diff options
Diffstat (limited to 'debian/patches/close_socket_before_scripts.patch')
-rw-r--r-- | debian/patches/close_socket_before_scripts.patch | 32 |
1 files changed, 32 insertions, 0 deletions
diff --git a/debian/patches/close_socket_before_scripts.patch b/debian/patches/close_socket_before_scripts.patch new file mode 100644 index 0000000..dac7c91 --- /dev/null +++ b/debian/patches/close_socket_before_scripts.patch @@ -0,0 +1,32 @@ +Description: Set socket's FD_CLOEXEC flag before calling up script + Moving the set_cloexec() call from link_socket_init_phase2() to + link_socket_init_phase1(). +Author: Julien Cristau <jcristau@debian.org> +Bug-Debian: http://bugs.debian.org/367716 + +Index: openvpn/src/openvpn/socket.c +=================================================================== +--- openvpn.orig/src/openvpn/socket.c 2012-11-05 16:29:30.292804798 +0100 ++++ openvpn/src/openvpn/socket.c 2012-11-05 16:42:09.072567383 +0100 +@@ -1491,6 +1491,10 @@ + resolve_bind_local (sock); + resolve_remote (sock, 1, NULL, NULL); + } ++ ++ /* set socket file descriptor to not pass across execs, so that ++ scripts don't have access to it */ ++ set_cloexec (sock->sd); + } + + /* finalize socket initialization */ +@@ -1721,10 +1725,6 @@ + /* set socket to non-blocking mode */ + set_nonblock (sock->sd); + +- /* set socket file descriptor to not pass across execs, so that +- scripts don't have access to it */ +- set_cloexec (sock->sd); +- + #ifdef ENABLE_SOCKS + if (socket_defined (sock->ctrl_sd)) + set_cloexec (sock->ctrl_sd); |