From a0c41de277234b57bbcd6a315c9fcc5ec64e9f7c Mon Sep 17 00:00:00 2001
From: Lennart Poettering <lennart@poettering.net>
Date: Thu, 15 Aug 2019 09:34:05 +0200
Subject: [PATCH] varlink: move connection fds > fd2

We want to use this code in NSS modules, and we never know the execution
environment we are run in there, hence let's move our fds up to ensure
we won't step into dangerous fd territory.

This is similar to how we already do it in sd-bus for client connection
fds.
---
 src/shared/varlink.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/src/shared/varlink.c b/src/shared/varlink.c
index 7a566762fa6..a23525b0a45 100644
--- a/src/shared/varlink.c
+++ b/src/shared/varlink.c
@@ -287,6 +287,8 @@ int varlink_connect_address(Varlink **ret, const char *address) {
         if (v->fd < 0)
                 return -errno;
 
+        v->fd = fd_move_above_stdio(v->fd);
+
         if (connect(v->fd, &sockaddr.sa, SOCKADDR_UN_LEN(sockaddr.un)) < 0) {
                 if (!IN_SET(errno, EAGAIN, EINPROGRESS))
                         return -errno;
@@ -2220,6 +2222,8 @@ int varlink_server_listen_address(VarlinkServer *s, const char *address, mode_t
         if (fd < 0)
                 return -errno;
 
+        fd = fd_move_above_stdio(fd);
+
         (void) sockaddr_un_unlink(&sockaddr.un);
 
         RUN_WITH_UMASK(~m & 0777)
-- 
2.39.2