From 11988579f5a4cdc91075eb2d7f73132ac5f37b5a Mon Sep 17 00:00:00 2001
From: Tom Li <tomli@tomli.me>
Date: Tue, 25 Dec 2018 23:22:48 +0800
Subject: [PATCH] allocator_thread.c: set O_CLOEXEC/FD_CLOEXEC for pipes, fix
 #273.

In proxychains, we create pipes and use them internally.
If exec() is called by the program we run, the pipes opened
previously are never closed, causing a file descriptor leak
may eventually crash the program.

This commit calls fcntl() to set FD_CLOEXEC flags on pipes.
AFAIK there's no race condition on pipe creation, but we still
prefer to call the newer pipe2() with O_CLOEXEC if it's supported
by the system, due to its advantage of atomic operation, which
prevents potential race conditions in the future.

Signed-off-by: Tom Li <tomli@tomli.me>
---
 src/allocator_thread.c | 13 ++++++++++++-
 1 file changed, 12 insertions(+), 1 deletion(-)

diff --git a/src/allocator_thread.c b/src/allocator_thread.c
index acc11d7..a16c984 100644
--- a/src/allocator_thread.c
+++ b/src/allocator_thread.c
@@ -309,7 +309,18 @@ size_t at_get_host_for_ip(ip_type4 ip, char* readbuf) {
 
 
 static void initpipe(int* fds) {
-	if(pipe(fds) == -1) {
+	int retval;
+
+#ifdef HAVE_PIPE2
+	retval = pipe2(fds, O_CLOEXEC);
+#else
+	retval = pipe(fds);
+	if(retval == 0) {
+		fcntl(fds[0], F_SETFD, FD_CLOEXEC);
+		fcntl(fds[1], F_SETFD, FD_CLOEXEC);
+	}
+#endif
+	if(retval == -1) {
 		perror("pipe");
 		exit(1);
 	}