CVE-2020-28012: Missing close-on-exec flag for privileged pipe

[exim.git] / src / src / rda.c

diff --git a/src/src/rda.c b/src/src/rda.c
index aed8abc246b54b5e1a764f0e13171c827f958542..ce6e7a36d910838ebaba5a430ca0a5edbf89e85f 100644 (file)
--- a/src/src/rda.c
+++ b/src/src/rda.c
@@ -618,9 +618,14 @@ search_tidyup();
 if ((pid = exim_fork(US"router-interpret")) == 0)
   {
   header_line *waslast = header_last;   /* Save last header */
+  int fd_flags = -1;
 
   fd = pfd[pipe_write];
   (void)close(pfd[pipe_read]);
+
+  if ((fd_flags = fcntl(fd, F_GETFD)) == -1) goto bad;
+  if (fcntl(fd, F_SETFD, fd_flags | FD_CLOEXEC) == -1) goto bad;
+
   exim_setugid(ugid->uid, ugid->gid, FALSE, rname);
 
   /* Addresses can get rewritten in filters; if we are not root or the exim