summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorArtur Grabowski <art@cvs.openbsd.org>2002-02-04 11:43:17 +0000
committerArtur Grabowski <art@cvs.openbsd.org>2002-02-04 11:43:17 +0000
commit51aa95a1c51e94cdc54eb7a2d196b9f94dc5f797 (patch)
treeaa089448d5671de83a77db5318c70c7284fa3e8d
parentfb858db433651bb88df826810444eb89fd8a259d (diff)
Don't ffree the newly allocated file before calling dupfdopen.
In some cases that could cause dupfdopen->fd_getfile to access freed memory setting fd_ofiles[fd] to NULL is not a solution because that would cause a race condition. Free the new file after dupfdopen and use closef (because it will be necessary in the future. XXX - consider more cleanup of the code around dupfdopen.
-rw-r--r--sys/kern/vfs_syscalls.c5
1 files changed, 3 insertions, 2 deletions
diff --git a/sys/kern/vfs_syscalls.c b/sys/kern/vfs_syscalls.c
index d888d8ddd75..47a76c13f37 100644
--- a/sys/kern/vfs_syscalls.c
+++ b/sys/kern/vfs_syscalls.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: vfs_syscalls.c,v 1.86 2002/01/21 18:50:45 millert Exp $ */
+/* $OpenBSD: vfs_syscalls.c,v 1.87 2002/02/04 11:43:16 art Exp $ */
/* $NetBSD: vfs_syscalls.c,v 1.71 1996/04/23 10:29:02 mycroft Exp $ */
/*
@@ -883,16 +883,17 @@ sys_open(p, v, retval)
flags &= ~O_TRUNC; /* Must do truncate ourselves */
}
if ((error = vn_open(&nd, flags, cmode)) != 0) {
- ffree(fp);
if ((error == ENODEV || error == ENXIO) &&
p->p_dupfd >= 0 && /* XXX from fdopen */
(error =
dupfdopen(fdp, indx, p->p_dupfd, flags, error)) == 0) {
+ closef(fp, p);
*retval = indx;
return (0);
}
if (error == ERESTART)
error = EINTR;
+ closef(fp, p);
fdremove(fdp, indx);
return (error);
}