From 74630b1bb717fb98f4692261f2be8d5c84851fa3 Mon Sep 17 00:00:00 2001
From: Adhemerval Zanella <adhemerval.zanella@linaro.org>
Date: Mon, 6 May 2024 13:20:56 -0300
Subject: posix: Fix pidfd_spawn/pidfd_spawnp leak if execve fails (BZ 31695)

If the pidfd_spawn/pidfd_spawnp helper process succeeds, but evecve
fails for some reason (either with an invalid/non-existent, memory
allocation, etc.) the resulting pidfd is never closed, nor returned
to caller (so it can call close).

Since the process creation failed, it should be up to posix_spawn to
also, close the file descriptor in this case (similar to what it
does to reap the process).

This patch also changes the waitpid with waitid (P_PIDFD) for pidfd
case, to avoid a possible pid re-use.

Checked on x86_64-linux-gnu.
Reviewed-by: Carlos O'Donell <carlos@redhat.com>

(cherry picked from commit c90cfce849d010474e8cccf3e5bff49a2c8b141f)
---
 NEWS | 1 +
 1 file changed, 1 insertion(+)

(limited to 'NEWS')

diff --git a/NEWS b/NEWS
index 06faac3..2a40238 100644
--- a/NEWS
+++ b/NEWS
@@ -64,6 +64,7 @@ The following bugs are resolved with this release:
     strings
   [31686] dynamic-link: Stack-based buffer overflow in
     parse_tunables_string
+  [31695] libc: pidfd_spawn/pidfd_spawnp leak an fd if clone3 succeeds
   [31719] dynamic-link: --enable-hardcoded-path-in-tests doesn't work
     with -Wl,--enable-new-dtags
   [31782] Test build failure with recent GCC trunk
-- 
cgit v1.1