net: fix {FileConn, FileListener, FilePacketConn} fd leak to child process.

All of them call `newFileFD' which must properly restore close-on-exec on duplicated fds. R=golang-dev, bradfitz, mikioh.mikioh CC=golang-dev https://golang.org/cl/6445081
2024-09-24 05:10:13 -06:00 · 2012-09-04 12:37:23 -07:00 · 2012-09-04 12:37:23 -07:00 · 2836c63459
commit 2836c63459
parent 532dee3842
2 changed files with 16 additions and 0 deletions
--- a/src/pkg/net/file.go
+++ b/src/pkg/net/file.go
@ -12,10 +12,14 @@ import (
 )

 func newFileFD(f *os.File) (*netFD, error) {
+	syscall.ForkLock.RLock()
 	fd, err := syscall.Dup(int(f.Fd()))
 	if err != nil {
+		syscall.ForkLock.RUnlock()
 		return nil, os.NewSyscallError("dup", err)
 	}
+	syscall.CloseOnExec(fd)
+	syscall.ForkLock.RUnlock()

 	sotype, err := syscall.GetsockoptInt(fd, syscall.SOL_SOCKET, syscall.SO_TYPE)
 	if err != nil {
--- a/src/pkg/os/exec/exec_test.go
+++ b/src/pkg/os/exec/exec_test.go
@ -167,6 +167,18 @@ func TestExtraFiles(t *testing.T) {
 	}
 	defer ln.Close()

+	// Make sure duplicated fds don't leak to the child.
+	f, err := ln.(*net.TCPListener).File()
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer f.Close()
+	ln2, err := net.FileListener(f)
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer ln2.Close()
+
 	// Force TLS root certs to be loaded (which might involve
 	// cgo), to make sure none of that potential C code leaks fds.
 	ts := httptest.NewTLSServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {