From: Rusty Russell <rusty@rustcorp.com.au>
Date: Wed, 14 Aug 2019 03:43:46 +0000 (+0930)
Subject: pipecmd: close fds in child.
X-Git-Url: https://git.ozlabs.org/?p=ccan;a=commitdiff_plain;h=46cfc3ad7e2defa96ba04366b60436dfa078ef87;hp=b98c68473e3317e09ebcc2d7d46e374fc08c531d

pipecmd: close fds in child.

This is usually what you want; I didn't even add a flag to stop it.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
---

diff --git a/ccan/pipecmd/pipecmd.c b/ccan/pipecmd/pipecmd.c
index d45713b6..afeaf5a0 100644
--- a/ccan/pipecmd/pipecmd.c
+++ b/ccan/pipecmd/pipecmd.c
@@ -137,6 +137,13 @@ pid_t pipecmdarr(int *fd_tochild, int *fd_fromchild, int *fd_errfromchild,
 				goto child_errno_fail;
 			close(errfromchild[1]);
 		}
+
+		/* Make (fairly!) sure all other fds are closed. */
+		int max = sysconf(_SC_OPEN_MAX);
+		for (int i = 3; i < max; i++)
+			if (i != execfail[1])
+				close(i);
+
 		execvp(arr[0], arr);
 
 	child_errno_fail:
diff --git a/ccan/pipecmd/pipecmd.h b/ccan/pipecmd/pipecmd.h
index 5bbaefc0..3c169ade 100644
--- a/ccan/pipecmd/pipecmd.h
+++ b/ccan/pipecmd/pipecmd.h
@@ -20,7 +20,8 @@
  * If @errfd == @outfd (and non-NULL) they will be shared.
  * If @infd, @outfd or @errfd is &pipecmd_preserve, it is unchanged.
  *
- * The return value is the pid of the child, or -1.
+ * The return value is the pid of the child, or -1.  All other file-descriptors
+ * are closed in the child.
  */
 pid_t pipecmd(int *infd, int *outfd, int *errfd, const char *cmd, ...);