Check the return value of fcntl() when setting FD_CLOEXEC.

This should never fail unless the fd is invalid. Problem reported by Matthias Gerstner of SUSE.
2021-01-06 10:16:00 -07:00
parent b132def0b1
commit 71339c574f
5 changed files with 56 additions and 20 deletions
--- a/lib/util/sudo_debug.c
+++ b/lib/util/sudo_debug.c
@@ -180,7 +180,10 @@ sudo_debug_new_output(struct sudo_debug_instance *instance,
 	}
 	ignore_result(fchown(output->fd, (uid_t)-1, 0));
    }
-    (void)fcntl(output->fd, F_SETFD, FD_CLOEXEC);
+    if (fcntl(output->fd, F_SETFD, FD_CLOEXEC) == -1) {
+	sudo_warn_nodebug("%s", output->filename);
+	goto bad;
+    }
    if (sudo_debug_fds_size < output->fd) {
 	/* Bump fds size to the next multiple of 4 * NBBY. */
 	const int old_size = sudo_debug_fds_size / NBBY;