Update closefrom from OpenSSH for macOS code which is now needed.

compat/closefrom.c

@@ -14,6 +14,8 @@
  * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  */
 
+#include "compat.h"
+
 #ifndef HAVE_CLOSEFROM
 
 #include <sys/types.h>
@@ -44,8 +46,9 @@
 #  include <ndir.h>
 # endif
 #endif
-
-#include "compat.h"
+#if defined(HAVE_LIBPROC_H)
+# include <libproc.h>
+#endif
 
 #ifndef OPEN_MAX
 # define OPEN_MAX	256
@@ -55,39 +58,15 @@
 __unused static const char rcsid[] = "$Sudo: closefrom.c,v 1.11 2006/08/17 15:26:54 millert Exp $";
 #endif /* lint */
 
+#ifndef HAVE_FCNTL_CLOSEM
 /*
  * Close all file descriptors greater than or equal to lowfd.
  */
-#ifdef HAVE_FCNTL_CLOSEM
-void
-closefrom(int lowfd)
+static void
+closefrom_fallback(int lowfd)
 {
-    (void) fcntl(lowfd, F_CLOSEM, 0);
-}
-#else
-void
-closefrom(int lowfd)
-{
-    long fd, maxfd;
-#if defined(HAVE_DIRFD) && defined(HAVE_PROC_PID)
-    char fdpath[PATH_MAX], *endp;
-    struct dirent *dent;
-    DIR *dirp;
-    int len;
+	long fd, maxfd;
 
-    /* Check for a /proc/$$/fd directory. */
-    len = snprintf(fdpath, sizeof(fdpath), "/proc/%ld/fd", (long)getpid());
-    if (len > 0 && (size_t)len <= sizeof(fdpath) && (dirp = opendir(fdpath))) {
-	while ((dent = readdir(dirp)) != NULL) {
-	    fd = strtol(dent->d_name, &endp, 10);
-	    if (dent->d_name != endp && *endp == '\0' &&
-		fd >= 0 && fd < INT_MAX && fd >= lowfd && fd != dirfd(dirp))
-		(void) close((int) fd);
-	}
-	(void) closedir(dirp);
-    } else
-#endif
-    {
 	/*
 	 * Fall back on sysconf() or getdtablesize().  We avoid checking
 	 * resource limits since it is possible to open a file descriptor
@@ -99,11 +78,78 @@ closefrom(int lowfd)
 	maxfd = getdtablesize();
 #endif /* HAVE_SYSCONF */
 	if (maxfd < 0)
-	    maxfd = OPEN_MAX;
+		maxfd = OPEN_MAX;
 
 	for (fd = lowfd; fd < maxfd; fd++)
-	    (void) close((int) fd);
+		(void) close((int) fd);
+}
+#endif /* HAVE_FCNTL_CLOSEM */
+
+#ifdef HAVE_FCNTL_CLOSEM
+void
+closefrom(int lowfd)
+{
+    (void) fcntl(lowfd, F_CLOSEM, 0);
+}
+#elif defined(HAVE_LIBPROC_H) && defined(HAVE_PROC_PIDINFO)
+void
+closefrom(int lowfd)
+{
+	int i, r, sz;
+	pid_t pid = getpid();
+	struct proc_fdinfo *fdinfo_buf = NULL;
+
+	sz = proc_pidinfo(pid, PROC_PIDLISTFDS, 0, NULL, 0);
+	if (sz == 0)
+		return; /* no fds, really? */
+	else if (sz == -1)
+		goto fallback;
+	if ((fdinfo_buf = malloc(sz)) == NULL)
+		goto fallback;
+	r = proc_pidinfo(pid, PROC_PIDLISTFDS, 0, fdinfo_buf, sz);
+	if (r < 0 || r > sz)
+		goto fallback;
+	for (i = 0; i < r / (int)PROC_PIDLISTFD_SIZE; i++) {
+		if (fdinfo_buf[i].proc_fd >= lowfd)
+			close(fdinfo_buf[i].proc_fd);
+	}
+	free(fdinfo_buf);
+	return;
+ fallback:
+	free(fdinfo_buf);
+	closefrom_fallback(lowfd);
+	return;
+}
+#elif defined(HAVE_DIRFD) && defined(HAVE_PROC_PID)
+void
+closefrom(int lowfd)
+{
+    long fd;
+    char fdpath[PATH_MAX], *endp;
+    struct dirent *dent;
+    DIR *dirp;
+    int len;
+
+    /* Check for a /proc/$$/fd directory. */
+    len = snprintf(fdpath, sizeof(fdpath), "/proc/%ld/fd", (long)getpid());
+    if (len > 0 && (size_t)len < sizeof(fdpath) && (dirp = opendir(fdpath))) {
+	while ((dent = readdir(dirp)) != NULL) {
+	    fd = strtol(dent->d_name, &endp, 10);
+	    if (dent->d_name != endp && *endp == '\0' &&
+		fd >= 0 && fd < INT_MAX && fd >= lowfd && fd != dirfd(dirp))
+		(void) close((int) fd);
+	}
+	(void) closedir(dirp);
+	return;
     }
+    /* /proc/$$/fd strategy failed, fall back to brute force closure */
+    closefrom_fallback(lowfd);
+}
+#else
+void
+closefrom(int lowfd)
+{
+	closefrom_fallback(lowfd);
 }
 #endif /* !HAVE_FCNTL_CLOSEM */
 #endif /* HAVE_CLOSEFROM */

configure.ac

@@ -76,6 +76,7 @@ AC_CHECK_HEADERS([ \
 	dirent.h \
 	fcntl.h \
 	inttypes.h \
+	libproc.h \
 	libutil.h \
 	ndir.h \
 	paths.h \
@@ -101,7 +102,8 @@ AC_CHECK_FUNCS([ \
 	dirfd \
 	flock \
 	prctl \
-	sysconf \
+	proc_pidinfo \
+	sysconf
 ])
 
 # Check for functions with a compatibility implementation.