Add CLOEXECs when getting file descriptors (#374)

This should help address leaking file descriptors in multithreaded
programs. There are a few cases where a race can occur though, as
some apis (fopen and mktemp).

src/core/features.h

@@ -26,7 +26,7 @@
 #define JANET_FEATURES_H_defined
 
 #ifndef _POSIX_C_SOURCE
-#define _POSIX_C_SOURCE 200112L
+#define _POSIX_C_SOURCE 200809L
 #endif
 
 #if defined(WIN32) || defined(_WIN32)

src/core/io.c

@@ -31,6 +31,8 @@
 
 #ifndef JANET_WINDOWS
 #include <sys/wait.h>
+#include <unistd.h>
+#include <fcntl.h>
 #endif
 
 static int cfun_io_gc(void *p, size_t len);
@@ -87,6 +89,11 @@ static Janet makef(FILE *f, int flags) {
     JanetFile *iof = (JanetFile *) janet_abstract(&janet_file_type, sizeof(JanetFile));
     iof->file = f;
     iof->flags = flags;
+#ifndef JANET_WINDOWS
+    /* While we would like fopen to set cloexec by default (like O_CLOEXEC) with the e flag, that is
+     * not standard. */
+    fcntl(fileno(f), F_SETFD, FD_CLOEXEC);
+#endif
     return janet_wrap_abstract(iof);
 }
 
@@ -239,12 +246,22 @@ static Janet cfun_io_fflush(int32_t argc, Janet *argv) {
     return argv[0];
 }
 
+#ifdef JANET_WINDOWS
+#define pclose _pclose
+#define WEXITSTATUS(x) x
+#endif
+
 /* Cleanup a file */
 static int cfun_io_gc(void *p, size_t len) {
     (void) len;
     JanetFile *iof = (JanetFile *)p;
     if (!(iof->flags & (JANET_FILE_NOT_CLOSEABLE | JANET_FILE_CLOSED))) {
-        return fclose(iof->file);
+        /* We can't panic inside a gc, so just ignore bad statuses here */
+        if (iof->flags & JANET_FILE_PIPED) {
+            pclose(iof->file);
+        } else {
+            fclose(iof->file);
+        }
     }
     return 0;
 }
@@ -258,10 +275,6 @@ static Janet cfun_io_fclose(int32_t argc, Janet *argv) {
     if (iof->flags & (JANET_FILE_NOT_CLOSEABLE))
         janet_panic("file not closable");
     if (iof->flags & JANET_FILE_PIPED) {
-#ifdef JANET_WINDOWS
-#define pclose _pclose
-#define WEXITSTATUS(x) x
-#endif
         int status = pclose(iof->file);
         iof->flags |= JANET_FILE_CLOSED;
         if (status == -1) janet_panic("could not close file");

src/core/net.c

@@ -78,6 +78,7 @@ typedef struct {
 #define JPollStruct WSAPOLLFD
 #define JSock SOCKET
 #define JReadInt long
+#define JSOCKFLAGS 0
 static JanetStream *make_stream(SOCKET fd, int flags) {
     u_long iMode = 0;
     JanetStream *stream = janet_abstract(&StreamAT, sizeof(JanetStream));
@@ -102,6 +103,7 @@ typedef struct {
 #define JPollStruct struct pollfd
 #define JSock int
 #define JReadInt ssize_t
+#define JSOCKFLAGS SOCK_CLOEXEC
 static JanetStream *make_stream(int fd, int flags) {
     JanetStream *stream = janet_abstract(&StreamAT, sizeof(JanetStream));
     fcntl(fd, F_SETFL, fcntl(fd, F_GETFL, 0) | O_NONBLOCK);
@@ -483,7 +485,7 @@ static Janet cfun_net_connect(int32_t argc, Janet *argv) {
     struct addrinfo *ai = janet_get_addrinfo(argv, 0);
 
     /* Create socket */
-    JSock sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol);
+    JSock sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol | JSOCKFLAGS);
     if (!JSOCKVALID(sock)) {
         freeaddrinfo(ai);
         janet_panic("could not create socket");
@@ -514,7 +516,7 @@ static Janet cfun_net_server(int32_t argc, Janet *argv) {
     JSock sfd = JSOCKDEFAULT;
     struct addrinfo *rp = NULL;
     for (rp = ai; rp != NULL; rp = rp->ai_next) {
-        sfd = socket(rp->ai_family, rp->ai_socktype, rp->ai_protocol);
+        sfd = socket(rp->ai_family, rp->ai_socktype, rp->ai_protocol | JSOCKFLAGS);
         if (!JSOCKVALID(sfd)) continue;
         /* Set various socket options */
         int enable = 1;

src/core/os.c

@@ -606,7 +606,7 @@ static Janet os_cryptorand(int32_t argc, Janet *argv) {
        In both cases, use this fallback path for now... */
     int rc;
     int randfd;
-    RETRY_EINTR(randfd, open("/dev/urandom", O_RDONLY));
+    RETRY_EINTR(randfd, open("/dev/urandom", O_RDONLY | O_CLOEXEC));
     if (randfd < 0)
         janet_panic(genericerr);
     while (n > 0) {