From 80942eb2317fcf64e27ee1a556859ac8f57a894f Mon Sep 17 00:00:00 2001
From: Frank Denis <github@pureftpd.org>
Date: Fri, 19 Jun 2020 21:43:45 +0200
Subject: [PATCH] Don't forget Linux

---
 dnscrypt-proxy/privilege_linux.go | 17 ++++-------------
 1 file changed, 4 insertions(+), 13 deletions(-)

diff --git a/dnscrypt-proxy/privilege_linux.go b/dnscrypt-proxy/privilege_linux.go
index 6e16ac67..e30198dc 100644
--- a/dnscrypt-proxy/privilege_linux.go
+++ b/dnscrypt-proxy/privilege_linux.go
@@ -65,26 +65,17 @@ func (proxy *Proxy) dropPrivilege(userStr string, fds []*os.File) {
 	if _, _, rcode := syscall.RawSyscall(syscall.SYS_SETUID, uintptr(uid), 0, 0); rcode != 0 {
 		dlog.Fatalf("Unable to drop user privileges: [%s]", rcode.Error())
 	}
-	maxfd := uintptr(0)
-	for _, fd := range fds {
-		if fd.Fd() > maxfd {
-			maxfd = fd.Fd()
-		}
-	}
-	fdbase := maxfd + 1
 	for i, fd := range fds {
-		if err := unix.Dup2(int(fd.Fd()), int(fdbase+uintptr(i))); err != nil {
+		if fd.Fd() >= InheritedDescriptorsBase {
+			dlog.Fatal("Duplicated file descriptors are above base")
+		}
+		if err := unix.Dup2(int(fd.Fd()), int(InheritedDescriptorsBase+uintptr(i))); err != nil {
 			dlog.Fatalf("Unable to clone file descriptor: [%s]", err)
 		}
 		if _, err := unix.FcntlInt(fd.Fd(), unix.F_SETFD, unix.FD_CLOEXEC); err != nil {
 			dlog.Fatalf("Unable to set the close on exec flag: [%s]", err)
 		}
 	}
-	for i := range fds {
-		if err := unix.Dup2(int(fdbase)+i, int(InheritedDescriptorsBase)+i); err != nil {
-			dlog.Fatalf("Unable to reassign descriptor: [%s]", err)
-		}
-	}
 	err = unix.Exec(path, args, os.Environ())
 	dlog.Fatalf("Unable to reexecute [%s]: [%s]", path, err)
 	os.Exit(1)