nortti
/
sortix-mirror
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Fix handling of bad file descriptors in dup(2). 

Previously, sys_dup() would do dtable->Get() on the passed in-file
descriptor and then pass the result directly to dtable->Allocate(). If
the file descriptor is not valid, dtable->Get() returns a NULL reference
and sets errno to mark the error. Since sys_dup() did not check the
return value of dtable->Get() and dtable->Allocate() does not check
whether the passed in Ref<Descriptor> is a NULL reference, dup(2) with
invalid file descriptor would succesfully allocate a new file descriptor
with garbage contents.

This commit changes sys_dup() to use a variant of dtable->Allocate()
that takes in a file descriptor as an integer and properly validates it
before use.
This commit is contained in:
Juhani Krekelä 2022-02-09 19:53:38 +02:00
parent f8d4d3d635
commit 332d39445c
1 changed files with 1 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
kernel/io.cpp
View File

@ -138,9 +138,7 @@ int sys_closefrom(int fd)
int sys_dup(int fd)
{
Ref<DescriptorTable> dtable = CurrentProcess()->GetDTable();
Ref<Descriptor> desc = dtable->Get(fd);
return dtable->Allocate(desc, 0);
return CurrentProcess()->GetDTable()->Allocate(fd, 0);
}
int sys_dup3(int oldfd, int newfd, int flags)