Use FD_CLOEXEC if possible (fixes #1821)
git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2363 152afb58-edef-0310-8abb-c4023f1b3aa9
This commit is contained in:
parent
36f74e5d23
commit
21c5377d3f
1
NEWS
1
NEWS
|
|
@ -21,6 +21,7 @@ NEWS
|
|||
* Fix fastcgi-authorizer handling; Status: 200 is now accepted as the doc requests
|
||||
* Compare address family in inet_ntop_cache
|
||||
* Revert CVE-2008-4359 (#1720) fix "encoding+simplifying urls for rewrite/redirect": too many regressions.
|
||||
* Use FD_CLOEXEC if possible (fixes #1821)
|
||||
|
||||
- 1.4.20 - 2008-09-30
|
||||
|
||||
|
|
|
|||
|
|
@ -1064,6 +1064,9 @@ int connection_handle_read_state(server *srv, connection *con) {
|
|||
if (dst_c->file.fd == -1) {
|
||||
/* this should not happen as we cache the fd, but you never know */
|
||||
dst_c->file.fd = open(dst_c->file.name->ptr, O_WRONLY | O_APPEND);
|
||||
#ifdef FD_CLOEXEC
|
||||
fcntl(dst_c->file.fd, F_SETFD, FD_CLOEXEC);
|
||||
#endif
|
||||
}
|
||||
} else {
|
||||
/* the chunk is too large now, close it */
|
||||
|
|
|
|||
|
|
@ -146,6 +146,10 @@ int log_error_cycle(server *srv) {
|
|||
/* ok, new log is open, close the old one */
|
||||
close(srv->errorlog_fd);
|
||||
srv->errorlog_fd = new_fd;
|
||||
#ifdef FD_CLOEXEC
|
||||
/* close fd on exec (cgi) */
|
||||
fcntl(srv->errorlog_fd, F_SETFD, FD_CLOEXEC);
|
||||
#endif
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -540,8 +540,9 @@ SETDEFAULTS_FUNC(log_access_open) {
|
|||
|
||||
return HANDLER_ERROR;
|
||||
}
|
||||
#ifdef FD_CLOEXEC
|
||||
fcntl(s->log_access_fd, F_SETFD, FD_CLOEXEC);
|
||||
|
||||
#endif
|
||||
}
|
||||
|
||||
return HANDLER_GO_ON;
|
||||
|
|
@ -584,6 +585,9 @@ SIGHUP_FUNC(log_access_cycle) {
|
|||
|
||||
return HANDLER_ERROR;
|
||||
}
|
||||
#ifdef FD_CLOEXEC
|
||||
fcntl(s->log_access_fd, F_SETFD, FD_CLOEXEC);
|
||||
#endif
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -245,7 +245,6 @@ SERVER_FUNC(mod_mysql_vhost_set_defaults) {
|
|||
if (!(buffer_is_empty(s->myuser) ||
|
||||
buffer_is_empty(s->mydb))) {
|
||||
my_bool reconnect = 1;
|
||||
int fd;
|
||||
|
||||
if (NULL == (s->mysql = mysql_init(NULL))) {
|
||||
log_error_write(srv, __FILE__, __LINE__, "s", "mysql_init() failed, exiting...");
|
||||
|
|
@ -267,19 +266,27 @@ SERVER_FUNC(mod_mysql_vhost_set_defaults) {
|
|||
return HANDLER_ERROR;
|
||||
}
|
||||
#undef FOO
|
||||
|
||||
#if 0
|
||||
/* set close_on_exec for mysql the hard way */
|
||||
/* Note: this only works as it is done during startup, */
|
||||
/* otherwise we cannot be sure that mysql is fd i-1 */
|
||||
if (-1 == (fd = open("/dev/null", 0))) {
|
||||
{ int fd;
|
||||
if (-1 != (fd = open("/dev/null", 0))) {
|
||||
close(fd);
|
||||
#ifdef FD_CLOEXEC
|
||||
fcntl(fd-1, F_SETFD, FD_CLOEXEC);
|
||||
}
|
||||
#endif
|
||||
} }
|
||||
#else
|
||||
#ifdef FD_CLOEXEC
|
||||
fcntl(s->mysql->net.fd, F_SETFD, FD_CLOEXEC);
|
||||
#endif
|
||||
#endif
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
|
||||
return HANDLER_GO_ON;
|
||||
return HANDLER_GO_ON;
|
||||
}
|
||||
|
||||
#define PATCH(x) \
|
||||
|
|
|
|||
|
|
@ -179,6 +179,11 @@ int mod_rrd_create_pipe(server *srv, plugin_data *p) {
|
|||
p->read_fd = from_rrdtool_fds[0];
|
||||
p->rrdtool_pid = pid;
|
||||
|
||||
#ifdef FD_CLOEXEC
|
||||
fcntl(p->write_fd, F_SETFD, FD_CLOEXEC);
|
||||
fcntl(p->read_fd, F_SETFD, FD_CLOEXEC);
|
||||
#endif
|
||||
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -1,5 +1,6 @@
|
|||
#include <ctype.h>
|
||||
#include <stdlib.h>
|
||||
#include <fcntl.h>
|
||||
#include <string.h>
|
||||
|
||||
#include "base.h"
|
||||
|
|
@ -180,6 +181,9 @@ SETDEFAULTS_FUNC(mod_trigger_b4_dl_set_defaults) {
|
|||
"gdbm-open failed");
|
||||
return HANDLER_ERROR;
|
||||
}
|
||||
#ifdef FD_CLOEXEC
|
||||
fcntl(gdbm_fdesc(s->db), F_SETFD, FD_CLOEXEC);
|
||||
#endif
|
||||
}
|
||||
#endif
|
||||
#if defined(HAVE_PCRE_H)
|
||||
|
|
|
|||
|
|
@ -1026,6 +1026,8 @@ static int webdav_parse_chunkqueue(server *srv, connection *con, plugin_data *p,
|
|||
if (MAP_FAILED == (c->file.mmap.start = mmap(0, c->file.length, PROT_READ, MAP_SHARED, c->file.fd, 0))) {
|
||||
log_error_write(srv, __FILE__, __LINE__, "ssbd", "mmap failed: ",
|
||||
strerror(errno), c->file.name, c->file.fd);
|
||||
close(c->file.fd);
|
||||
c->file.fd = -1;
|
||||
|
||||
return -1;
|
||||
}
|
||||
|
|
@ -1723,6 +1725,8 @@ URIHANDLER_FUNC(mod_webdav_subrequest_handler) {
|
|||
if (MAP_FAILED == (c->file.mmap.start = mmap(0, c->file.length, PROT_READ, MAP_SHARED, c->file.fd, 0))) {
|
||||
log_error_write(srv, __FILE__, __LINE__, "ssbd", "mmap failed: ",
|
||||
strerror(errno), c->file.name, c->file.fd);
|
||||
close(c->file.fd);
|
||||
c->file.fd = -1;
|
||||
|
||||
return HANDLER_ERROR;
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in New Issue