Google Git
Sign in
boringssl/boringssl/4ff604e98f4b1bc04de5836d1d24f269c278d561^!/.
commit
4ff604e98f4b1bc04de5836d1d24f269c278d561
[log]
author
David Benjamin <davidben@google.com>
Mon Aug 29 12:14:34 2022 -0400
committer
Boringssl LUCI CQ <boringssl-scoped@luci-project-accounts.iam.gserviceaccount.com>
Mon Aug 29 16:31:37 2022 +0000
tree
800b4b5e4ea837e83f3f15b32be6f139d44a21e2
parent
779f7d0840a8bac4a0e10f2df4b08cd42df35592 [diff]
Use O_CLOEXEC instead of fcntl(FD_CLOEXEC)

O_CLOEXEC avoids a race condition and is less code. It was supported in
Linux starting 2.6.23. https://bugs.python.org/issue26343#msg260151 says
it's been available since macOS 10.7. Let's try using it instead of
fcntl and see if anything breaks. It's even part of POSIX these days.

Update-Note: BoringSSL's /dev/urandom code now assumes the platform
supports O_CLOEXEC.

Change-Id: I95313892b36539591685d4c83a387f77129ad3d1
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/54125
Reviewed-by: Adam Langley <agl@google.com>
Commit-Queue: David Benjamin <davidben@google.com>

diff --git a/crypto/fipsmodule/rand/urandom.c b/crypto/fipsmodule/rand/urandom.c
index 508d441..11f1b5b 100644
--- a/crypto/fipsmodule/rand/urandom.c
+++ b/crypto/fipsmodule/rand/urandom.c

@@ -198,7 +198,7 @@
 
   int fd;
   do {
-    fd = open("/dev/urandom", O_RDONLY);
+    fd = open("/dev/urandom", O_RDONLY | O_CLOEXEC);
   } while (fd == -1 && errno == EINTR);
 
   if (fd < 0) {
@@ -206,20 +206,6 @@
     abort();
   }
 
-  int flags = fcntl(fd, F_GETFD);
-  if (flags == -1) {
-    // Native Client doesn't implement |fcntl|.
-    if (errno != ENOSYS) {
-      perror("failed to get flags from urandom fd");
-      abort();
-    }
-  } else {
-    flags |= FD_CLOEXEC;
-    if (fcntl(fd, F_SETFD, flags) == -1) {
-      perror("failed to set FD_CLOEXEC on urandom fd");
-      abort();
-    }
-  }
   *urandom_fd_bss_get() = fd;
 }