CVE-2020-28012: Missing close-on-exec flag for privileged pipe

(cherry picked from commit 72dad1e64bb3d1ff387938f59678098cab1f60a3) (cherry picked from commit 645a31d16195bb6b73f0a0d0c04b2251e5b28421)
author: Qualys Security Advisory <qsa@qualys.com> 2021-02-21 21:53:55 -0800
committer: Heiko Schlittermann (HS12-RIPE) <hs@schlittermann.de> 2021-05-27 21:30:54 +0200
commit: e4e3d18dad8b9b8560889f552e1060d0f83c7159 (patch)
tree: fff179fc5cd867aa9c7e799a413bece66e42928f /src
parent: cf8734c3fd0823053ae3605beb8681d0957cf4a6 (diff)
1 files changed, 5 insertions, 0 deletions
diff --git a/src/src/rda.c b/src/src/rda.c
index 5615b64d5..fb3714ea2 100644
--- a/src/src/rda.c
+++ b/src/src/rda.c
@@ -618,9 +618,14 @@ search_tidyup();
 if ((pid = exim_fork(US"router-interpret")) == 0)
   {
   header_line *waslast = header_last;   /* Save last header */
+  int fd_flags = -1;
 
   fd = pfd[pipe_write];
   (void)close(pfd[pipe_read]);
+
+  if ((fd_flags = fcntl(fd, F_GETFD)) == -1) goto bad;
+  if (fcntl(fd, F_SETFD, fd_flags | FD_CLOEXEC) == -1) goto bad;
+
   exim_setugid(ugid->uid, ugid->gid, FALSE, rname);
 
   /* Addresses can get rewritten in filters; if we are not root or the exim
author	Qualys Security Advisory <qsa@qualys.com>	2021-02-21 21:53:55 -0800
committer	Heiko Schlittermann (HS12-RIPE) <hs@schlittermann.de>	2021-05-27 21:30:54 +0200
commit	e4e3d18dad8b9b8560889f552e1060d0f83c7159 (patch)
tree	fff179fc5cd867aa9c7e799a413bece66e42928f /src
parent	cf8734c3fd0823053ae3605beb8681d0957cf4a6 (diff)