commit 60bce378cfa29463f57756fc724d1572747f4fc5
author Maciej Żenczykowski <maze@google.com> Tue Apr 09 01:58:52 2019 -0700
committer Maciej Żenczykowski <maze@google.com> Wed Apr 10 01:17:47 2019 -0700
tree d326aaffc6a78cbff16b31e55deab37a1caf57ca
parent 4e1601e533b4b34d38e4eed229180257a385181b

Fix some clatd cloexec and file descriptor leaking via missing close()

Not terribly important since clatd doesn't exec anything,
but was muddying the waters while I was searching for other
fd-survives-across-exec leakage in netd.  While at it also
fix another leaked fd which we forgot to close().

Test: builds and boots

Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: Iceb7d4052dc9be29db5c7bb3fe2ee27da7864379

clatd.c

diff --git a/clatd.c b/clatd.c
index 94a0f06..06ca799 100644
--- a/clatd.c
+++ b/clatd.c
@@ -231,7 +231,7 @@
  *   mark - the socket mark to use for the sending raw socket
  */
 void open_sockets(struct tun_data *tunnel, uint32_t mark) {
-  int rawsock = socket(AF_INET6, SOCK_RAW | SOCK_NONBLOCK, IPPROTO_RAW);
+  int rawsock = socket(AF_INET6, SOCK_RAW | SOCK_NONBLOCK | SOCK_CLOEXEC, IPPROTO_RAW);
   if (rawsock < 0) {
     logmsg(ANDROID_LOG_FATAL, "raw socket failed: %s", strerror(errno));
     exit(1);

config.c

diff --git a/config.c b/config.c
index 5a9d599..f84a61f 100644
--- a/config.c
+++ b/config.c
@@ -227,7 +227,7 @@
 
 // Factored out to a separate function for testability.
 int connect_is_ipv4_address_free(in_addr_t addr) {
-  int s = socket(AF_INET, SOCK_DGRAM, 0);
+  int s = socket(AF_INET, SOCK_DGRAM | SOCK_CLOEXEC, 0);
   if (s == -1) {
     return 0;
   }

mtu.c

diff --git a/mtu.c b/mtu.c
index 567d177..472bd4e 100644
--- a/mtu.c
+++ b/mtu.c
@@ -22,6 +22,7 @@
 #include <sys/ioctl.h>
 #include <sys/socket.h>
 #include <sys/types.h>
+#include <unistd.h>
 
 #include "mtu.h"
 
@@ -33,14 +34,16 @@
   int fd;
   struct ifreq if_mtu;
 
-  fd = socket(AF_INET, SOCK_STREAM, 0);
+  fd = socket(AF_INET, SOCK_STREAM | SOCK_CLOEXEC, 0);
   if (fd < 0) {
     return -1;
   }
   strncpy(if_mtu.ifr_name, ifname, IFNAMSIZ);
   if_mtu.ifr_name[IFNAMSIZ - 1] = '\0';
   if (ioctl(fd, SIOCGIFMTU, &if_mtu) < 0) {
+    close(fd);
     return -1;
   }
+  close(fd);
   return if_mtu.ifr_mtu;
 }

ring.c

diff --git a/ring.c b/ring.c
index 61d40d2..e836a55 100644
--- a/ring.c
+++ b/ring.c
@@ -30,7 +30,7 @@
 #include "tun.h"
 
 int ring_create(struct tun_data *tunnel) {
-  int packetsock = socket(AF_PACKET, SOCK_DGRAM, htons(ETH_P_IPV6));
+  int packetsock = socket(AF_PACKET, SOCK_DGRAM | SOCK_CLOEXEC, htons(ETH_P_IPV6));
   if (packetsock < 0) {
     logmsg(ANDROID_LOG_FATAL, "packet socket failed: %s", strerror(errno));
     return -1;