --git a/src/input/input_v4l.c b/src/input/input_v4l.c index e3af41f85..68ed44b9c 100644 --- a/src/input/input_v4l.c +++ b/src/input/input_v4l.c @@ -797,7 +797,7 @@ static int open_radio_capture_device(v4l_input_plugin_t *this) entry = this->stream->xine->config->lookup_entry(this->stream->xine->config, "media.video4linux.radio_device"); - if((this->radio_fd = open(entry->str_value, O_RDWR)) < 0) { + if((this->radio_fd = open_cloexec(entry->str_value, O_RDWR)) < 0) { xprintf(this->stream->xine, XINE_VERBOSITY_LOG, "input_v4l: error opening v4l device (%s): %s\n", entry->str_value, strerror(errno)); @@ -850,7 +850,7 @@ static int open_video_capture_device(v4l_input_plugin_t *this) "media.video4linux.video_device"); /* Try to open the video device */ - if((this->video_fd = open(entry->str_value, O_RDWR)) < 0) { + if((this->video_fd = open_cloexec(entry->str_value, O_RDWR)) < 0) { xprintf(this->stream->xine, XINE_VERBOSITY_LOG, "input_v4l: error opening v4l device (%s): %s\n", entry->str_value, strerror(errno)); @@ -1539,7 +1539,7 @@ static void v4l_plugin_dispose (input_plugin_t *this_gen) { if (this->tuner_name) free(this->tuner_name); - /* Close video device only if device was openend */ + /* Close video device only if device was opened */ if (this->video_fd > 0) { /* Restore v4l audio volume */ @@ -1770,7 +1770,7 @@ static input_plugin_t *v4l_class_get_video_instance (input_class_t *cls_gen, "media.video4linux.video_device"); /* Try to open the video device */ - if((this->video_fd = open(entry->str_value, O_RDWR)) < 0) { + if((this->video_fd = open_cloexec(entry->str_value, O_RDWR)) < 0) { xprintf(this->stream->xine, XINE_VERBOSITY_LOG, "input_v4l: error opening v4l device (%s): %s\n", entry->str_value, strerror(errno)); @@ -1833,7 +1833,7 @@ static input_plugin_t *v4l_class_get_radio_instance (input_class_t *cls_gen, entry = this->stream->xine->config->lookup_entry(this->stream->xine->config, "media.video4linux.radio_device"); - if((this->radio_fd = open(entry->str_value, O_RDWR)) < 0) { + if((this->radio_fd = open_cloexec(entry->str_value, O_RDWR)) < 0) { xprintf(this->stream->xine, XINE_VERBOSITY_LOG, "input_v4l: error opening v4l device (%s): %s\n", entry->str_value, strerror(errno)); diff --git a/src/input/input_vcd.c b/src/input/input_vcd.c index 7000778b7..1da5b2839 100644 --- a/src/input/input_vcd.c +++ b/src/input/input_vcd.c @@ -829,7 +829,7 @@ static int vcd_plugin_open (input_plugin_t *this_gen) { char *filename; int fd; - fd = open (cls->device, O_RDONLY|O_EXCL); + fd = open_cloexec(cls->device, O_RDONLY|O_EXCL); if (fd == -1) { return 0; } @@ -972,7 +972,7 @@ static xine_mrl_t **vcd_class_get_dir (input_class_t *this_gen, const char *file return NULL; - fd = open (this->device, O_RDONLY|O_EXCL); + fd = open_cloexec(this->device, O_RDONLY|O_EXCL); if (fd == -1) { xprintf (this->xine, XINE_VERBOSITY_LOG, @@ -1034,7 +1034,7 @@ static char ** vcd_class_get_autoplay_list (input_class_t *this_gen, int *num_fi int i, fd; - fd = open (this->device, O_RDONLY|O_EXCL); + fd = open_cloexec(this->device, O_RDONLY|O_EXCL); if (fd == -1) { xprintf (this->xine, XINE_VERBOSITY_LOG, diff --git a/src/input/media_helper.c b/src/input/media_helper.c index e19ca63e6..616793499 100644 --- a/src/input/media_helper.c +++ b/src/input/media_helper.c @@ -99,7 +99,7 @@ int media_eject_media (xine_t *xine, const char *device) media_umount_media(device); /* printf("input_dvd: umount result: %s\n", strerror(errno)); */ - if ((fd = open (device, O_RDONLY|O_NONBLOCK)) > -1) { + if ((fd = open_cloexec(device, O_RDONLY|O_NONBLOCK)) > -1) { #if defined (__linux__) int ret, status; diff --git a/src/libw32dll/wine/registry.c b/src/libw32dll/wine/registry.c index 0ccf3de9b..6b9a30fa3 100644 --- a/src/libw32dll/wine/registry.c +++ b/src/libw32dll/wine/registry.c @@ -89,7 +89,7 @@ static void open_registry(void) printf("Multiple open_registry(>\n"); return; } - fd = open(localregpathname, O_RDONLY); + fd = open_cloexec(localregpathname, O_RDONLY); if (fd == -1) { printf("Creating new registry\n"); @@ -132,7 +132,7 @@ static void save_registry(void) int fd, i; if (!regs) init_registry(); - fd = open(localregpathname, O_WRONLY | O_CREAT, 00666); + fd = create_cloexec(localregpathname, O_WRONLY, S_IRUSR|S_IWUSR|S_IRGRP|S_IROTH); if (fd == -1) { printf("Failed to open registry file '%s' for writing.\n", diff --git a/src/video_out/video_out_fb.c b/src/video_out/video_out_fb.c index 315e77e66..752a18a27 100644 --- a/src/video_out/video_out_fb.c +++ b/src/video_out/video_out_fb.c @@ -825,17 +825,17 @@ static int open_fb_device(config_values_t *config, xine_t *xine) XINE_CONFIG_SECURITY, NULL, NULL); if(strlen(device_name) > 3) { - fd = open(device_name, O_RDWR); + fd = open_cloexec(device_name, O_RDWR); } else { device_name = "/dev/fb1"; - fd = open(device_name, O_RDWR); + fd = open_cloexec(device_name, O_RDWR); if(fd < 0) { device_name = "/dev/fb0"; - fd = open(device_name, O_RDWR); + fd = open_cloexec(device_name, O_RDWR); } } diff --git a/src/video_out/video_out_pgx64.c b/src/video_out/video_out_pgx64.c index c9ec38aa8..8f46e2dde 100644 --- a/src/video_out/video_out_pgx64.c +++ b/src/video_out/video_out_pgx64.c @@ -292,7 +292,7 @@ static int setup_dga(pgx64_driver_t *this) devname = dga_draw_devname(this->dgadraw); DGA_DRAW_UNLOCK(this->dgadraw); - if ((this->devfd = open(devname, O_RDWR)) < 0) { + if ((this->devfd = open_cloexec(devname, O_RDWR)) < 0) { xprintf(this->class->xine, XINE_VERBOSITY_LOG, _("video_out_pgx64: Error: can't open framebuffer device '%s'\n"), devname); XDgaUnGrabDrawable(this->dgadraw); XUnlockDisplay(this->display); diff --git a/src/video_out/video_out_syncfb.c b/src/video_out/video_out_syncfb.c index b3385a943..ac79f7740 100644 --- a/src/video_out/video_out_syncfb.c +++ b/src/video_out/video_out_syncfb.c @@ -888,7 +888,7 @@ static vo_driver_t *open_plugin (video_driver_class_t *class_gen, const void *vi _x_alphablend_init(&this->alphablend_extra_data, class->xine); /* check for syncfb device */ - if((this->fd = open(class->device_name, O_RDWR)) < 0) { + if((this->fd = open_cloexec(class->device_name, O_RDWR)) < 0) { xprintf(class->xine, XINE_VERBOSITY_DEBUG, "video_out_syncfb: aborting. (unable to open syncfb device \"%s\")\n", class->device_name); free(this); @@ -1095,7 +1095,7 @@ static void *init_class (xine_t *xine, void *visual_gen) { XINE_CONFIG_SECURITY, NULL, NULL); /* check for syncfb device */ - if((fd = open(device_name, O_RDWR)) < 0) { + if((fd = open_cloexec(device_name, O_RDWR)) < 0) { xprintf(xine, XINE_VERBOSITY_DEBUG, "video_out_syncfb: aborting. (unable to open syncfb device \"%s\")\n", device_name); return NULL; diff --git a/src/video_out/video_out_vidix.c b/src/video_out/video_out_vidix.c index 8298d3ede..b70844312 100644 --- a/src/video_out/video_out_vidix.c +++ b/src/video_out/video_out_vidix.c @@ -1257,7 +1257,7 @@ static vo_driver_t *vidixfb_open_plugin (video_driver_class_t *class_gen, const XINE_CONFIG_SECURITY, NULL, NULL); /* Open fb device for reading */ - if((fd = open("/dev/fb0", O_RDONLY)) < 0) { + if((fd = open_cloexec("/dev/fb0", O_RDONLY)) < 0) { xprintf(this->xine, XINE_VERBOSITY_DEBUG, "video_out_vidix: unable to open frame buffer device \"%s\": %s\n", device, strerror(errno)); return NULL; diff --git a/src/xine-engine/io_helper.c b/src/xine-engine/io_helper.c index b06c47709..5bcd95c63 100644 --- a/src/xine-engine/io_helper.c +++ b/src/xine-engine/io_helper.c @@ -66,6 +66,16 @@ static int _x_io_tcp_connect_ipv4(xine_stream_t *stream, const char *host, int p return -1; } +#ifndef WIN32 + if (fcntl(s, F_SETFD, FD_CLOEXEC) < 0) { + xprintf(stream->xine, XINE_VERBOSITY_DEBUG, "Failed to make socket uninheritable (%s)\n", strerror(errno)); + } +#else + if (!SetHandleInformation((HANDLE)s, HANDLE_FLAG_INHERIT, 0)) { + xprintf(stream->xine, XINE_VERBOSITY_DEBUG, "Failed to make socket uninheritable\n"); + } +#endif + #ifndef WIN32 if (fcntl (s, F_SETFL, fcntl (s, F_GETFL) | O_NONBLOCK) == -1) { _x_message(stream, XINE_MSG_CONNECTION_REFUSED, "can't put socket in non-blocking mode", strerror(errno), NULL); @@ -152,6 +162,16 @@ int _x_io_tcp_connect(xine_stream_t *stream, const char *host, int port) { continue; } +#ifndef WIN32 + if (fcntl(s, F_SETFD, FD_CLOEXEC) < 0) { + xprintf(stream->xine, XINE_VERBOSITY_DEBUG, "Failed to make socket uninheritable (%s)\n", strerror(errno)); + } +#else + if (!SetHandleInformation((HANDLE)s, HANDLE_FLAG_INHERIT, 0)) { + xprintf(stream->xine, XINE_VERBOSITY_DEBUG, "Failed to make socket uninheritable\n"); + } +#endif + /* * Enable the non-blocking features only when there's no other * address, allowing to use other addresses if available. diff --git a/src/xine-utils/utils.c b/src/xine-utils/utils.c index 2f62c95a8..f5d5a0ff3 100644 --- a/src/xine-utils/utils.c +++ b/src/xine-utils/utils.c @@ -38,6 +38,7 @@ #include #include #include +#include #if HAVE_EXECINFO_H #include @@ -56,6 +57,10 @@ #include #endif +#ifndef O_CLOEXEC +# define O_CLOEXEC 0 +#endif + typedef struct { char *language; /* name of the locale */ char *encoding; /* typical encoding */ @@ -697,3 +702,37 @@ char *xine_strcat_realloc (char **dest, char *append) strcat (*dest = newstr, append); return newstr; } + + +static int set_close_on_execute(int fd) +{ +#ifndef WIN32 + return fcntl(fd, F_SETFD, FD_CLOEXEC); +#else + return SetHandleInformation((HANDLE)_get_osfhandle(fd), HANDLE_FLAG_INHERIT, 0); +#endif +} + + +int open_cloexec(const char *name, int flags) +{ + int fd = open(name, (flags | O_CLOEXEC)); + + if (fd >= 0) { + set_close_on_execute(fd); + } + + return fd; +} + +int create_cloexec(const char *name, int flags, mode_t mode) +{ + int fd = open(name, (flags | O_CREAT | O_CLOEXEC), mode); + + if (fd >= 0) { + set_close_on_execute(fd); + } + + return fd; +} + diff --git a/src/xine-utils/xine_check.c b/src/xine-utils/xine_check.c index ad94b0382..90100d725 100644 --- a/src/xine-utils/xine_check.c +++ b/src/xine-utils/xine_check.c @@ -168,7 +168,7 @@ static xine_health_check_t* _x_health_check_cdrom (xine_health_check_t* hc) { return hc; } - if ( (fd = open(hc->cdrom_dev, O_RDWR)) < 0) { + if ( (fd = open(hc->cdrom_dev, O_RDWR | O_CLOEXEC)) < 0) { switch (errno) { case EACCES: set_hc_result (hc, XINE_HEALTH_CHECK_FAIL, "FAILED - %s permissions are not sufficient\n.", hc->cdrom_dev); @@ -204,7 +204,7 @@ static xine_health_check_t* _x_health_check_dvdrom(xine_health_check_t* hc) { return hc; } - if ( (fd = open(hc->dvd_dev, O_RDWR)) < 0) { + if ( (fd = open(hc->dvd_dev, O_RDWR | O_CLOEXEC)) < 0) { switch (errno) { case EACCES: set_hc_result (hc, XINE_HEALTH_CHECK_FAIL, "FAILED - %s permissions are not sufficient\n.", hc->dvd_dev); @@ -247,7 +247,7 @@ static xine_health_check_t* _x_health_check_dma (xine_health_check_t* hc) { return hc; } - fd = open (hc->dvd_dev, O_RDONLY | O_NONBLOCK); + fd = open (hc->dvd_dev, O_RDONLY | O_NONBLOCK | O_CLOEXEC); if (fd < 0) { set_hc_result(hc, XINE_HEALTH_CHECK_FAIL, "FAILED - Could not open %s.\n", hc->dvd_dev); return hc; diff --git a/src/xine-utils/xineutils.h b/src/xine-utils/xineutils.h index 0fd0bbf0e..5fe1fb7e5 100644 --- a/src/xine-utils/xineutils.h +++ b/src/xine-utils/xineutils.h @@ -215,6 +215,18 @@ void xine_strdupa(char *dest, char *src) XINE_PROTECTED XINE_DEPRECATED; */ char *xine_strcat_realloc (char **dest, char *append) XINE_PROTECTED; +/** + * opens a file, ensuring that the descriptor will be closed + * automatically after a fork/execute. + */ +int open_cloexec(const char *name, int flags) XINE_PROTECTED; + +/** + * creates a file, ensuring that the descriptor will be closed + * automatically after a fork/execute. + */ +int create_cloexec(const char *name, int flags, mode_t mode) XINE_PROTECTED; + /* * Color Conversion Utility Functions * The following data structures and functions facilitate the conversion -- cgit v1.2.3