upstream commit

use SO_ZEROIZE for privsep communication (if available)

Upstream-ID: abcbb6d2f8039fc4367a6a78096e5d5c39de4a62
This commit is contained in:
markus@openbsd.org 2017-05-31 10:04:29 +00:00 committed by Damien Miller
parent 9e509d4ec9
commit 84008608c9

View File

@ -1,4 +1,4 @@
/* $OpenBSD: monitor.c,v 1.170 2017/05/31 08:09:45 markus Exp $ */
/* $OpenBSD: monitor.c,v 1.171 2017/05/31 10:04:29 markus Exp $ */
/*
* Copyright 2002 Niels Provos <provos@citi.umich.edu>
* Copyright 2002 Markus Friedl <markus@openbsd.org>
@ -1655,9 +1655,18 @@ static void
monitor_openfds(struct monitor *mon, int do_logfds)
{
int pair[2];
#ifdef SO_ZEROIZE
int on = 1;
#endif
if (socketpair(AF_UNIX, SOCK_STREAM, 0, pair) == -1)
fatal("%s: socketpair: %s", __func__, strerror(errno));
#ifdef SO_ZEROIZE
if (setsockopt(pair[0], SOL_SOCKET, SO_ZEROIZE, &on, sizeof(on)) < 0)
error("setsockopt SO_ZEROIZE(0): %.100s", strerror(errno));
if (setsockopt(pair[1], SOL_SOCKET, SO_ZEROIZE, &on, sizeof(on)) < 0)
error("setsockopt SO_ZEROIZE(1): %.100s", strerror(errno));
#endif
FD_CLOSEONEXEC(pair[0]);
FD_CLOSEONEXEC(pair[1]);
mon->m_recvfd = pair[0];