Fixes #4500 -- use O_CLOEXEC when opening the /dev/urandom file descriptor (#4507)

* Fixes #4500 -- use O_CLOEXEC when opening the /dev/urandom file descriptor

* Unused variable

1 files changed, 2 insertions, 9 deletions

diff --git a/src/_cffi_src/openssl/src/osrandom_engine.c b/src/_cffi_src/openssl/src/osrandom_engine.c
index 947c79aa..24dedda4 100644
--- a/src/_cffi_src/openssl/src/osrandom_engine.c
+++ b/src/_cffi_src/openssl/src/osrandom_engine.c
@@ -92,7 +92,7 @@ static struct {
 
 /* return -1 on error */
 static int dev_urandom_fd(void) {
-    int fd, n, flags;
+    int fd, n;
     struct stat st;
 
     /* Check that fd still points to the correct device */
@@ -106,20 +106,13 @@ static int dev_urandom_fd(void) {
         }
     }
     if (urandom_cache.fd < 0) {
-        fd = open("/dev/urandom", O_RDONLY);
+        fd = open("/dev/urandom", O_RDONLY | O_CLOEXEC);
         if (fd < 0) {
             goto error;
         }
         if (fstat(fd, &st)) {
             goto error;
         }
-        /* set CLOEXEC flag */
-        flags = fcntl(fd, F_GETFD);
-        if (flags == -1) {
-            goto error;
-        } else if (fcntl(fd, F_SETFD, flags | FD_CLOEXEC) == -1) {
-            goto error;
-        }
         /* Another thread initialized the fd */
         if (urandom_cache.fd >= 0) {
             do {