summaryrefslogtreecommitdiff
path: root/debian/patches/close_socket_before_scripts.patch
diff options
context:
space:
mode:
Diffstat (limited to 'debian/patches/close_socket_before_scripts.patch')
-rw-r--r--debian/patches/close_socket_before_scripts.patch102
1 files changed, 0 insertions, 102 deletions
diff --git a/debian/patches/close_socket_before_scripts.patch b/debian/patches/close_socket_before_scripts.patch
deleted file mode 100644
index 6e00c00..0000000
--- a/debian/patches/close_socket_before_scripts.patch
+++ /dev/null
@@ -1,102 +0,0 @@
---- a/src/openvpn/manage.c
-+++ b/src/openvpn/manage.c
-@@ -1499,7 +1499,6 @@ man_new_connection_post (struct management *man, const char *description)
- struct gc_arena gc = gc_new ();
-
- set_nonblock (man->connection.sd_cli);
-- set_cloexec (man->connection.sd_cli);
-
- man_connection_settings_reset (man);
-
-@@ -1640,7 +1639,6 @@ man_listen (struct management *man)
- * Set misc socket properties
- */
- set_nonblock (man->connection.sd_top);
-- set_cloexec (man->connection.sd_top);
-
- #if UNIX_SOCK_SUPPORT
- if (man->settings.flags & MF_UNIX_SOCK)
---- a/src/openvpn/socket.c
-+++ b/src/openvpn/socket.c
-@@ -771,6 +771,10 @@ create_socket_tcp (struct addrinfo* addrinfo)
- }
- #endif
-
-+ /* set socket file descriptor to not pass across execs, so that
-+ scripts don't have access to it */
-+ set_cloexec (sd);
-+
- return sd;
- }
-
-@@ -815,6 +819,11 @@ create_socket_udp (struct addrinfo* addrinfo, const unsigned int flags)
- }
- }
- #endif
-+
-+ /* set socket file descriptor to not pass across execs, so that
-+ scripts don't have access to it */
-+ set_cloexec (sd);
-+
- return sd;
- }
-
-@@ -968,6 +977,12 @@ socket_do_accept (socket_descriptor_t sd,
- openvpn_close_socket (new_sd);
- new_sd = SOCKET_UNDEFINED;
- }
-+ else
-+ {
-+ /* set socket file descriptor to not pass across execs, so that
-+ scripts don't have access to it */
-+ set_cloexec (sd);
-+ }
- return new_sd;
- }
-
-@@ -1617,6 +1632,7 @@ link_socket_init_phase1 (struct link_socket *sock,
- ASSERT (sock->info.proto != PROTO_TCP_CLIENT);
- ASSERT (socket_defined (inetd_socket_descriptor));
- sock->sd = inetd_socket_descriptor;
-+ set_cloexec (sock->sd); /* not created by create_socket*() */
- }
- else if (mode != LS_MODE_TCP_ACCEPT_FROM)
- {
-@@ -1677,13 +1693,6 @@ phase2_set_socket_flags (struct link_socket* sock)
- /* set socket to non-blocking mode */
- set_nonblock (sock->sd);
-
-- /* set socket file descriptor to not pass across execs, so that
-- scripts don't have access to it */
-- set_cloexec (sock->sd);
--
-- if (socket_defined (sock->ctrl_sd))
-- set_cloexec (sock->ctrl_sd);
--
- /* set Path MTU discovery options on the socket */
- set_mtu_discover_type (sock->sd, sock->mtu_discover_type, sock->info.af);
-
-@@ -3476,6 +3485,11 @@ create_socket_unix (void)
-
- if ((sd = socket (PF_UNIX, SOCK_STREAM, 0)) < 0)
- msg (M_ERR, "Cannot create unix domain socket");
-+
-+ /* set socket file descriptor to not pass across execs, so that
-+ scripts don't have access to it */
-+ set_cloexec (sd);
-+
- return sd;
- }
-
-@@ -3516,6 +3530,12 @@ socket_accept_unix (socket_descriptor_t sd,
-
- CLEAR (*remote);
- ret = accept (sd, (struct sockaddr *) remote, &remote_len);
-+ if ( ret >= 0 )
-+ {
-+ /* set socket file descriptor to not pass across execs, so that
-+ scripts don't have access to it */
-+ set_cloexec (ret);
-+ }
- return ret;
- }