From 40877f3e8af9756db29ee7bf3ab555aa2953243c Mon Sep 17 00:00:00 2001
From: Gary Lockyer <gary@catalyst.net.nz>
Date: Mon, 11 Dec 2017 09:54:34 +1300
Subject: [PATCH] source3/libsmb/unexpected.c set socket close on exec

Set SOCKET_CLOEXEC on the sockets returned by accept.  This ensures that
the socket is unavailable to any child process created by system().
Making it harder for malicious code to set up a command channel,
as seen in the exploit for CVE-2015-0240

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
---
 source3/libsmb/unexpected.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/source3/libsmb/unexpected.c b/source3/libsmb/unexpected.c
index c645fbce7e4..dd9ff7a22e1 100644
--- a/source3/libsmb/unexpected.c
+++ b/source3/libsmb/unexpected.c
@@ -157,6 +157,7 @@ static void nb_packet_server_listener(struct tevent_context *ev,
 	if (sock == -1) {
 		return;
 	}
+	smb_set_close_on_exec(sock);
 	DEBUG(6,("accepted socket %d\n", sock));
 
 	client = talloc_zero(server, struct nb_packet_client);
-- 
2.34.1