Changeset: 2a1ffb21e9d9 for MonetDB
URL: https://dev.monetdb.org/hg/MonetDB?cmd=changeset;node=2a1ffb21e9d9
Modified Files:
NT/monetdb_config.h.in
clients/mapiclient/mnc.c
clients/mapilib/mapi.c
common/stream/stream.c
configure.ag
monetdb5/modules/mal/mal_mapi.c
tools/merovingian/daemon/client.c
tools/merovingian/daemon/connections.c
tools/merovingian/daemon/controlrunner.c
tools/merovingian/daemon/handlers.c
tools/merovingian/daemon/merovingian.c
tools/merovingian/daemon/multiplex-funnel.c
tools/merovingian/daemon/proxy.c
tools/merovingian/utils/control.c
Branch: Jul2017
Log Message:
If the system allows it, set close-on-exec flag when file descriptor is created.
Only Linux allows it. On other systems there is a race which could
leak file descriptors to child processes.
diffs (truncated from 806 to 300 lines):
diff --git a/NT/monetdb_config.h.in b/NT/monetdb_config.h.in
--- a/NT/monetdb_config.h.in
+++ b/NT/monetdb_config.h.in
@@ -1014,9 +1014,6 @@ typedef unsigned __int64 uint64_t;
#define false 0
#define __bool_true_false_are_defined 1
-/* normally defined in fcntl.h, but not on Windows */
-#define O_CLOEXEC 0
-
#ifdef HAVE_LONG_LONG
typedef long long lng;
diff --git a/clients/mapiclient/mnc.c b/clients/mapiclient/mnc.c
--- a/clients/mapiclient/mnc.c
+++ b/clients/mapiclient/mnc.c
@@ -58,6 +58,13 @@
#define SOCKLEN int
#endif
+#ifndef SOCK_CLOEXEC
+#define SOCK_CLOEXEC 0
+#endif
+
+#ifndef HAVE_ACCEPT4
+#define accept4(sockfd, addr, addlen, flags) accept(sockfd, addr, addrlen)
+#endif
static void
usage(void)
@@ -165,15 +172,15 @@ main(int argc, char **argv)
exit(1);
}
for (rp = res; rp; rp = rp->ai_next) {
- s = socket(rp->ai_family, rp->ai_socktype,
rp->ai_protocol);
+ s = socket(rp->ai_family, rp->ai_socktype |
SOCK_CLOEXEC, rp->ai_protocol);
if (s == INVALID_SOCKET)
continue;
if (connect(s, rp->ai_addr, (socklen_t) rp->ai_addrlen)
!= SOCKET_ERROR)
break; /* success */
closesocket(s);
}
-#ifdef HAVE_FCNTL
- fcntl(s, F_SETFD, FD_CLOEXEC);
+#if SOCK_CLOEXEC == 0 && defined(HAVE_FCNTL)
+ (void) fcntl(s, F_SETFD, FD_CLOEXEC);
#endif
freeaddrinfo(res);
if (rp == NULL) {
@@ -194,14 +201,14 @@ main(int argc, char **argv)
memcpy(&server.sin_addr, hp->h_addr_list[0], hp->h_length);
server.sin_family = hp->h_addrtype;
server.sin_port = htons((unsigned short) (port & 0xFFFF));
- s = socket(server.sin_family, SOCK_STREAM, IPPROTO_TCP);
+ s = socket(server.sin_family, SOCK_STREAM | SOCK_CLOEXEC,
IPPROTO_TCP);
if (s == INVALID_SOCKET) {
fprintf(stderr, "opening socket failed: %s\n",
strerror(errno));
exit(1);
}
-#ifdef HAVE_FCNTL
- fcntl(s, F_SETFD, FD_CLOEXEC);
+#if SOCK_CLOEXEC == 0 && defined(HAVE_FCNTL)
+ (void) fcntl(s, F_SETFD, FD_CLOEXEC);
#endif
if (connect(s, serv, sizeof(server)) == SOCKET_ERROR) {
@@ -223,12 +230,12 @@ main(int argc, char **argv)
exit(1);
}
- if ((sock = socket(AF_INET, SOCK_STREAM, 0)) == INVALID_SOCKET)
{
+ if ((sock = socket(AF_INET, SOCK_STREAM | SOCK_CLOEXEC, 0)) ==
INVALID_SOCKET) {
fprintf(stderr, "failed to create socket: %s\n",
strerror(errno));
exit(1);
}
-#ifdef HAVE_FCNTL
- fcntl(sock, F_SETFD, FD_CLOEXEC);
+#if SOCK_CLOEXEC == 0 && defined(HAVE_FCNTL)
+ (void) fcntl(sock, F_SETFD, FD_CLOEXEC);
#endif
setsockopt(sock, SOL_SOCKET, SO_REUSEADDR, (char *) &on, sizeof
on);
@@ -247,13 +254,13 @@ main(int argc, char **argv)
}
listen(sock, 1);
- if ((s = accept(sock, (SOCKPTR)0, (socklen_t *)0)) ==
INVALID_SOCKET) {
+ if ((s = accept4(sock, (SOCKPTR)0, (socklen_t *)0,
SOCK_CLOEXEC)) == INVALID_SOCKET) {
fprintf(stderr, "failed to accept connection: %s\n",
strerror(errno));
exit(1);
}
-#ifdef HAVE_FCNTL
- fcntl(s, F_SETFD, FD_CLOEXEC);
+#if defined(HAVE_FCNTL) && (SOCK_CLOEXEC == 0 || !defined(HAVE_ACCEPT4))
+ (void) fcntl(s, F_SETFD, FD_CLOEXEC);
#endif
}
diff --git a/clients/mapilib/mapi.c b/clients/mapilib/mapi.c
--- a/clients/mapilib/mapi.c
+++ b/clients/mapilib/mapi.c
@@ -774,6 +774,10 @@
#define INVALID_SOCKET (-1)
#endif
+#ifndef SOCK_CLOEXEC
+#define SOCK_CLOEXEC 0
+#endif
+
#define MAPIBLKSIZE 256 /* minimum buffer shipped */
/* information about the columns in a result set */
@@ -2365,7 +2369,7 @@ mapi_reconnect(Mapi mid)
return mapi_setError(mid, "path name too long",
"mapi_reconnect", MERROR);
}
- if ((s = socket(PF_UNIX, SOCK_STREAM, 0)) == INVALID_SOCKET) {
+ if ((s = socket(PF_UNIX, SOCK_STREAM | SOCK_CLOEXEC, 0)) ==
INVALID_SOCKET) {
snprintf(errbuf, sizeof(errbuf),
"opening socket failed: %s",
#ifdef _MSC_VER
@@ -2376,7 +2380,7 @@ mapi_reconnect(Mapi mid)
);
return mapi_setError(mid, errbuf, "mapi_reconnect",
MERROR);
}
-#ifdef HAVE_FCNTL
+#if SOCK_CLOEXEC == 0 && defined(HAVE_FCNTL)
(void) fcntl(s, F_SETFD, FD_CLOEXEC);
#endif
memset(&userver, 0, sizeof(struct sockaddr_un));
@@ -2442,10 +2446,10 @@ mapi_reconnect(Mapi mid)
return mapi_setError(mid, errbuf, "mapi_reconnect",
MERROR);
}
for (rp = res; rp; rp = rp->ai_next) {
- s = socket(rp->ai_family, rp->ai_socktype,
rp->ai_protocol);
+ s = socket(rp->ai_family, rp->ai_socktype |
SOCK_CLOEXEC, rp->ai_protocol);
if (s == INVALID_SOCKET)
continue;
-#ifdef HAVE_FCNTL
+#if SOCK_CLOEXEC == 0 && defined(HAVE_FCNTL)
(void) fcntl(s, F_SETFD, FD_CLOEXEC);
#endif
if (connect(s, rp->ai_addr, (socklen_t) rp->ai_addrlen)
!= SOCKET_ERROR)
@@ -2486,7 +2490,7 @@ mapi_reconnect(Mapi mid)
memcpy(&server.sin_addr, hp->h_addr_list[0], hp->h_length);
server.sin_family = hp->h_addrtype;
server.sin_port = htons((unsigned short) (mid->port & 0xFFFF));
- s = socket(server.sin_family, SOCK_STREAM, IPPROTO_TCP);
+ s = socket(server.sin_family, SOCK_STREAM | SOCK_CLOEXEC,
IPPROTO_TCP);
if (s == INVALID_SOCKET) {
snprintf(errbuf, sizeof(errbuf), "opening socket
failed: %s",
@@ -2498,7 +2502,7 @@ mapi_reconnect(Mapi mid)
);
return mapi_setError(mid, errbuf, "mapi_reconnect",
MERROR);
}
-#ifdef HAVE_FCNTL
+#if SOCK_CLOEXEC == 0 && defined(HAVE_FCNTL)
(void) fcntl(s, F_SETFD, FD_CLOEXEC);
#endif
diff --git a/common/stream/stream.c b/common/stream/stream.c
--- a/common/stream/stream.c
+++ b/common/stream/stream.c
@@ -127,6 +127,10 @@
#define INVALID_SOCKET (-1)
#endif
+#ifndef SOCK_CLOEXEC
+#define SOCK_CLOEXEC 0
+#endif
+
#ifdef NATIVE_WIN32
#define pclose _pclose
#define fileno(fd) _fileno(fd)
@@ -2683,10 +2687,10 @@ udp_socket(udp_stream *udp, const char *
return -1;
memset(&udp->addr, 0, sizeof(udp->addr));
for (rp = res; rp; rp = rp->ai_next) {
- udp->s = socket(rp->ai_family, rp->ai_socktype,
rp->ai_protocol);
+ udp->s = socket(rp->ai_family, rp->ai_socktype | SOCK_CLOEXEC,
rp->ai_protocol);
if (udp->s == INVALID_SOCKET)
continue;
-#ifdef HAVE_FCNTL
+#if SOCK_CLOEXEC == 0 && defined(HAVE_FCNTL)
(void) fcntl(udp->s, F_SETFD, FD_CLOEXEC);
#endif
if (!write &&
@@ -2722,11 +2726,11 @@ udp_socket(udp_stream *udp, const char *
udp->addr.sin_port = htons((unsigned short) (port & 0xFFFF));
serv = (struct sockaddr *) &udp->addr;
servsize = (socklen_t) sizeof(udp->addr);
- udp->s = socket(serv->sa_family, SOCK_DGRAM, IPPROTO_UDP);
+ udp->s = socket(serv->sa_family, SOCK_DGRAM | SOCK_CLOEXEC,
IPPROTO_UDP);
if (udp->s == INVALID_SOCKET)
return -1;
-#ifdef HAVE_FCNTL
- fcntl(udp->s, F_SETFD, FD_CLOEXEC);
+#if SOCK_CLOEXEC == 0 && defined(HAVE_FCNTL)
+ (void) fcntl(udp->s, F_SETFD, FD_CLOEXEC);
#endif
if (!write && bind(udp->s, serv, servsize) == SOCKET_ERROR)
return -1;
diff --git a/configure.ag b/configure.ag
--- a/configure.ag
+++ b/configure.ag
@@ -2690,6 +2690,7 @@ AC_FUNC_FSEEKO
save_LIBS="$LIBS"
LIBS="$LIBS $MATH_LIBS"
AC_CHECK_FUNCS([\
+ accept4 \
asctime_r \
backtrace \
cbrt \
@@ -2715,6 +2716,7 @@ AC_CHECK_FUNCS([\
nextafterf \
nl_langinfo \
_NSGetExecutablePath \
+ pipe2 \
popen \
posix_fadvise \
posix_fallocate \
diff --git a/monetdb5/modules/mal/mal_mapi.c b/monetdb5/modules/mal/mal_mapi.c
--- a/monetdb5/modules/mal/mal_mapi.c
+++ b/monetdb5/modules/mal/mal_mapi.c
@@ -72,6 +72,14 @@
#define SOCKLEN int
#endif
+#ifndef SOCK_CLOEXEC
+#define SOCK_CLOEXEC 0
+#endif
+
+#ifndef HAVE_ACCEPT4
+#define accept4(sockfd, addr, addrlen, flags) accept(sockfd, addr, addrlen)
+#endif
+
static char seedChars[] = {'a', 'b', 'c', 'd', 'e', 'f', 'g', 'h', 'i', 'j',
'k', 'l', 'm', 'n', 'o', 'p', 'q', 'r', 's', 't', 'u', 'v', 'w', 'x',
'y', 'z', 'A', 'B', 'C', 'D', 'E', 'F', 'G', 'H', 'I', 'J', 'K', 'L',
@@ -342,7 +350,7 @@ SERVERlistenThread(SOCKET *Sock)
continue;
}
if (sock != INVALID_SOCKET && FD_ISSET(sock, &fds)) {
- if ((msgsock = accept(sock, (SOCKPTR)0, (socklen_t
*)0)) == INVALID_SOCKET) {
+ if ((msgsock = accept4(sock, (SOCKPTR)0, (socklen_t
*)0, SOCK_CLOEXEC)) == INVALID_SOCKET) {
if (
#ifdef _MSC_VER
WSAGetLastError() != WSAEINTR
@@ -355,7 +363,7 @@ SERVERlistenThread(SOCKET *Sock)
}
continue;
}
-#ifdef HAVE_FCNTL
+#if defined(HAVE_FCNTL) && (SOCK_CLOEXEC == 0 || !defined(HAVE_ACCEPT4))
(void) fcntl(msgsock, F_SETFD, FD_CLOEXEC);
#endif
#ifdef HAVE_SYS_UN_H
@@ -367,7 +375,7 @@ SERVERlistenThread(SOCKET *Sock)
char ccmsg[CMSG_SPACE(sizeof(int))];
struct cmsghdr *cmsg;
- if ((msgsock = accept(usock, (SOCKPTR)0, (socklen_t
*)0)) == INVALID_SOCKET) {
+ if ((msgsock = accept4(usock, (SOCKPTR)0, (socklen_t
*)0, SOCK_CLOEXEC)) == INVALID_SOCKET) {
if (
#ifdef _MSC_VER
WSAGetLastError() != WSAEINTR
@@ -380,7 +388,7 @@ SERVERlistenThread(SOCKET *Sock)
}
continue;
}
-#ifdef HAVE_FCNTL
+#if defined(HAVE_FCNTL) && (SOCK_CLOEXEC == 0 || !defined(HAVE_ACCEPT4))
(void) fcntl(msgsock, F_SETFD, FD_CLOEXEC);
#endif
@@ -606,7 +614,7 @@ SERVERlisten(int *Port, str *Usockfile,
}
if (port > 0) {
- sock = socket(AF_INET, SOCK_STREAM, 0);
+ sock = socket(AF_INET, SOCK_STREAM | SOCK_CLOEXEC, 0);
if (sock == INVALID_SOCKET) {
GDKfree(psock);
if (usockfile)
@@ -620,7 +628,7 @@ SERVERlisten(int *Port, str *Usockfile,
#endif
);
}
-#ifdef HAVE_FCNTL
+#if SOCK_CLOEXEC == 0 && defined(HAVE_FCNTL)
(void) fcntl(sock, F_SETFD, FD_CLOEXEC);
#endif
@@ -699,7 +707,7 @@ SERVERlisten(int *Port, str *Usockfile,
}
#ifdef HAVE_SYS_UN_H
if (usockfile) {
_______________________________________________
checkin-list mailing list
checkin-list@monetdb.org
https://www.monetdb.org/mailman/listinfo/checkin-list
