diff --git a/src/common/compat.c b/src/common/compat.c
index e3a76e8dfa..42602fb3a3 100644
--- a/src/common/compat.c
+++ b/src/common/compat.c
@@ -118,6 +118,18 @@ tor_open_cloexec(const char *path, int flags, unsigned mode)
#endif
}
+/** DOCDOC */
+FILE *
+tor_fopen_cloexec(const char *path, const char *mode)
+{
+ FILE *result = fopen(path, mode);
+#ifdef FD_CLOEXEC
+ if (result != NULL)
+ fcntl(fileno(result), F_SETFD, FD_CLOEXEC);
+#endif
+ return result;
+}
+
#ifdef HAVE_SYS_MMAN_H
/** Try to create a memory mapping for filename and return it. On
* failure, return NULL. Sets errno properly, using ERANGE to mean
@@ -1008,8 +1020,17 @@ tor_socketpair(int family, int type, int protocol, int fd[2])
//don't use win32 socketpairs (they are always bad)
#if defined(HAVE_SOCKETPAIR) && !defined(MS_WINDOWS)
int r;
+#ifdef SOCK_CLOEXEC
+ type |= SOCK_CLOEXEC;
+#endif
r = socketpair(family, type, protocol, fd);
if (r == 0) {
+#ifndef SOCK_CLOEXEC
+ if (fd[0] >= 0)
+ fcntl(fd[0], F_SETFD, FD_CLOEXEC);
+ if (fd[1] >= 0)
+ fcntl(fd[1], F_SETFD, FD_CLOEXEC);
+#endif
socket_accounting_lock();
if (fd[0] >= 0) {
++n_sockets_open;
diff --git a/src/common/compat.h b/src/common/compat.h
index 9eaf77a1d7..91ad9dec49 100644
--- a/src/common/compat.h
+++ b/src/common/compat.h
@@ -51,6 +51,8 @@
#include
#endif
+#include
+
#if defined (WINCE)
#include
#include
@@ -340,8 +342,8 @@ struct tm *tor_gmtime_r(const time_t *timep, struct tm *result);
((tvp)->tv_sec cmp (uvp)->tv_sec))
/* ===== File compatibility */
-
int tor_open_cloexec(const char *path, int flags, unsigned mode);
+FILE *tor_fopen_cloexec(const char *path, const char *mode);
int replace_file(const char *from, const char *to);
int touch_file(const char *fname);
diff --git a/src/or/dirserv.c b/src/or/dirserv.c
index 4f793dc746..4410d558e0 100644
--- a/src/or/dirserv.c
+++ b/src/or/dirserv.c
@@ -2445,7 +2445,7 @@ dirserv_read_measured_bandwidths(const char *from_file,
smartlist_t *routerstatuses)
{
char line[256];
- FILE *fp = fopen(from_file, "r");
+ FILE *fp = tor_fopen_cloexec(from_file, "r");
int applied_lines = 0;
time_t file_time;
int ok;
diff --git a/src/or/geoip.c b/src/or/geoip.c
index ae0776a571..84681821b0 100644
--- a/src/or/geoip.c
+++ b/src/or/geoip.c
@@ -206,7 +206,7 @@ geoip_load_file(const char *filename, or_options_t *options)
int severity = options_need_geoip_info(options, &msg) ? LOG_WARN : LOG_INFO;
crypto_digest_env_t *geoip_digest_env = NULL;
clear_geoip_db();
- if (!(f = fopen(filename, "r"))) {
+ if (!(f = tor_fopen_cloexec(filename, "r"))) {
log_fn(severity, LD_GENERAL, "Failed to open GEOIP file %s. %s",
filename, msg);
return -1;