47 lines
1.5 KiB
Diff
47 lines
1.5 KiB
Diff
From: Li Qiang <liq3ea@gmail.com>
|
|
Date: Mon, 27 Mar 2017 21:13:19 +0200
|
|
Subject: [PATCH] 9pfs: fix file descriptor leak
|
|
|
|
The v9fs_create() and v9fs_lcreate() functions are used to create a file
|
|
on the backend and to associate it to a fid. The fid shouldn't be already
|
|
in-use, otherwise both functions may silently leak a file descriptor or
|
|
allocated memory. The current code doesn't check that.
|
|
|
|
This patch ensures that the fid isn't already associated to anything
|
|
before using it.
|
|
|
|
Signed-off-by: Li Qiang <liqiang6-s@360.cn>
|
|
(reworded the changelog, Greg Kurz)
|
|
Signed-off-by: Greg Kurz <groug@kaod.org>
|
|
(cherry picked from commit d63fb193e71644a073b77ff5ac6f1216f2f6cf6e)
|
|
---
|
|
hw/9pfs/9p.c | 8 ++++++++
|
|
1 file changed, 8 insertions(+)
|
|
|
|
diff --git a/hw/9pfs/9p.c b/hw/9pfs/9p.c
|
|
index 9a89f75d90..9d6b2caf1b 100644
|
|
--- a/hw/9pfs/9p.c
|
|
+++ b/hw/9pfs/9p.c
|
|
@@ -1530,6 +1530,10 @@ static void v9fs_lcreate(void *opaque)
|
|
err = -ENOENT;
|
|
goto out_nofid;
|
|
}
|
|
+ if (fidp->fid_type != P9_FID_NONE) {
|
|
+ err = -EINVAL;
|
|
+ goto out;
|
|
+ }
|
|
|
|
flags = get_dotl_openflags(pdu->s, flags);
|
|
err = v9fs_co_open2(pdu, fidp, &name, gid,
|
|
@@ -2127,6 +2131,10 @@ static void v9fs_create(void *opaque)
|
|
err = -EINVAL;
|
|
goto out_nofid;
|
|
}
|
|
+ if (fidp->fid_type != P9_FID_NONE) {
|
|
+ err = -EINVAL;
|
|
+ goto out;
|
|
+ }
|
|
if (perm & P9_STAT_MODE_DIR) {
|
|
err = v9fs_co_mkdir(pdu, fidp, &name, perm & 0777,
|
|
fidp->uid, -1, &stbuf);
|