Open /dev/urandom with O_CLOEXEC.

Let's avoid bleeding file descriptors into our clients' children, shall we? XXX pullup
2020-02-15 23:19:37 +00:00 · 2020-02-15 23:19:37 +00:00 · 86465dbe5a
commit 86465dbe5a
parent 57d4369975
1 changed files with 1 additions and 1 deletions
--- a/crypto/external/bsd/openssl/dist/crypto/rand/rand_unix.c
+++ b/crypto/external/bsd/openssl/dist/crypto/rand/rand_unix.c
@ -479,7 +479,7 @@ static int get_random_device(size_t n)
        return rd->fd;

    /* open the random device ... */
-    if ((rd->fd = open(random_device_paths[n], O_RDONLY)) == -1)
+    if ((rd->fd = open(random_device_paths[n], O_RDONLY|O_CLOEXEC)) == -1)
        return rd->fd;

    /* ... and cache its relevant stat(2) data */