[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PATCH-for-5.0] tools/virtiofsd/passthrough_ll: Fix double close()
|
From: |
Dr. David Alan Gilbert |
|
Subject: |
Re: [PATCH-for-5.0] tools/virtiofsd/passthrough_ll: Fix double close() |
|
Date: |
Tue, 24 Mar 2020 18:56:48 +0000 |
|
User-agent: |
Mutt/1.13.3 (2020-01-12) |
* Philippe Mathieu-Daudé (address@hidden) wrote:
> On 3/21/20 1:06 PM, Philippe Mathieu-Daudé wrote:
> > On success, the fdopendir() call closes fd. Later on the error
> > path we try to close an already-closed fd. This can lead to
> > use-after-free. Fix by only closing the fd if the fdopendir()
> > call failed.
> >
> > Cc: address@hidden
> > Fixes: 7c6b66027 (Import passthrough_ll from libfuse fuse-3.8.0)
>
> libfuse is correct, the bug was introduced in commit b39bce121b, so:
>
> Fixes: b39bce121b (add dirp_map to hide lo_dirp pointers)
Queued with that tweak
> > Reported-by: Coverity (CID 1421933 USE_AFTER_FREE)
> > Suggested-by: Peter Maydell <address@hidden>
> > Signed-off-by: Philippe Mathieu-Daudé <address@hidden>
> > ---
> > tools/virtiofsd/passthrough_ll.c | 3 +--
> > 1 file changed, 1 insertion(+), 2 deletions(-)
> >
> > diff --git a/tools/virtiofsd/passthrough_ll.c
> > b/tools/virtiofsd/passthrough_ll.c
> > index 4f259aac70..4c35c95b25 100644
> > --- a/tools/virtiofsd/passthrough_ll.c
> > +++ b/tools/virtiofsd/passthrough_ll.c
> > @@ -1520,8 +1520,7 @@ out_err:
> > if (d) {
> > if (d->dp) {
> > closedir(d->dp);
> > - }
> > - if (fd != -1) {
> > + } else if (fd != -1) {
> > close(fd);
> > }
> > free(d);
> >
>
>
--
Dr. David Alan Gilbert / address@hidden / Manchester, UK