[ccan] [PATCH 2/2] pipecmd: Use closefrom instead of iterating directly.

[ZmnSCPxj]

>From b48091be33010782e0b82245f3518c7b4cc94b9c Mon Sep 17 00:00:00 2001
From: ZmnSCPxj jxPCSnmZ <ZmnSCPxj at protonmail.com>
Date: Mon, 18 Oct 2021 15:50:31 +0800
Subject: [PATCH 2/2] pipecmd: Use closefrom instead of iterating directly.

Signed-off-by: ZmnSCPxj jxPCSnmZ <ZmnSCPxj at protonmail.com>

---
 ccan/pipecmd/_info     |  1 +
 ccan/pipecmd/pipecmd.c | 19 +++++++++++++++----
 2 files changed, 16 insertions(+), 4 deletions(-)

diff --git a/ccan/pipecmd/_info b/ccan/pipecmd/_info
index 8c49511a..824f22e3 100644
--- a/ccan/pipecmd/_info
+++ b/ccan/pipecmd/_info
@@ -51,6 +51,7 @@ int main(int argc, char *argv[])
 		return 1;

 	if (strcmp(argv[1], "depends") == 0) {
+		printf("ccan/closefrom\n");
 		printf("ccan/noerr\n");
 		return 0;
 	}
diff --git a/ccan/pipecmd/pipecmd.c b/ccan/pipecmd/pipecmd.c
index 56cb67b6..0090275b 100644
--- a/ccan/pipecmd/pipecmd.c
+++ b/ccan/pipecmd/pipecmd.c
@@ -1,4 +1,5 @@
 /* CC0 license (public domain) - see LICENSE file for details */
+#include <ccan/closefrom/closefrom.h>
 #include <ccan/pipecmd/pipecmd.h>
 #include <ccan/noerr/noerr.h>
 #include <stdlib.h>
@@ -139,11 +140,21 @@ pid_t pipecmdarr(int *fd_tochild, int *fd_fromchild, int *fd_errfromchild,
 			close(errfromchild[1]);
 		}

+		/* Map execfail[1] to fd 3.  */
+		if (execfail[1] != 3) {
+			if (dup2(execfail[1], 3) == -1)
+				goto child_errno_fail;
+			/* CLOEXEC is not shared by dup2, so copy the flags
+			 * from execfail[1] to 3.
+			 */
+			if (fcntl(3, F_SETFD, fcntl(execfail[1], F_GETFD)) < 0)
+				goto child_errno_fail;
+			close(execfail[1]);
+			execfail[1] = 3;
+		}
+
 		/* Make (fairly!) sure all other fds are closed. */
-		int max = sysconf(_SC_OPEN_MAX);
-		for (i = 3; i < max; i++)
-			if (i != execfail[1])
-				close(i);
+		closefrom(4);

 		execvp(arr[0], arr);

--
2.33.0