Set close-on-exec on all file descriptors we open.

[cubemap] / httpinput.cpp

diff --git a/httpinput.cpp b/httpinput.cpp
index 9cacc1f0041e8ebccbaccf6c101c35d82a7c899a..d0e1c5c82135f42bf7ac1b75e77d90af5d4a5402 100644 (file)
--- a/httpinput.cpp
+++ b/httpinput.cpp
@@ -1,5 +1,6 @@
 #include <assert.h>
 #include <errno.h>
+#include <fcntl.h>
 #include <math.h>
 #include <netdb.h>
 #include <netinet/in.h>
@@ -73,6 +74,10 @@ HTTPInput::HTTPInput(const InputProto &serialized)
          has_metacube_header(serialized.has_metacube_header()),
          sock(serialized.sock())
 {
+       // Set back the close-on-exec flag for the socket.
+       // (This can't leak into a child, since we haven't been started yet.)
+       fcntl(sock, F_SETFD, 1);
+
        pending_data.resize(serialized.pending_data().size());
        memcpy(&pending_data[0], serialized.pending_data().data(), serialized.pending_data().size());
 
@@ -111,6 +116,10 @@ void HTTPInput::close_socket()
 
 InputProto HTTPInput::serialize() const
 {
+       // Unset the close-on-exec flag for the socket.
+       // (This can't leak into a child, since there's only one thread left.)
+       fcntl(sock, F_SETFD, 0);
+
        InputProto serialized;
        serialized.set_state(state);
        serialized.set_url(url);
@@ -155,7 +164,7 @@ int HTTPInput::lookup_and_connect(const string &host, const string &port)
        for ( ; ai && !should_stop(); ai = ai->ai_next) {
                // Now do a non-blocking connect. This is important because we want to be able to be
                // woken up, even though it's rather cumbersome.
-               int sock = socket(ai->ai_family, SOCK_STREAM | SOCK_NONBLOCK, IPPROTO_TCP);
+               int sock = socket(ai->ai_family, SOCK_STREAM | SOCK_NONBLOCK | SOCK_CLOEXEC, IPPROTO_TCP);
                if (sock == -1) {
                        // Could be e.g. EPROTONOSUPPORT. The show must go on.
                        continue;