aboutsummaryrefslogtreecommitdiff
path: root/hw/9pfs
diff options
context:
space:
mode:
authorLi Qiang <liq3ea@gmail.com>2017-03-27 21:13:19 +0200
committerGreg Kurz <groug@kaod.org>2017-03-27 21:13:19 +0200
commitd63fb193e71644a073b77ff5ac6f1216f2f6cf6e (patch)
treeecfdb579e3ae334cb753342c688058ba5bedc928 /hw/9pfs
parenteb06c9e2d3c8f026a206e8402b0ffa201060ec8e (diff)
downloadqemu-d63fb193e71644a073b77ff5ac6f1216f2f6cf6e.zip
qemu-d63fb193e71644a073b77ff5ac6f1216f2f6cf6e.tar.gz
qemu-d63fb193e71644a073b77ff5ac6f1216f2f6cf6e.tar.bz2
9pfs: fix file descriptor leak
The v9fs_create() and v9fs_lcreate() functions are used to create a file on the backend and to associate it to a fid. The fid shouldn't be already in-use, otherwise both functions may silently leak a file descriptor or allocated memory. The current code doesn't check that. This patch ensures that the fid isn't already associated to anything before using it. Signed-off-by: Li Qiang <liqiang6-s@360.cn> (reworded the changelog, Greg Kurz) Signed-off-by: Greg Kurz <groug@kaod.org>
Diffstat (limited to 'hw/9pfs')
-rw-r--r--hw/9pfs/9p.c8
1 files changed, 8 insertions, 0 deletions
diff --git a/hw/9pfs/9p.c b/hw/9pfs/9p.c
index b8c0b99..48babce 100644
--- a/hw/9pfs/9p.c
+++ b/hw/9pfs/9p.c
@@ -1550,6 +1550,10 @@ static void coroutine_fn v9fs_lcreate(void *opaque)
err = -ENOENT;
goto out_nofid;
}
+ if (fidp->fid_type != P9_FID_NONE) {
+ err = -EINVAL;
+ goto out;
+ }
flags = get_dotl_openflags(pdu->s, flags);
err = v9fs_co_open2(pdu, fidp, &name, gid,
@@ -2153,6 +2157,10 @@ static void coroutine_fn v9fs_create(void *opaque)
err = -EINVAL;
goto out_nofid;
}
+ if (fidp->fid_type != P9_FID_NONE) {
+ err = -EINVAL;
+ goto out;
+ }
if (perm & P9_STAT_MODE_DIR) {
err = v9fs_co_mkdir(pdu, fidp, &name, perm & 0777,
fidp->uid, -1, &stbuf);