varlink: move connection fds > fd2

We want to use this code in NSS modules, and we never know the execution
environment we are run in there, hence let's move our fds up to ensure
we won't step into dangerous fd territory.

This is similar to how we already do it in sd-bus for client connection
fds.

diff --git a/src/shared/varlink.c b/src/shared/varlink.c
index 7a566762fa63dda26d137e264f736a23e2b3165a..a23525b0a453b0d9727171ad0e101d01c96ef736 100644 (file)
--- a/src/shared/varlink.c
+++ b/src/shared/varlink.c
@@ -287,6 +287,8 @@ int varlink_connect_address(Varlink **ret, const char *address) {
         if (v->fd < 0)
                 return -errno;
 
+        v->fd = fd_move_above_stdio(v->fd);
+
         if (connect(v->fd, &sockaddr.sa, SOCKADDR_UN_LEN(sockaddr.un)) < 0) {
                 if (!IN_SET(errno, EAGAIN, EINPROGRESS))
                         return -errno;
@@ -2220,6 +2222,8 @@ int varlink_server_listen_address(VarlinkServer *s, const char *address, mode_t
         if (fd < 0)
                 return -errno;
 
+        fd = fd_move_above_stdio(fd);
+
         (void) sockaddr_un_unlink(&sockaddr.un);
 
         RUN_WITH_UMASK(~m & 0777)