When we create a new socket descriptor to be "closed" by libldap, go ahead
and mark it close-on-exec, just like we try to do with real LDAP client sockets.
diff -up nss_ldap-253/ldap-nss.c nss_ldap-259/ldap-nss.c
--- nss_ldap-253/ldap-nss.c 2008-05-16 12:49:23.000000000 -0400
+++ nss_ldap-253/ldap-nss.c 2008-05-16 12:49:18.000000000 -0400
@@ -891,14 +891,18 @@ do_drop_connection(int sd, int closeSd)
done. */
savedfd = do_dupfd (sd, -1);
dummyfd = socket (AF_INET, SOCK_STREAM, 0);
- if (dummyfd > -1 && dummyfd != sd)
- {
- /* we must let dup2 close sd for us to avoid race conditions
- * in multithreaded code.
- */
- do_dupfd (dummyfd, sd);
- do_closefd (dummyfd);
- }
+ if (dummyfd > -1)
+ {
+ (void) fcntl (dummyfd, F_SETFD, FD_CLOEXEC);
+ if (dummyfd != sd)
+ {
+ /* we must let dup2 close sd for us to avoid race conditions
+ * in multithreaded code.
+ */
+ do_dupfd (dummyfd, sd);
+ do_closefd (dummyfd);
+ }
+ }
#ifdef HAVE_LDAP_LD_FREE
#if defined(LDAP_API_FEATURE_X_OPENLDAP) && (LDAP_API_VERSION > 2000)
distrib
>
Scientific%20Linux
>
5x
>
x86_64
>
media
>
main-src
>
by-pkgid
>
f2c9a24e570f82c24fd7074143d03478
>
files
>
11
