diff options
Diffstat (limited to 'debian/patches/close_socket_before_scripts.patch')
-rw-r--r-- | debian/patches/close_socket_before_scripts.patch | 102 |
1 files changed, 0 insertions, 102 deletions
diff --git a/debian/patches/close_socket_before_scripts.patch b/debian/patches/close_socket_before_scripts.patch deleted file mode 100644 index 6e00c00..0000000 --- a/debian/patches/close_socket_before_scripts.patch +++ /dev/null @@ -1,102 +0,0 @@ ---- a/src/openvpn/manage.c -+++ b/src/openvpn/manage.c -@@ -1499,7 +1499,6 @@ man_new_connection_post (struct management *man, const char *description) - struct gc_arena gc = gc_new (); - - set_nonblock (man->connection.sd_cli); -- set_cloexec (man->connection.sd_cli); - - man_connection_settings_reset (man); - -@@ -1640,7 +1639,6 @@ man_listen (struct management *man) - * Set misc socket properties - */ - set_nonblock (man->connection.sd_top); -- set_cloexec (man->connection.sd_top); - - #if UNIX_SOCK_SUPPORT - if (man->settings.flags & MF_UNIX_SOCK) ---- a/src/openvpn/socket.c -+++ b/src/openvpn/socket.c -@@ -771,6 +771,10 @@ create_socket_tcp (struct addrinfo* addrinfo) - } - #endif - -+ /* set socket file descriptor to not pass across execs, so that -+ scripts don't have access to it */ -+ set_cloexec (sd); -+ - return sd; - } - -@@ -815,6 +819,11 @@ create_socket_udp (struct addrinfo* addrinfo, const unsigned int flags) - } - } - #endif -+ -+ /* set socket file descriptor to not pass across execs, so that -+ scripts don't have access to it */ -+ set_cloexec (sd); -+ - return sd; - } - -@@ -968,6 +977,12 @@ socket_do_accept (socket_descriptor_t sd, - openvpn_close_socket (new_sd); - new_sd = SOCKET_UNDEFINED; - } -+ else -+ { -+ /* set socket file descriptor to not pass across execs, so that -+ scripts don't have access to it */ -+ set_cloexec (sd); -+ } - return new_sd; - } - -@@ -1617,6 +1632,7 @@ link_socket_init_phase1 (struct link_socket *sock, - ASSERT (sock->info.proto != PROTO_TCP_CLIENT); - ASSERT (socket_defined (inetd_socket_descriptor)); - sock->sd = inetd_socket_descriptor; -+ set_cloexec (sock->sd); /* not created by create_socket*() */ - } - else if (mode != LS_MODE_TCP_ACCEPT_FROM) - { -@@ -1677,13 +1693,6 @@ phase2_set_socket_flags (struct link_socket* sock) - /* set socket to non-blocking mode */ - set_nonblock (sock->sd); - -- /* set socket file descriptor to not pass across execs, so that -- scripts don't have access to it */ -- set_cloexec (sock->sd); -- -- if (socket_defined (sock->ctrl_sd)) -- set_cloexec (sock->ctrl_sd); -- - /* set Path MTU discovery options on the socket */ - set_mtu_discover_type (sock->sd, sock->mtu_discover_type, sock->info.af); - -@@ -3476,6 +3485,11 @@ create_socket_unix (void) - - if ((sd = socket (PF_UNIX, SOCK_STREAM, 0)) < 0) - msg (M_ERR, "Cannot create unix domain socket"); -+ -+ /* set socket file descriptor to not pass across execs, so that -+ scripts don't have access to it */ -+ set_cloexec (sd); -+ - return sd; - } - -@@ -3516,6 +3530,12 @@ socket_accept_unix (socket_descriptor_t sd, - - CLEAR (*remote); - ret = accept (sd, (struct sockaddr *) remote, &remote_len); -+ if ( ret >= 0 ) -+ { -+ /* set socket file descriptor to not pass across execs, so that -+ scripts don't have access to it */ -+ set_cloexec (ret); -+ } - return ret; - } |