Proxmox-Port/qemu
1
0
Fork 0
mirror of https://github.com/qemu/qemu.git synced 2025-08-08 08:05:17 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

9pfs: fix file descriptor leak

Browse Source 
The v9fs_create() and v9fs_lcreate() functions are used to create a file
on the backend and to associate it to a fid. The fid shouldn't be already
in-use, otherwise both functions may silently leak a file descriptor or
allocated memory. The current code doesn't check that.

This patch ensures that the fid isn't already associated to anything
before using it.

Signed-off-by: Li Qiang <liqiang6-s@360.cn>
(reworded the changelog, Greg Kurz)
Signed-off-by: Greg Kurz <groug@kaod.org>
This commit is contained in:
Li Qiang 2017-03-27 21:13:19 +02:00 committed by Greg Kurz
parent eb06c9e2d3
commit d63fb193e7
1 changed files with 8 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
hw/9pfs/9p.c
View File

@ -1550,6 +1550,10 @@ static void coroutine_fn v9fs_lcreate(void *opaque)
err = -ENOENT; err = -ENOENT;
goto out_nofid; goto out_nofid;
} }
if (fidp->fid_type != P9_FID_NONE) {
err = -EINVAL;
goto out;
}
flags = get_dotl_openflags(pdu->s, flags); flags = get_dotl_openflags(pdu->s, flags);
err = v9fs_co_open2(pdu, fidp, &name, gid, err = v9fs_co_open2(pdu, fidp, &name, gid,
@ -2153,6 +2157,10 @@ static void coroutine_fn v9fs_create(void *opaque)
err = -EINVAL; err = -EINVAL;
goto out_nofid; goto out_nofid;
} }
if (fidp->fid_type != P9_FID_NONE) {
err = -EINVAL;
goto out;
}
if (perm & P9_STAT_MODE_DIR) { if (perm & P9_STAT_MODE_DIR) {
err = v9fs_co_mkdir(pdu, fidp, &name, perm & 0777, err = v9fs_co_mkdir(pdu, fidp, &name, perm & 0777,
fidp->uid, -1, &stbuf); fidp->uid, -1, &stbuf);