From 23ee7815208fae9fafc9b3cda74908c72db6fa6d Mon Sep 17 00:00:00 2001
From: =?utf8?q?Fran=C3=A7ois=20Degros?= <fdegros@chromium.org>
Date: Thu, 31 Jul 2025 15:51:26 +1000
Subject: [PATCH] Use POSIX_SPAWN_CLOEXEC_DEFAULT when possible

Use posix_spawn() with POSIX_SPAWN_CLOEXEC_DEFAULT on systems that
define this constant, in order to avoid leaking file descriptors into
subprocesses.

Bug: https://github.com/libarchive/libarchive/issues/2520
---
 libarchive/filter_fork_posix.c | 21 ++++++++++++++++++---
 1 file changed, 18 insertions(+), 3 deletions(-)

diff --git a/libarchive/filter_fork_posix.c b/libarchive/filter_fork_posix.c
index a90ef4014..0c3d33d8d 100644
--- a/libarchive/filter_fork_posix.c
+++ b/libarchive/filter_fork_posix.c
@@ -77,11 +77,13 @@ __archive_create_child(const char *cmd, int *child_stdin, int *child_stdout,
 	pid_t child = -1;
 	int stdin_pipe[2], stdout_pipe[2], tmp;
 
-#if (HAVE_FORK || HAVE_VFORK) && (HAVE_CLOSEFROM || HAVE_CLOSE_RANGE)
+#if !defined(POSIX_SPAWN_CLOEXEC_DEFAULT) && \
+    (HAVE_FORK || HAVE_VFORK) && (HAVE_CLOSEFROM || HAVE_CLOSE_RANGE)
 #undef HAVE_POSIX_SPAWNP
 #endif
 
 #if HAVE_POSIX_SPAWNP
+	posix_spawnattr_t attr;
 	posix_spawn_file_actions_t actions;
 	int r;
 #endif
@@ -112,11 +114,21 @@ __archive_create_child(const char *cmd, int *child_stdin, int *child_stdout,
 
 #if HAVE_POSIX_SPAWNP
 
-	r = posix_spawn_file_actions_init(&actions);
+	r = posix_spawnattr_init(&attr);
 	if (r != 0) {
 		errno = r;
 		goto stdout_opened;
 	}
+	r = posix_spawn_file_actions_init(&actions);
+	if (r != 0) {
+		errno = r;
+		goto attr_inited;
+	}
+#ifdef POSIX_SPAWN_CLOEXEC_DEFAULT
+	r = posix_spawnattr_setflags(&attr, POSIX_SPAWN_CLOEXEC_DEFAULT);
+	if (r != 0)
+		goto actions_inited;
+#endif
 	r = posix_spawn_file_actions_addclose(&actions, stdin_pipe[1]);
 	if (r != 0)
 		goto actions_inited;
@@ -141,11 +153,12 @@ __archive_create_child(const char *cmd, int *child_stdin, int *child_stdout,
 		if (r != 0)
 			goto actions_inited;
 	}
-	r = posix_spawnp(&child, cmdline->path, &actions, NULL,
+	r = posix_spawnp(&child, cmdline->path, &actions, &attr,
 		cmdline->argv, NULL);
 	if (r != 0)
 		goto actions_inited;
 	posix_spawn_file_actions_destroy(&actions);
+	posix_spawnattr_destroy(&attr);
 
 #else /* HAVE_POSIX_SPAWNP */
 
@@ -195,6 +208,8 @@ __archive_create_child(const char *cmd, int *child_stdin, int *child_stdout,
 actions_inited:
 	errno = r;
 	posix_spawn_file_actions_destroy(&actions);
+attr_inited:
+	posix_spawnattr_destroy(&attr);
 #endif
 stdout_opened:
 	close(stdout_pipe[0]);
-- 
2.47.3