From 53a09e4334db9b95f89d394cc5e63b8c3d12e59c Mon Sep 17 00:00:00 2001
From: Kevin McCarthy <kevin@8t8.us>
Date: Sun, 20 Nov 2016 16:19:17 -0800
Subject: [PATCH] Don't close stderr when opening a tunnel. (closes #3726)

Instead of closing stderr, redirect it to /dev/null in
tunnel_socket_open().  Otherwise a program can accidentally open a
file into handle 2 and then unknowingly use that when trying to print
to stderr.

Thanks to lotheac for the original patch, which I just modified
slightly.
---
 mutt_tunnel.c | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/mutt_tunnel.c b/mutt_tunnel.c
index b43bbf935..d49626e60 100644
--- a/mutt_tunnel.c
+++ b/mutt_tunnel.c
@@ -65,6 +65,7 @@ static int tunnel_socket_open (CONNECTION *conn)
   int pid;
   int rc;
   int pin[2], pout[2];
+  int devnull;
 
   tunnel = (TUNNEL_DATA*) safe_malloc (sizeof (TUNNEL_DATA));
   conn->sockdata = tunnel;
@@ -86,13 +87,17 @@ static int tunnel_socket_open (CONNECTION *conn)
   if ((pid = fork ()) == 0)
   {
     mutt_unblock_signals_system (0);
-    if (dup2 (pout[0], STDIN_FILENO) < 0 || dup2 (pin[1], STDOUT_FILENO) < 0)
+    devnull = open ("/dev/null", O_RDWR);
+    if (devnull < 0 ||
+        dup2 (pout[0], STDIN_FILENO) < 0 ||
+        dup2 (pin[1], STDOUT_FILENO) < 0 ||
+        dup2 (devnull, STDERR_FILENO) < 0)
       _exit (127);
     close (pin[0]);
     close (pin[1]);
     close (pout[0]);
     close (pout[1]);
-    close (STDERR_FILENO);
+    close (devnull);
 
     /* Don't let the subprocess think it can use the controlling tty */
     setsid ();
-- 
2.50.1