[release-branch.go1] net: fix {FileConn, FileListener, FilePacketConn} fd leak to...

««« backport d694b1866058
net: fix {FileConn, FileListener, FilePacketConn} fd leak to child process.

All of them call `newFileFD' which must properly restore close-on-exec on
duplicated fds.

R=golang-dev, bradfitz, mikioh.mikioh
CC=golang-dev
https://golang.org/cl/6445081

»»»

diff --git a/src/pkg/net/file.go b/src/pkg/net/file.go
index 1abf24f2d6502a9c808c3cfd6498a7fe76e13c85..837326e12e6b490e8c45ec0af133ade3c42b8069 100644 (file)
--- a/src/pkg/net/file.go
+++ b/src/pkg/net/file.go
@@ -12,10 +12,14 @@ import (
 )
 
 func newFileFD(f *os.File) (*netFD, error) {
+       syscall.ForkLock.RLock()
        fd, err := syscall.Dup(int(f.Fd()))
        if err != nil {
+               syscall.ForkLock.RUnlock()
                return nil, os.NewSyscallError("dup", err)
        }
+       syscall.CloseOnExec(fd)
+       syscall.ForkLock.RUnlock()
 
        sotype, err := syscall.GetsockoptInt(fd, syscall.SOL_SOCKET, syscall.SO_TYPE)
        if err != nil {

diff --git a/src/pkg/os/exec/exec_test.go b/src/pkg/os/exec/exec_test.go
index aead57d7993502f527bd93173d4554b2ba82b5b0..27ebb60d3d0789ef53bddb5f02f2903b0ea240f4 100644 (file)
--- a/src/pkg/os/exec/exec_test.go
+++ b/src/pkg/os/exec/exec_test.go
@@ -167,6 +167,18 @@ func TestExtraFiles(t *testing.T) {
        }
        defer ln.Close()
 
+       // Make sure duplicated fds don't leak to the child.
+       f, err := ln.(*net.TCPListener).File()
+       if err != nil {
+               t.Fatal(err)
+       }
+       defer f.Close()
+       ln2, err := net.FileListener(f)
+       if err != nil {
+               t.Fatal(err)
+       }
+       defer ln2.Close()
+
        // Force TLS root certs to be loaded (which might involve
        // cgo), to make sure none of that potential C code leaks fds.
        ts := httptest.NewTLSServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {