[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] [PATCH] 9pfs: fix file descriptor leak
From: |
Greg Kurz |
Subject: |
Re: [Qemu-devel] [PATCH] 9pfs: fix file descriptor leak |
Date: |
Thu, 23 Mar 2017 10:49:58 +0100 |
On Thu, 23 Mar 2017 01:52:13 -0700
Li Qiang <address@hidden> wrote:
> In v9fs_create/lcreate dispatch handler, the fidp's fid_type is not checked
> before used. As these function will set the fid_type, if the guest call
> more than once them, it will leak the fidp. This can cause some other
Not leak the fidp but rather a file descriptor or directory handle...
> issue, such as memory leak. Check the fid_type before using them.
>
or memory previously allocated for an extended attribute.
I'll fix the changelog before pushing the fix.
Thanks,
--
Greg
> Signed-off-by: Li Qiang <address@hidden>
> ---
> hw/9pfs/9p.c | 8 ++++++++
> 1 file changed, 8 insertions(+)
>
> diff --git a/hw/9pfs/9p.c b/hw/9pfs/9p.c
> index b8c0b99..48babce 100644
> --- a/hw/9pfs/9p.c
> +++ b/hw/9pfs/9p.c
> @@ -1550,6 +1550,10 @@ static void coroutine_fn v9fs_lcreate(void *opaque)
> err = -ENOENT;
> goto out_nofid;
> }
> + if (fidp->fid_type != P9_FID_NONE) {
> + err = -EINVAL;
> + goto out;
> + }
>
> flags = get_dotl_openflags(pdu->s, flags);
> err = v9fs_co_open2(pdu, fidp, &name, gid,
> @@ -2153,6 +2157,10 @@ static void coroutine_fn v9fs_create(void *opaque)
> err = -EINVAL;
> goto out_nofid;
> }
> + if (fidp->fid_type != P9_FID_NONE) {
> + err = -EINVAL;
> + goto out;
> + }
> if (perm & P9_STAT_MODE_DIR) {
> err = v9fs_co_mkdir(pdu, fidp, &name, perm & 0777,
> fidp->uid, -1, &stbuf);
pgpucnsaLllaw.pgp
Description: OpenPGP digital signature