qemu-devel
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Qemu-devel] [PATCH] 9pfs: fix file descriptor leak


From: Greg Kurz
Subject: Re: [Qemu-devel] [PATCH] 9pfs: fix file descriptor leak
Date: Thu, 23 Mar 2017 10:49:58 +0100

On Thu, 23 Mar 2017 01:52:13 -0700
Li Qiang <address@hidden> wrote:

> In v9fs_create/lcreate dispatch handler, the fidp's fid_type is not checked
> before used. As these function will set the fid_type, if the guest call
> more than once them, it will leak the fidp. This can cause some other

Not leak the fidp but rather a file descriptor or directory handle...

> issue, such as memory leak. Check the fid_type before using them.
> 

or memory previously allocated for an extended attribute.

I'll fix the changelog before pushing the fix.

Thanks,

--
Greg

> Signed-off-by: Li Qiang <address@hidden>
> ---
>  hw/9pfs/9p.c | 8 ++++++++
>  1 file changed, 8 insertions(+)
> 
> diff --git a/hw/9pfs/9p.c b/hw/9pfs/9p.c
> index b8c0b99..48babce 100644
> --- a/hw/9pfs/9p.c
> +++ b/hw/9pfs/9p.c
> @@ -1550,6 +1550,10 @@ static void coroutine_fn v9fs_lcreate(void *opaque)
>          err = -ENOENT;
>          goto out_nofid;
>      }
> +    if (fidp->fid_type != P9_FID_NONE) {
> +        err = -EINVAL;
> +        goto out;
> +    }
>  
>      flags = get_dotl_openflags(pdu->s, flags);
>      err = v9fs_co_open2(pdu, fidp, &name, gid,
> @@ -2153,6 +2157,10 @@ static void coroutine_fn v9fs_create(void *opaque)
>          err = -EINVAL;
>          goto out_nofid;
>      }
> +    if (fidp->fid_type != P9_FID_NONE) {
> +        err = -EINVAL;
> +        goto out;
> +    }
>      if (perm & P9_STAT_MODE_DIR) {
>          err = v9fs_co_mkdir(pdu, fidp, &name, perm & 0777,
>                              fidp->uid, -1, &stbuf);

Attachment: pgpucnsaLllaw.pgp
Description: OpenPGP digital signature


reply via email to

[Prev in Thread] Current Thread [Next in Thread]