FD_CLOEXEC

diff --git a/dtls.c b/dtls.c
index 3ef7137..69e8888 100644 (file)
--- a/dtls.c
+++ b/dtls.c
@@ -90,6 +90,8 @@ static int connect_dtls_socket(struct anyconnect_info *vpninfo, SSL **ret_ssl,
                return -EINVAL;
        }
 
+       fcntl(dtls_fd, F_SETFD, FD_CLOEXEC);
+
        dtls_method = DTLSv1_client_method();
        dtls_ctx = SSL_CTX_new(dtls_method);
        SSL_CTX_set_read_ahead(dtls_ctx, 1);

diff --git a/ssl.c b/ssl.c
index e3fe1ba..773d8a7 100644 (file)
--- a/ssl.c
+++ b/ssl.c
@@ -237,6 +237,7 @@ static int open_https(struct anyconnect_info *vpninfo)
                fprintf(stderr, "Failed to connect to host %s\n", vpninfo->hostname);
                return -EINVAL;
        }
+       fcntl(ssl_sock, F_SETFD, FD_CLOEXEC);
 
        ssl3_method = SSLv23_client_method();
        https_ctx = SSL_CTX_new(ssl3_method);

diff --git a/tun.c b/tun.c
index 9dffae8..7b5f948 100644 (file)
--- a/tun.c
+++ b/tun.c
@@ -53,6 +53,8 @@ int setup_tun(struct anyconnect_info *vpninfo)
                exit(1);
        }
 
+       fcntl(tun_fd, F_SETFD, FD_CLOEXEC);
+
        net_fd = socket(PF_INET, SOCK_DGRAM, 0);
        if (net_fd < 0) {
                perror("open net");