From a476453299c4a55014a0560d9f913f35d9b248fe Mon Sep 17 00:00:00 2001
From: Alex Gaynor <alex.gaynor@gmail.com>
Date: Mon, 22 Oct 2018 19:56:16 -0400
Subject: Fixes #4500 -- use O_CLOEXEC when opening the /dev/urandom file
 descriptor (#4507)

* Fixes #4500 -- use O_CLOEXEC when opening the /dev/urandom file descriptor

* Unused variable
---
 src/_cffi_src/openssl/src/osrandom_engine.c | 11 ++---------
 1 file changed, 2 insertions(+), 9 deletions(-)

diff --git a/src/_cffi_src/openssl/src/osrandom_engine.c b/src/_cffi_src/openssl/src/osrandom_engine.c
index 947c79aa..24dedda4 100644
--- a/src/_cffi_src/openssl/src/osrandom_engine.c
+++ b/src/_cffi_src/openssl/src/osrandom_engine.c
@@ -92,7 +92,7 @@ static struct {
 
 /* return -1 on error */
 static int dev_urandom_fd(void) {
-    int fd, n, flags;
+    int fd, n;
     struct stat st;
 
     /* Check that fd still points to the correct device */
@@ -106,20 +106,13 @@ static int dev_urandom_fd(void) {
         }
     }
     if (urandom_cache.fd < 0) {
-        fd = open("/dev/urandom", O_RDONLY);
+        fd = open("/dev/urandom", O_RDONLY | O_CLOEXEC);
         if (fd < 0) {
             goto error;
         }
         if (fstat(fd, &st)) {
             goto error;
         }
-        /* set CLOEXEC flag */
-        flags = fcntl(fd, F_GETFD);
-        if (flags == -1) {
-            goto error;
-        } else if (fcntl(fd, F_SETFD, flags | FD_CLOEXEC) == -1) {
-            goto error;
-        }
         /* Another thread initialized the fd */
         if (urandom_cache.fd >= 0) {
             do {
-- 
cgit v1.2.3