diff options
author | Artur Grabowski <art@cvs.openbsd.org> | 2002-02-04 11:43:17 +0000 |
---|---|---|
committer | Artur Grabowski <art@cvs.openbsd.org> | 2002-02-04 11:43:17 +0000 |
commit | 51aa95a1c51e94cdc54eb7a2d196b9f94dc5f797 (patch) | |
tree | aa089448d5671de83a77db5318c70c7284fa3e8d | |
parent | fb858db433651bb88df826810444eb89fd8a259d (diff) |
Don't ffree the newly allocated file before calling dupfdopen.
In some cases that could cause dupfdopen->fd_getfile to access freed memory
setting fd_ofiles[fd] to NULL is not a solution because that would cause
a race condition.
Free the new file after dupfdopen and use closef (because it will be necessary
in the future.
XXX - consider more cleanup of the code around dupfdopen.
-rw-r--r-- | sys/kern/vfs_syscalls.c | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/sys/kern/vfs_syscalls.c b/sys/kern/vfs_syscalls.c index d888d8ddd75..47a76c13f37 100644 --- a/sys/kern/vfs_syscalls.c +++ b/sys/kern/vfs_syscalls.c @@ -1,4 +1,4 @@ -/* $OpenBSD: vfs_syscalls.c,v 1.86 2002/01/21 18:50:45 millert Exp $ */ +/* $OpenBSD: vfs_syscalls.c,v 1.87 2002/02/04 11:43:16 art Exp $ */ /* $NetBSD: vfs_syscalls.c,v 1.71 1996/04/23 10:29:02 mycroft Exp $ */ /* @@ -883,16 +883,17 @@ sys_open(p, v, retval) flags &= ~O_TRUNC; /* Must do truncate ourselves */ } if ((error = vn_open(&nd, flags, cmode)) != 0) { - ffree(fp); if ((error == ENODEV || error == ENXIO) && p->p_dupfd >= 0 && /* XXX from fdopen */ (error = dupfdopen(fdp, indx, p->p_dupfd, flags, error)) == 0) { + closef(fp, p); *retval = indx; return (0); } if (error == ERESTART) error = EINTR; + closef(fp, p); fdremove(fdp, indx); return (error); } |