Fix handling of bad file descriptors in dup(2).
Previously, sys_dup() would do dtable->Get() on the passed in-file descriptor and then pass the result directly to dtable->Allocate(). If the file descriptor is not valid, dtable->Get() returns a NULL reference and sets errno to mark the error. Since sys_dup() did not check the return value of dtable->Get() and dtable->Allocate() does not check whether the passed in Ref<Descriptor> is a NULL reference, dup(2) with invalid file descriptor would succesfully allocate a new file descriptor with garbage contents. This commit changes sys_dup() to use a variant of dtable->Allocate() that takes in a file descriptor as an integer and properly validates it before use.
This commit is contained in:
parent
f8d4d3d635
commit
332d39445c
|
@ -138,9 +138,7 @@ int sys_closefrom(int fd)
|
||||||
|
|
||||||
int sys_dup(int fd)
|
int sys_dup(int fd)
|
||||||
{
|
{
|
||||||
Ref<DescriptorTable> dtable = CurrentProcess()->GetDTable();
|
return CurrentProcess()->GetDTable()->Allocate(fd, 0);
|
||||||
Ref<Descriptor> desc = dtable->Get(fd);
|
|
||||||
return dtable->Allocate(desc, 0);
|
|
||||||
}
|
}
|
||||||
|
|
||||||
int sys_dup3(int oldfd, int newfd, int flags)
|
int sys_dup3(int oldfd, int newfd, int flags)
|
||||||
|
|
Loading…
Reference in New Issue