summaryrefslogtreecommitdiff
path: root/debian/patches/close_socket_before_scripts.patch
blob: fa51dce16c18926b35f1c158544f4d3e628e0fd1 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
Description: Set socket's FD_CLOEXEC flag before calling up script
 Moving the set_cloexec() call from link_socket_init_phase2() to
 link_socket_init_phase1().
Author: Julien Cristau <jcristau@debian.org>
Bug-Debian: http://bugs.debian.org/367716

Index: openvpn/src/openvpn/socket.c
===================================================================
--- openvpn.orig/src/openvpn/socket.c	2015-07-01 14:10:06.116131868 +0200
+++ openvpn/src/openvpn/socket.c	2015-07-01 14:10:06.112131911 +0200
@@ -1494,6 +1494,10 @@
       resolve_bind_local (sock);
       resolve_remote (sock, 1, NULL, NULL);
     }
+
+  /* set socket file descriptor to not pass across execs, so that
+     scripts don't have access to it */
+  set_cloexec (sock->sd);
 }
 
 /* finalize socket initialization */
@@ -1724,10 +1728,6 @@
   /* set socket to non-blocking mode */
   set_nonblock (sock->sd);
 
-  /* set socket file descriptor to not pass across execs, so that
-     scripts don't have access to it */
-  set_cloexec (sock->sd);
-
 #ifdef ENABLE_SOCKS
   if (socket_defined (sock->ctrl_sd))
     set_cloexec (sock->ctrl_sd);