Author: hselasky
Date: Sat Sep 9 06:04:05 2017
New Revision: 323347
URL: https://svnweb.freebsd.org/changeset/base/323347
Log:
Add more sanity checks to linux_fget() in the LinuxKPI. This prevents
returning pointers to file descriptors which were not created by the
LinuxKPI.
MFC after: 1 week
Sponsored by: Mellanox Technologies
Modified:
head/sys/compat/linuxkpi/common/include/linux/file.h
Modified: head/sys/compat/linuxkpi/common/include/linux/file.h
==============================================================================
--- head/sys/compat/linuxkpi/common/include/linux/file.h Sat Sep 9
05:56:04 2017 (r323346)
+++ head/sys/compat/linuxkpi/common/include/linux/file.h Sat Sep 9
06:04:05 2017 (r323347)
@@ -53,11 +53,18 @@ linux_fget(unsigned int fd)
cap_rights_t rights;
struct file *file;
+ /* lookup file pointer by file descriptor index */
if (fget_unlocked(curthread->td_proc->p_fd, fd,
- cap_rights_init(&rights), &file, NULL) != 0) {
+ cap_rights_init(&rights), &file, NULL) != 0)
return (NULL);
+
+ /* check if file handle really belongs to us */
+ if (file->f_data == NULL ||
+ file->f_ops != &linuxfileops) {
+ fdrop(file, curthread);
+ return (NULL);
}
- return (struct linux_file *)file->f_data;
+ return ((struct linux_file *)file->f_data);
}
extern void linux_file_free(struct linux_file *filp);
_______________________________________________
svn-src-head@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-head
To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"
