util/token: don't leak /dev/urandom fd to children

Closes #3324.
This commit is contained in:
Raphael Robatsch 2021-11-11 17:26:27 +01:00
parent 3a685b10b6
commit 4a8e681a5f
1 changed files with 12 additions and 1 deletions

View File

@ -1,20 +1,31 @@
#define _POSIX_C_SOURCE 200809L
#include "util/token.h"
#include "wlr/util/log.h"
#include <fcntl.h>
#include <inttypes.h>
#include <stdint.h>
#include <stdio.h>
#include <string.h>
#include <sys/types.h>
#include <sys/stat.h>
#include <unistd.h>
bool generate_token(char out[static TOKEN_STRLEN]) {
static FILE *urandom = NULL;
uint64_t data[2];
if (!urandom) {
if (!(urandom = fopen("/dev/urandom", "r"))) {
int fd = open("/dev/urandom", O_RDONLY | O_CLOEXEC);
if (fd < 0) {
wlr_log_errno(WLR_ERROR, "Failed to open random device");
return false;
}
if (!(urandom = fdopen(fd, "r"))) {
wlr_log_errno(WLR_ERROR, "fdopen failed");
close(fd);
return false;
}
}
if (fread(data, sizeof(data), 1, urandom) != 1) {
wlr_log_errno(WLR_ERROR, "Failed to read from random device");