Date: Sat, 9 Sep 2017 06:04:05 +0000 (UTC) From: Hans Petter Selasky <hselasky@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r323347 - head/sys/compat/linuxkpi/common/include/linux Message-ID: <201709090604.v89645u9051763@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: hselasky Date: Sat Sep 9 06:04:05 2017 New Revision: 323347 URL: https://svnweb.freebsd.org/changeset/base/323347 Log: Add more sanity checks to linux_fget() in the LinuxKPI. This prevents returning pointers to file descriptors which were not created by the LinuxKPI. MFC after: 1 week Sponsored by: Mellanox Technologies Modified: head/sys/compat/linuxkpi/common/include/linux/file.h Modified: head/sys/compat/linuxkpi/common/include/linux/file.h ============================================================================== --- head/sys/compat/linuxkpi/common/include/linux/file.h Sat Sep 9 05:56:04 2017 (r323346) +++ head/sys/compat/linuxkpi/common/include/linux/file.h Sat Sep 9 06:04:05 2017 (r323347) @@ -53,11 +53,18 @@ linux_fget(unsigned int fd) cap_rights_t rights; struct file *file; + /* lookup file pointer by file descriptor index */ if (fget_unlocked(curthread->td_proc->p_fd, fd, - cap_rights_init(&rights), &file, NULL) != 0) { + cap_rights_init(&rights), &file, NULL) != 0) return (NULL); + + /* check if file handle really belongs to us */ + if (file->f_data == NULL || + file->f_ops != &linuxfileops) { + fdrop(file, curthread); + return (NULL); } - return (struct linux_file *)file->f_data; + return ((struct linux_file *)file->f_data); } extern void linux_file_free(struct linux_file *filp);
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201709090604.v89645u9051763>