util/token: don't leak /dev/urandom fd to children

Closes #3324.
author: Raphael Robatsch <raphael-git@tapesoftware.net> 2021-11-11 17:26:27 +0100
committer: Raphael Robatsch <raphael-git@tapesoftware.net> 2021-11-14 12:30:03 +0100
commit: 4a8e681a5fa82d59544fbdb8026f1606c41504e2 (patch)
tree: 634f1b76c149b5770f9c78d23eb6623c8778591a /util/token.c
parent: 3a685b10b66b9da6e0baa3ad48409db14e76eced (diff)
1 files changed, 12 insertions, 1 deletions
diff --git a/util/token.c b/util/token.c
index cf6034a3..1b839aaa 100644
--- a/util/token.c
+++ b/util/token.c
@@ -1,20 +1,31 @@
+#define _POSIX_C_SOURCE 200809L
 #include "util/token.h"
 #include "wlr/util/log.h"
 
+#include <fcntl.h>
 #include <inttypes.h>
 #include <stdint.h>
 #include <stdio.h>
 #include <string.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <unistd.h>
 
 bool generate_token(char out[static TOKEN_STRLEN]) {
 	static FILE *urandom = NULL;
 	uint64_t data[2];
 
 	if (!urandom) {
-		if (!(urandom = fopen("/dev/urandom", "r"))) {
+		int fd = open("/dev/urandom", O_RDONLY | O_CLOEXEC);
+		if (fd < 0) {
 			wlr_log_errno(WLR_ERROR, "Failed to open random device");
 			return false;
 		}
+		if (!(urandom = fdopen(fd, "r"))) {
+			wlr_log_errno(WLR_ERROR, "fdopen failed");
+			close(fd);
+			return false;
+		}
 	}
 	if (fread(data, sizeof(data), 1, urandom) != 1) {
 		wlr_log_errno(WLR_ERROR, "Failed to read from random device");
author	Raphael Robatsch <raphael-git@tapesoftware.net>	2021-11-11 17:26:27 +0100
committer	Raphael Robatsch <raphael-git@tapesoftware.net>	2021-11-14 12:30:03 +0100
commit	4a8e681a5fa82d59544fbdb8026f1606c41504e2 (patch)
tree	634f1b76c149b5770f9c78d23eb6623c8778591a /util/token.c
parent	3a685b10b66b9da6e0baa3ad48409db14e76eced (diff)