commit ce95518ef9da9d15ef65e0ef244d160b0bda6744
from: Stefan Sperling <stsp@stsp.name>
via: Thomas Adam <thomas@xteddy.org>
date: Fri Dec 10 23:21:34 2021 UTC

ignore the return value of closefrom(2); patch by Anna a.k.a. CyberTailor

millert@ suggests that this check is not needed, and that ideally we
should be using close-on-exec instead. I will look into this, but in the
meantime this change will help -portable: https://bugs.gentoo.org/828003

commit - de0d3ad4a4246cdcfac503b8d941ac298f2606a7
commit + ce95518ef9da9d15ef65e0ef244d160b0bda6744
blob - ca518be1b33674bad2932799890ca39f6b2520f7
blob + 8f233724951636b43f7918f8b86e770717ee8987
--- lib/privsep.c
+++ lib/privsep.c
@@ -2763,14 +2763,12 @@ got_privsep_exec_child(int imsg_fds[2], const char *pa
 	}
 
 	if (dup2(imsg_fds[1], GOT_IMSG_FD_CHILD) == -1) {
-		fprintf(stderr, "%s: %s\n", getprogname(), strerror(errno));
-		_exit(1);
-	}
-	if (closefrom(GOT_IMSG_FD_CHILD + 1) == -1) {
 		fprintf(stderr, "%s: %s\n", getprogname(), strerror(errno));
 		_exit(1);
 	}
 
+	closefrom(GOT_IMSG_FD_CHILD + 1);
+
 	if (execl(path, path, repo_path, (char *)NULL) == -1) {
 		fprintf(stderr, "%s: %s: %s\n", getprogname(), path,
 		    strerror(errno));