commit 8bd0cdad05519cbb08d8d11223bdde0472678150
from: Stefan Sperling <stsp@stsp.name>
date: Fri Dec 31 09:11:21 2021 UTC

add O_CLOEXEC (close-on-exec) flag to open(2) calls

suggested by millert
ok thomas_adam

commit - 00fe21f262ab567bb792120514b49b37236c5422
commit + 8bd0cdad05519cbb08d8d11223bdde0472678150
blob - 3ed755af645b180970e90d42b138fb2269beb206
blob + 49c56bc9c0b68bfb9d7d28804b171f641b6baef8
--- got/got.c
+++ got/got.c
@@ -4448,7 +4448,7 @@ print_diff(void *arg, unsigned char status, unsigned c
 					goto done;
 			}
 		} else {
-			fd = open(abspath, O_RDONLY | O_NOFOLLOW);
+			fd = open(abspath, O_RDONLY | O_NOFOLLOW | O_CLOEXEC);
 			if (fd == -1) {
 				if (!got_err_open_nofollow_on_symlink()) {
 					err = got_error_from_errno2("open",
blob - f17dddcabf8aa19fd01c17dec68dc1a8ec2dd748
blob + 05d16ce90ea867ddc912cd1321d68b0262228307
--- lib/buf.c
+++ lib/buf.c
@@ -280,7 +280,7 @@ buf_write(BUF *b, const char *path, mode_t mode)
 	const struct got_error *err = NULL;
 	int fd;
  open:
-	if ((fd = open(path, O_WRONLY|O_CREAT|O_TRUNC, mode)) == -1) {
+	if ((fd = open(path, O_WRONLY|O_CREAT|O_TRUNC|O_CLOEXEC, mode)) == -1) {
 		err = got_error_from_errno2("open", path);
 		if (errno == EACCES && unlink(path) != -1)
 			goto open;
blob - 7133ec58bdbaf535f13ad65c71428d7eb891a975
blob + 664f170821f75b4356a1f141c1aebcf860ac1868
--- lib/gotconfig.c
+++ lib/gotconfig.c
@@ -51,7 +51,7 @@ got_gotconfig_read(struct got_gotconfig **conf, const 
 	if (*conf == NULL)
 		return got_error_from_errno("calloc");
 
-	fd = open(gotconfig_path, O_RDONLY);
+	fd = open(gotconfig_path, O_RDONLY | O_CLOEXEC);
 	if (fd == -1) {
 		if (errno == ENOENT)
 			return NULL;
blob - 846038c091fec21e8c028ab14a6fcdb0ea52c913
blob + 7d5db032fc35c2694da442ac214b29a5307fbc8f
--- lib/lockfile.c
+++ lib/lockfile.c
@@ -59,7 +59,7 @@ got_lockfile_lock(struct got_lockfile **lf, const char
 			    GOT_DEFAULT_FILE_MODE);
 		} else {
 			(*lf)->fd = open((*lf)->path,
-			    O_RDONLY | O_CREAT | O_EXCL | O_EXLOCK,
+			    O_RDONLY | O_CREAT | O_EXCL | O_EXLOCK | O_CLOEXEC,
 			    GOT_DEFAULT_FILE_MODE);
 		}
 		if ((*lf)->fd != -1)
blob - 5cfc0aee3892c25a4378b608302c31ca629fcabd
blob + a4cf395476aee75f57a0281a2184b91a09e360e3
--- lib/object.c
+++ lib/object.c
@@ -136,7 +136,7 @@ got_object_open_loose_fd(int *fd, struct got_object_id
 	err = got_object_get_path(&path, id, repo);
 	if (err)
 		return err;
-	*fd = open(path, O_RDONLY | O_NOFOLLOW);
+	*fd = open(path, O_RDONLY | O_NOFOLLOW | O_CLOEXEC);
 	if (*fd == -1) {
 		err = got_error_from_errno2("open", path);
 		goto done;
blob - 00534701c31ba3b8106d4b8a5c90d239e6320279
blob + e5e4c44c8a0327211b0094775682f2bed8ea42a8
--- lib/object_create.c
+++ lib/object_create.c
@@ -127,7 +127,7 @@ got_object_blob_file_create(struct got_object_id **id,
 
 	SHA1Init(&sha1_ctx);
 
-	fd = open(ondisk_path, O_RDONLY | O_NOFOLLOW);
+	fd = open(ondisk_path, O_RDONLY | O_NOFOLLOW | O_CLOEXEC);
 	if (fd == -1) {
 		if (!got_err_open_nofollow_on_symlink())
 			return got_error_from_errno2("open", ondisk_path);
blob - d94d085c6a81b1232aacfe54421d5ffa740b8393
blob + a00402e5edffaefb92ba18770b49fc07c8826c58
--- lib/path.c
+++ lib/path.c
@@ -500,7 +500,7 @@ got_path_create_file(const char *path, const char *con
 	const struct got_error *err = NULL;
 	int fd = -1;
 
-	fd = open(path, O_RDWR | O_CREAT | O_EXCL | O_NOFOLLOW,
+	fd = open(path, O_RDWR | O_CREAT | O_EXCL | O_NOFOLLOW | O_CLOEXEC,
 	    GOT_DEFAULT_FILE_MODE);
 	if (fd == -1) {
 		err = got_error_from_errno2("open", path);
blob - 3c4b83d77f6d8a35b74a2aeaffe36f60f8f0a7c3
blob + 76be29a1defe649f248e3d3f58461d3750f2cf49
--- lib/repository.c
+++ lib/repository.c
@@ -391,7 +391,8 @@ open_repo(struct got_repository *repo, const char *pat
 			err = got_error_from_errno("strdup");
 			goto done;
 		}
-		repo->gitdir_fd = open(repo->path_git_dir, O_DIRECTORY);
+		repo->gitdir_fd = open(repo->path_git_dir,
+		    O_DIRECTORY | O_CLOEXEC);
 		if (repo->gitdir_fd == -1) {
 			err = got_error_from_errno2("open",
 			    repo->path_git_dir);
@@ -413,7 +414,8 @@ open_repo(struct got_repository *repo, const char *pat
 			err = got_error_from_errno("strdup");
 			goto done;
 		}
-		repo->gitdir_fd = open(repo->path_git_dir, O_DIRECTORY);
+		repo->gitdir_fd = open(repo->path_git_dir,
+		    O_DIRECTORY | O_CLOEXEC);
 		if (repo->gitdir_fd == -1) {
 			err = got_error_from_errno2("open",
 			    repo->path_git_dir);
@@ -464,7 +466,7 @@ parse_gitconfig_file(int *gitconfig_repository_format_
 	if (gitconfig_owner)
 		*gitconfig_owner = NULL;
 
-	fd = open(gitconfig_path, O_RDONLY);
+	fd = open(gitconfig_path, O_RDONLY | O_CLOEXEC);
 	if (fd == -1) {
 		if (errno == ENOENT)
 			return NULL;
blob - d7d0ab9f80f5bc272b6a81a901c3647364c3e962
blob + 3eb6c068c9ec8ad604a9aed5b210039352af5827
--- lib/repository_admin.c
+++ lib/repository_admin.c
@@ -483,7 +483,7 @@ got_repo_find_pack(FILE **packfile, struct got_object_
 		goto done;
 	}
 
-	packfd = open(packfile_path, O_RDONLY | O_NOFOLLOW);
+	packfd = open(packfile_path, O_RDONLY | O_NOFOLLOW | O_CLOEXEC);
 	if (packfd == -1) {
 		err = got_error_from_errno2("open", packfile_path);
 		goto done;
blob - 5cb71cf2d175571202994bb618fbe611d6b96a53
blob + 213dabaab415529a22bc24fe5a59b6232be0184a
--- lib/worktree.c
+++ lib/worktree.c
@@ -1044,7 +1044,7 @@ merge_blob(int *local_changes_subsumed, struct got_wor
 			goto done;
 	} else {
 		int fd;
-		fd = open(ondisk_path, O_RDONLY | O_NOFOLLOW);
+		fd = open(ondisk_path, O_RDONLY | O_NOFOLLOW | O_CLOEXEC);
 		if (fd == -1) {
 			err = got_error_from_errno2("open", ondisk_path);
 			goto done;
@@ -1159,7 +1159,7 @@ replace_existing_symlink(int *did_something, const cha
 	 * caller. If we can successfully open a regular file then we simply
 	 * replace this file with a symlink below.
 	 */
-	fd = open(ondisk_path, O_RDWR | O_EXCL | O_NOFOLLOW);
+	fd = open(ondisk_path, O_RDWR | O_EXCL | O_NOFOLLOW | O_CLOEXEC);
 	if (fd == -1) {
 		if (!got_err_open_nofollow_on_symlink())
 			return got_error_from_errno2("open", ondisk_path);
@@ -1389,8 +1389,8 @@ install_blob(struct got_worktree *worktree, const char
 	int update = 0;
 	char *tmppath = NULL;
 
-	fd = open(ondisk_path, O_RDWR | O_CREAT | O_EXCL | O_NOFOLLOW,
-	    GOT_DEFAULT_FILE_MODE);
+	fd = open(ondisk_path, O_RDWR | O_CREAT | O_EXCL | O_NOFOLLOW |
+	    O_CLOEXEC, GOT_DEFAULT_FILE_MODE);
 	if (fd == -1) {
 		if (errno == ENOENT) {
 			char *parent;
@@ -1402,7 +1402,7 @@ install_blob(struct got_worktree *worktree, const char
 			if (err)
 				return err;
 			fd = open(ondisk_path,
-			    O_RDWR | O_CREAT | O_EXCL | O_NOFOLLOW,
+			    O_RDWR | O_CREAT | O_EXCL | O_NOFOLLOW | O_CLOEXEC,
 			    GOT_DEFAULT_FILE_MODE);
 			if (fd == -1)
 				return got_error_from_errno2("open",
@@ -1657,7 +1657,7 @@ get_file_status(unsigned char *status, struct stat *sb
 			goto done;
 		}
 	} else {
-		fd = open(abspath, O_RDONLY | O_NOFOLLOW);
+		fd = open(abspath, O_RDONLY | O_NOFOLLOW | O_CLOEXEC);
 		if (fd == -1 && errno != ENOENT &&
 		    !got_err_open_nofollow_on_symlink())
 			return got_error_from_errno2("open", abspath);
@@ -2816,7 +2816,7 @@ merge_file_cb(void *arg, struct got_blob_object *blob1
 			if (err)
 				goto done;
 
-			fd = open(ondisk_path, O_RDONLY | O_NOFOLLOW);
+			fd = open(ondisk_path, O_RDONLY | O_NOFOLLOW | O_CLOEXEC);
 			if (fd == -1) {
 				err = got_error_from_errno2("open",
 				    ondisk_path);
@@ -3649,7 +3649,7 @@ worktree_status(struct got_worktree *worktree, const c
 	    worktree->root_path, path[0] ? "/" : "", path) == -1)
 		return got_error_from_errno("asprintf");
 
-	fd = open(ondisk_path, O_RDONLY | O_NOFOLLOW | O_DIRECTORY);
+	fd = open(ondisk_path, O_RDONLY | O_NOFOLLOW | O_DIRECTORY | O_CLOEXEC);
 	if (fd == -1) {
 		if (errno != ENOTDIR && errno != ENOENT && errno != EACCES &&
 		    !got_err_open_nofollow_on_symlink())
@@ -4370,7 +4370,7 @@ create_patched_content(char **path_outfile, int revers
 			sb2.st_size = link_len;
 		}
 	} else {
-		fd2 = open(path2, O_RDONLY | O_NOFOLLOW);
+		fd2 = open(path2, O_RDONLY | O_NOFOLLOW | O_CLOEXEC);
 		if (fd2 == -1) {
 			if (!got_err_open_nofollow_on_symlink()) {
 				err = got_error_from_errno2("open", path2);
@@ -8347,7 +8347,8 @@ unstage_hunks(struct got_object_id *staged_blob_id,
 				goto done;
 		} else {
 			int fd;
-			fd = open(ondisk_path, O_RDONLY | O_NOFOLLOW);
+			fd = open(ondisk_path,
+			    O_RDONLY | O_NOFOLLOW | O_CLOEXEC);
 			if (fd == -1) {
 				err = got_error_from_errno2("open", ondisk_path);
 				goto done;
blob - 4a589cf5ece62d780a9e4fac1215b2df6a5ea5cc
blob + 965700c2ad7edf85000a045f92b3727fc9ebc460
--- lib/worktree_open.c
+++ lib/worktree_open.c
@@ -56,7 +56,7 @@ read_meta_file(char **content, const char *path_got, c
 		goto done;
 	}
 
-	fd = open(path, O_RDONLY | O_NOFOLLOW);
+	fd = open(path, O_RDONLY | O_NOFOLLOW | O_CLOEXEC);
 	if (fd == -1) {
 		if (errno == ENOENT)
 			err = got_error_path(path, GOT_ERR_WORKTREE_META);
@@ -131,7 +131,7 @@ open_worktree(struct got_worktree **worktree, const ch
 		goto done;
 	}
 
-	fd = open(path_lock, O_RDWR | O_EXLOCK | O_NONBLOCK);
+	fd = open(path_lock, O_RDWR | O_EXLOCK | O_NONBLOCK | O_CLOEXEC);
 	if (fd == -1) {
 		err = (errno == EWOULDBLOCK ? got_error(GOT_ERR_WORKTREE_BUSY)
 		    : got_error_from_errno2("open", path_lock));
@@ -213,7 +213,8 @@ open_worktree(struct got_worktree **worktree, const ch
 	err = got_gotconfig_read(&(*worktree)->gotconfig,
 	    (*worktree)->gotconfig_path);
 
-	(*worktree)->root_fd = open((*worktree)->root_path, O_DIRECTORY);
+	(*worktree)->root_fd = open((*worktree)->root_path,
+	    O_DIRECTORY | O_CLOEXEC);
 	if ((*worktree)->root_fd == -1) {
 		err = got_error_from_errno2("open", (*worktree)->root_path);
 		goto done;