From 1330ca3b575de9fc9877c1867897ebfcf7c43386 Mon Sep 17 00:00:00 2001
From: Tavian Barnes <tavianator@tavianator.com>
Date: Fri, 5 Jul 2019 19:13:59 -0400
Subject: spawn: Fix moving the pipe out of the way

The old code could dup() the pipe from in_fd to out_fd, for example, and
neglected to keep it CLOEXEC.
---
 spawn.c | 12 +++++++++---
 1 file changed, 9 insertions(+), 3 deletions(-)

(limited to 'spawn.c')

diff --git a/spawn.c b/spawn.c
index 18ddd72..bcd2c08 100644
--- a/spawn.c
+++ b/spawn.c
@@ -147,9 +147,15 @@ static void bfs_spawn_exec(const char *exe, const struct bfs_spawn *ctx, char **
 	close(pipefd[0]);
 
 	for (const struct bfs_spawn_action *action = actions; action; action = action->next) {
-		// Move the error-reporting pipe out of the way if necessary
-		if (action->in_fd == pipefd[1] || action->out_fd == pipefd[1]) {
-			int fd = dup(pipefd[1]);
+		// Pretend the error-reporting pipe doesn't exist
+		if (action->in_fd == pipefd[1]) {
+			errno = EBADF;
+			goto fail;
+		}
+
+		// Move the pipe out of the way if necessary
+		if (action->out_fd == pipefd[1]) {
+			int fd = dup_cloexec(pipefd[1]);
 			if (fd < 0) {
 				goto fail;
 			}
-- 
cgit v1.2.3