diff options
| author | Alexander Bluhm <bluhm@cvs.openbsd.org> | 2019-08-05 15:13:44 +0000 |
|---|---|---|
| committer | Alexander Bluhm <bluhm@cvs.openbsd.org> | 2019-08-05 15:13:44 +0000 |
| commit | 45b3aa1aacff56e54a465a23e43814c6665c3426 (patch) | |
| tree | f95d9c131e8a0a56510525a132fd464f1523a255 /sys/kern/vfs_syscalls.c | |
| parent | 7db8dd52b8dcc992f6ca8115bca8419681943c13 (diff) | |
Kernel realpath(3) had the same vnode leakage bug like unveil(2).
If parent and lookup vnode are equal, namei(9) locks them once but
reference counts twice.
from Moritz Buhl
Diffstat (limited to 'sys/kern/vfs_syscalls.c')
| -rw-r--r-- | sys/kern/vfs_syscalls.c | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/sys/kern/vfs_syscalls.c b/sys/kern/vfs_syscalls.c index 96967678261..b7a32ddf977 100644 --- a/sys/kern/vfs_syscalls.c +++ b/sys/kern/vfs_syscalls.c @@ -1,4 +1,4 @@ -/* $OpenBSD: vfs_syscalls.c,v 1.330 2019/08/05 08:35:59 anton Exp $ */ +/* $OpenBSD: vfs_syscalls.c,v 1.331 2019/08/05 15:13:43 bluhm Exp $ */ /* $NetBSD: vfs_syscalls.c,v 1.71 1996/04/23 10:29:02 mycroft Exp $ */ /* @@ -943,10 +943,10 @@ sys___realpath(struct proc *p, void *v, register_t *retval) VOP_UNLOCK(nd.ni_vp); vrele(nd.ni_vp); } - if (nd.ni_dvp && nd.ni_dvp != nd.ni_vp){ + if (nd.ni_dvp && nd.ni_dvp != nd.ni_vp) VOP_UNLOCK(nd.ni_dvp); + if (nd.ni_dvp) vrele(nd.ni_dvp); - } error = copyoutstr(nd.ni_cnd.cn_rpbuf, SCARG(uap, resolved), MAXPATHLEN, NULL); |