genrand: use set_close_on_exec()

this prevents a fd leak to child processes

diff --git a/lib/util/genrand.c b/lib/util/genrand.c
index 7fe55f345efe5f8cf454b2308bc716057cde139c..b8d3c78fa11be4311e76948bc9090596afa14366 100644 (file)
--- a/lib/util/genrand.c
+++ b/lib/util/genrand.c
@@ -172,6 +172,9 @@ static int do_reseed(bool use_fd, int fd)
        if (use_fd) {
                if (fd == -1) {
                        fd = open( "/dev/urandom", O_RDONLY,0);
+                       if (fd != -1) {
+                               set_close_on_exec(fd);
+                       }
                }
                if (fd != -1
                    && (read(fd, seed_inbuf, sizeof(seed_inbuf)) == sizeof(seed_inbuf))) {
@@ -232,6 +235,9 @@ _PUBLIC_ void generate_random_buffer(uint8_t *out, int len)
                if (bytes_since_reseed < 40) {
                        if (urand_fd == -1) {
                                urand_fd = open( "/dev/urandom", O_RDONLY,0);
+                               if (urand_fd != -1) {
+                                       set_close_on_exec(urand_fd);
+                               }
                        }
                        if(urand_fd != -1 && (read(urand_fd, out, len) == len)) {
                                return;
@@ -269,6 +275,9 @@ _PUBLIC_ void generate_secret_buffer(uint8_t *out, int len)
 {
        if (urand_fd == -1) {
                urand_fd = open( "/dev/urandom", O_RDONLY,0);
+               if (urand_fd != -1) {
+                       set_close_on_exec(urand_fd);
+               }
        }
        if(urand_fd != -1 && (read(urand_fd, out, len) == len)) {
                return;