diff options
| author |   art <art@openbsd.org> | 2002-02-04 11:43:16 +0000 |
|---|---|---|
| committer | art <art@openbsd.org> | 2002-02-04 11:43:16 +0000 |
| commit | 60ae9c1a87ec42ca3ec0b2494b576974735dc40c (patch) | |
| tree | 966ee483a2d3ca47eff167e8d7ee4ab420f6a95c | |
| parent | unneeded includes (diff) | |
| download | wireguard-openbsd-60ae9c1a87ec42ca3ec0b2494b576974735dc40c.tar.xz wireguard-openbsd-60ae9c1a87ec42ca3ec0b2494b576974735dc40c.zip | |
Don't ffree the newly allocated file before calling dupfdopen.
In some cases that could cause dupfdopen->fd_getfile to access freed memory
setting fd_ofiles[fd] to NULL is not a solution because that would cause
a race condition.
Free the new file after dupfdopen and use closef (because it will be necessary
in the future.
XXX - consider more cleanup of the code around dupfdopen.
| -rw-r--r-- | sys/kern/vfs_syscalls.c | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/sys/kern/vfs_syscalls.c b/sys/kern/vfs_syscalls.c index d888d8ddd75..47a76c13f37 100644 --- a/sys/kern/vfs_syscalls.c +++ b/sys/kern/vfs_syscalls.c @@ -1,4 +1,4 @@ -/* $OpenBSD: vfs_syscalls.c,v 1.86 2002/01/21 18:50:45 millert Exp $ */ +/* $OpenBSD: vfs_syscalls.c,v 1.87 2002/02/04 11:43:16 art Exp $ */ /* $NetBSD: vfs_syscalls.c,v 1.71 1996/04/23 10:29:02 mycroft Exp $ */ /* @@ -883,16 +883,17 @@ sys_open(p, v, retval) flags &= ~O_TRUNC; /* Must do truncate ourselves */ } if ((error = vn_open(&nd, flags, cmode)) != 0) { - ffree(fp); if ((error == ENODEV || error == ENXIO) && p->p_dupfd >= 0 && /* XXX from fdopen */ (error = dupfdopen(fdp, indx, p->p_dupfd, flags, error)) == 0) { + closef(fp, p); *retval = indx; return (0); } if (error == ERESTART) error = EINTR; + closef(fp, p); fdremove(fdp, indx); return (error); } |