Use O_CLOEXEC when it's available (#4733)

* Use O_CLOEXEC when it's available

* Don't have two vars with the same name

* A normal person would be emberassed

1 files changed, 16 insertions, 10 deletions

diff --git a/src/_cffi_src/openssl/src/osrandom_engine.c b/src/_cffi_src/openssl/src/osrandom_engine.c
index 697381c8..1a660f0b 100644
--- a/src/_cffi_src/openssl/src/osrandom_engine.c
+++ b/src/_cffi_src/openssl/src/osrandom_engine.c
@@ -94,7 +94,18 @@ static struct {
     ino_t st_ino;
 } urandom_cache = { -1 };
 
-static int set_cloexec(int fd) {
+static int open_cloexec(const char *path) {
+    int open_flags = O_RDONLY;
+#ifdef O_CLOEXEC
+    open_flags |= O_CLOEXEC;
+#endif
+
+    int fd = open(path, open_flags);
+    if (fd == -1) {
+        return -1;
+    }
+
+#ifndef O_CLOEXEC
     int flags = fcntl(fd, F_GETFD);
     if (flags == -1) {
         return -1;
@@ -102,7 +113,8 @@ static int set_cloexec(int fd) {
     if (fcntl(fd, F_SETFD, flags | FD_CLOEXEC) == -1) {
         return -1;
     }
-    return 0;
+#endif
+    return fd;
 }
 
 #ifdef __linux__
@@ -114,13 +126,10 @@ static int set_cloexec(int fd) {
 static int wait_on_devrandom(void) {
     struct pollfd pfd = {};
     int ret = 0;
-    int random_fd = open("/dev/random", O_RDONLY);
+    int random_fd = open_cloexec("/dev/random");
     if (random_fd < 0) {
         return -1;
     }
-    if (set_cloexec(random_fd) < 0) {
-        return -1;
-    }
     pfd.fd = random_fd;
     pfd.events = POLLIN;
     pfd.revents = 0;
@@ -154,13 +163,10 @@ static int dev_urandom_fd(void) {
         }
 #endif
 
-        fd = open("/dev/urandom", O_RDONLY);
+        fd = open_cloexec("/dev/urandom");
         if (fd < 0) {
             goto error;
         }
-        if (set_cloexec(fd) < 0) {
-            goto error;
-        }
         if (fstat(fd, &st)) {
             goto error;
         }