From: Scott Cantor <cantor.2@osu.edu>
Date: Wed, 29 May 2013 19:08:47 +0000 (+0000)
Subject: https://issues.shibboleth.net/jira/browse/SSPCPP-569
X-Git-Tag: 2.5.2~10
X-Git-Url: http://www.project-moonshot.org/gitweb/?p=shibboleth%2Fcpp-sp.git;a=commitdiff_plain;h=c93bace8a29010e8c825ba028084c48743dad574

https://issues.shibboleth.net/jira/browse/SSPCPP-569
---

diff --git a/configure.ac b/configure.ac
index f066474..482acb7 100644
--- a/configure.ac
+++ b/configure.ac
@@ -81,6 +81,18 @@ AC_CHECK_FUNCS([strchr strdup strstr timegm gmtime_r localtime_r strtok_r strcas
 AC_CHECK_TYPES([struct sockaddr_storage], [], [], [[#include <sys/socket.h>]])
 AC_CHECK_MEMBERS([struct sockaddr.sa_len], [], [], [[#include <sys/socket.h>]])
 
+AC_CACHE_CHECK([for SOCK_CLOEXEC support], [shib_cv_sock_cloexec],
+[AC_TRY_RUN([
+#include <sys/types.h>
+#include <sys/socket.h>
+int main()
+{
+return socket(AF_INET, SOCK_STREAM|SOCK_CLOEXEC, 0) == -1;
+}], [shib_cv_sock_cloexec=yes], [shib_cv_sock_cloexec=no], [shib_cv_sock_cloexec=no])])
+
+if test "$shib_cv_sock_cloexec" = "yes"; then
+	AC_DEFINE([HAVE_SOCK_CLOEXEC], 1, [Define if the SOCK_CLOEXEC flag is supported])
+fi
 
 # checks for pthreads
 ACX_PTHREAD([enable_threads="pthread"],[enable_threads="no"])
diff --git a/shibsp/remoting/impl/TCPListener.cpp b/shibsp/remoting/impl/TCPListener.cpp
index 02df8e4..4d1452a 100644
--- a/shibsp/remoting/impl/TCPListener.cpp
+++ b/shibsp/remoting/impl/TCPListener.cpp
@@ -53,6 +53,7 @@
 #include <sys/stat.h>		/* for chmod() */
 #include <stdio.h>
 #include <stdlib.h>
+#include <fcntl.h>
 #include <errno.h>
 
 using namespace shibsp;
@@ -181,10 +182,15 @@ bool TCPListener::setup_tcp_sockaddr()
 
 bool TCPListener::create(ShibSocket& s) const
 {
+    int type = SOCK_STREAM;
+#ifdef HAVE_SOCK_CLOEXEC
+    type |= SOCK_CLOEXEC;
+#endif
+
 #ifdef HAVE_STRUCT_SOCKADDR_STORAGE
-    s = socket(m_sockaddr.ss_family, SOCK_STREAM, 0);
+    s = socket(m_sockaddr.ss_family, type, 0);
 #else
-    s = socket(m_sockaddr.sin_family, SOCK_STREAM, 0);
+    s = socket(m_sockaddr.sin_family, type, 0);
 #endif
 #ifdef WIN32
     if(s == INVALID_SOCKET)
@@ -192,6 +198,15 @@ bool TCPListener::create(ShibSocket& s) const
     if (s < 0)
 #endif
         return log_error("socket");
+
+#if !defined(HAVE_SOCK_CLOEXEC) && defined(HAVE_FD_CLOEXEC)
+    int fdflags = fcntl(s, F_GETFD);
+    if (fdflags != -1) {
+        fdflags |= FD_CLOEXEC;
+        fcntl(s, F_SETFD, fdflags);
+    }
+#endif
+
     return true;
 }
 
diff --git a/shibsp/remoting/impl/UnixListener.cpp b/shibsp/remoting/impl/UnixListener.cpp
index 75c5ff7..9fc5408 100644
--- a/shibsp/remoting/impl/UnixListener.cpp
+++ b/shibsp/remoting/impl/UnixListener.cpp
@@ -44,6 +44,7 @@
 #include <sys/stat.h>		/* for chmod() */
 #include <stdio.h>
 #include <stdlib.h>
+#include <fcntl.h>
 #include <errno.h>
 
 using namespace shibsp;
@@ -98,11 +99,24 @@ UnixListener::UnixListener(const DOMElement* e)
 #define UNIX_PATH_MAX 100
 #endif
 
-bool UnixListener::create(ShibSocket& sock) const
+bool UnixListener::create(ShibSocket& s) const
 {
-    sock = socket(PF_UNIX, SOCK_STREAM, 0);
-    if (sock < 0)
+    int type = SOCK_STREAM;
+#ifdef HAVE_SOCK_CLOEXEC
+    type |= SOCK_CLOEXEC;
+#endif
+    s = socket(PF_UNIX, type, 0);
+    if (s < 0)
         return log_error("socket");
+
+#if !defined(HAVE_SOCK_CLOEXEC) && defined(HAVE_FD_CLOEXEC)
+    int fdflags = fcntl(s, F_GETFD);
+    if (fdflags != -1) {
+        fdflags |= FD_CLOEXEC;
+        fcntl(s, F_SETFD, fdflags);
+    }
+#endif
+
     return true;
 }