Fix handling of bad file descriptors in dup(2).
Previously, sys_dup() would do dtable->Get() on the passed in-file descriptor and then pass the result directly to dtable->Allocate(). If the file descriptor is not valid, dtable->Get() returns a NULL reference and sets errno to mark the error. Since sys_dup() did not check the return value of dtable->Get() and dtable->Allocate() does not check whether the passed in Ref<Descriptor> is a NULL reference, dup(2) with invalid file descriptor would succesfully allocate a new file descriptor with garbage contents. This commit changes sys_dup() to use a variant of dtable->Allocate() that takes in a file descriptor as an integer and properly validates it before use.
This commit is contained in:
parent
f8d4d3d635
commit
332d39445c
|
@ -138,9 +138,7 @@ int sys_closefrom(int fd)
|
|||
|
||||
int sys_dup(int fd)
|
||||
{
|
||||
Ref<DescriptorTable> dtable = CurrentProcess()->GetDTable();
|
||||
Ref<Descriptor> desc = dtable->Get(fd);
|
||||
return dtable->Allocate(desc, 0);
|
||||
return CurrentProcess()->GetDTable()->Allocate(fd, 0);
|
||||
}
|
||||
|
||||
int sys_dup3(int oldfd, int newfd, int flags)
|
||||
|
|
Loading…
Reference in New Issue