git://git.exim.org
/
exim.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
CVE-2020-28012: Missing close-on-exec flag for privileged pipe
[exim.git]
/
src
/
src
/
rda.c
diff --git
a/src/src/rda.c
b/src/src/rda.c
index aed8abc246b54b5e1a764f0e13171c827f958542..ce6e7a36d910838ebaba5a430ca0a5edbf89e85f 100644
(file)
--- a/
src/src/rda.c
+++ b/
src/src/rda.c
@@
-618,9
+618,14
@@
search_tidyup();
if ((pid = exim_fork(US"router-interpret")) == 0)
{
header_line *waslast = header_last; /* Save last header */
if ((pid = exim_fork(US"router-interpret")) == 0)
{
header_line *waslast = header_last; /* Save last header */
+ int fd_flags = -1;
fd = pfd[pipe_write];
(void)close(pfd[pipe_read]);
fd = pfd[pipe_write];
(void)close(pfd[pipe_read]);
+
+ if ((fd_flags = fcntl(fd, F_GETFD)) == -1) goto bad;
+ if (fcntl(fd, F_SETFD, fd_flags | FD_CLOEXEC) == -1) goto bad;
+
exim_setugid(ugid->uid, ugid->gid, FALSE, rname);
/* Addresses can get rewritten in filters; if we are not root or the exim
exim_setugid(ugid->uid, ugid->gid, FALSE, rname);
/* Addresses can get rewritten in filters; if we are not root or the exim