forked from Imagelibrary/rtems
More general fix based on bug report and patch from Ian Lance Taylor
<ian@airs.com> to fix this problem: There is a small bug in __rtems_close in c/src/lib/libc/libio.c. It does not check whether the file descriptor it is passed is open. This can cause it to make a null dereference if it is passed a file descriptor which is in the valid range but which was not opened, or which was already closed.
This commit is contained in:
Joel Sherrill
@@ -103,6 +103,20 @@ extern mode_t rtems_filesystem_umask;
|
||||
((((unsigned32)(_fd)) < rtems_libio_number_iops) ? \
|
||||
&rtems_libio_iops[_fd] : 0)
|
||||
|
||||
/*
|
||||
* rtems_libio_check_is_open
|
||||
*
|
||||
* Macro to check if a file descriptor is actually open.
|
||||
*/
|
||||
|
||||
#define rtems_libio_check_is_open(_iop) \
|
||||
do { \
|
||||
if (((_iop)->flags & LIBIO_FLAGS_OPEN) == 0) { \
|
||||
errno = EBADF; \
|
||||
return -1; \
|
||||
} \
|
||||
} while (0)
|
||||
|
||||
/*
|
||||
* rtems_libio_check_fd
|
||||
*
|
||||
@@ -118,7 +132,7 @@ extern mode_t rtems_filesystem_umask;
|
||||
} while (0)
|
||||
|
||||
/*
|
||||
* rtems_libio_check_fd
|
||||
* rtems_libio_check_buffer
|
||||
*
|
||||
* Macro to check if a buffer pointer is valid.
|
||||
*/
|
||||
|
||||
@@ -103,6 +103,20 @@ extern mode_t rtems_filesystem_umask;
|
||||
((((unsigned32)(_fd)) < rtems_libio_number_iops) ? \
|
||||
&rtems_libio_iops[_fd] : 0)
|
||||
|
||||
/*
|
||||
* rtems_libio_check_is_open
|
||||
*
|
||||
* Macro to check if a file descriptor is actually open.
|
||||
*/
|
||||
|
||||
#define rtems_libio_check_is_open(_iop) \
|
||||
do { \
|
||||
if (((_iop)->flags & LIBIO_FLAGS_OPEN) == 0) { \
|
||||
errno = EBADF; \
|
||||
return -1; \
|
||||
} \
|
||||
} while (0)
|
||||
|
||||
/*
|
||||
* rtems_libio_check_fd
|
||||
*
|
||||
@@ -118,7 +132,7 @@ extern mode_t rtems_filesystem_umask;
|
||||
} while (0)
|
||||
|
||||
/*
|
||||
* rtems_libio_check_fd
|
||||
* rtems_libio_check_buffer
|
||||
*
|
||||
* Macro to check if a buffer pointer is valid.
|
||||
*/
|
||||
|
||||
@@ -24,6 +24,7 @@ int close(
|
||||
|
||||
rtems_libio_check_fd(fd);
|
||||
iop = rtems_libio_iop(fd);
|
||||
rtems_libio_check_is_open(iop);
|
||||
if ( iop->flags & LIBIO_FLAGS_HANDLER_MASK ) {
|
||||
int (*fp)(int fd);
|
||||
|
||||
|
||||
@@ -29,6 +29,7 @@ int fchmod(
|
||||
|
||||
rtems_libio_check_fd( fd );
|
||||
iop = rtems_libio_iop( fd );
|
||||
rtems_libio_check_is_open(iop);
|
||||
|
||||
/*
|
||||
* If this is not a file system based entity, it is an error.
|
||||
|
||||
@@ -34,6 +34,7 @@ int fcntl(
|
||||
|
||||
rtems_libio_check_fd( fd );
|
||||
iop = rtems_libio_iop( fd );
|
||||
rtems_libio_check_is_open(iop);
|
||||
|
||||
/*
|
||||
* If this is not a file system based entity, it is an error.
|
||||
|
||||
@@ -24,6 +24,7 @@ int fdatasync(
|
||||
|
||||
rtems_libio_check_fd( fd );
|
||||
iop = rtems_libio_iop( fd );
|
||||
rtems_libio_check_is_open(iop);
|
||||
rtems_libio_check_permissions( iop, LIBIO_FLAGS_WRITE );
|
||||
|
||||
/*
|
||||
|
||||
@@ -28,6 +28,7 @@ long fpathconf(
|
||||
|
||||
rtems_libio_check_fd(fd);
|
||||
iop = rtems_libio_iop(fd);
|
||||
rtems_libio_check_is_open(iop);
|
||||
rtems_libio_check_permissions(iop, LIBIO_FLAGS_READ);
|
||||
|
||||
/*
|
||||
|
||||
@@ -66,6 +66,7 @@ int fstat(
|
||||
|
||||
iop = rtems_libio_iop( fd );
|
||||
rtems_libio_check_fd( fd );
|
||||
rtems_libio_check_is_open(iop);
|
||||
|
||||
if ( !iop->handlers->fstat )
|
||||
set_errno_and_return_minus_one( ENOTSUP );
|
||||
|
||||
@@ -24,6 +24,7 @@ int fsync(
|
||||
|
||||
rtems_libio_check_fd( fd );
|
||||
iop = rtems_libio_iop( fd );
|
||||
rtems_libio_check_is_open(iop);
|
||||
rtems_libio_check_permissions( iop, LIBIO_FLAGS_WRITE );
|
||||
|
||||
/*
|
||||
|
||||
@@ -27,6 +27,7 @@ int ftruncate(
|
||||
|
||||
rtems_libio_check_fd( fd );
|
||||
iop = rtems_libio_iop( fd );
|
||||
rtems_libio_check_is_open(iop);
|
||||
|
||||
/*
|
||||
* If this is not a file system based entity, it is an error.
|
||||
|
||||
@@ -28,6 +28,7 @@ int ioctl(
|
||||
|
||||
rtems_libio_check_fd( fd );
|
||||
iop = rtems_libio_iop( fd );
|
||||
rtems_libio_check_is_open(iop);
|
||||
|
||||
/*
|
||||
* If this file descriptor is mapped to an external set of handlers,
|
||||
|
||||
@@ -26,6 +26,7 @@ off_t lseek(
|
||||
|
||||
rtems_libio_check_fd( fd );
|
||||
iop = rtems_libio_iop( fd );
|
||||
rtems_libio_check_is_open(iop);
|
||||
|
||||
/*
|
||||
* If this file descriptor is mapped to an external set of handlers,
|
||||
|
||||
@@ -25,6 +25,7 @@ ssize_t read(
|
||||
|
||||
rtems_libio_check_fd( fd );
|
||||
iop = rtems_libio_iop( fd );
|
||||
rtems_libio_check_is_open(iop);
|
||||
rtems_libio_check_buffer( buffer );
|
||||
rtems_libio_check_count( count );
|
||||
rtems_libio_check_permissions( iop, LIBIO_FLAGS_READ );
|
||||
|
||||
@@ -33,6 +33,7 @@ ssize_t write(
|
||||
|
||||
rtems_libio_check_fd( fd );
|
||||
iop = rtems_libio_iop( fd );
|
||||
rtems_libio_check_is_open(iop);
|
||||
rtems_libio_check_buffer( buffer );
|
||||
rtems_libio_check_count( count );
|
||||
rtems_libio_check_permissions( iop, LIBIO_FLAGS_WRITE );
|
||||
|
||||
@@ -103,6 +103,20 @@ extern mode_t rtems_filesystem_umask;
|
||||
((((unsigned32)(_fd)) < rtems_libio_number_iops) ? \
|
||||
&rtems_libio_iops[_fd] : 0)
|
||||
|
||||
/*
|
||||
* rtems_libio_check_is_open
|
||||
*
|
||||
* Macro to check if a file descriptor is actually open.
|
||||
*/
|
||||
|
||||
#define rtems_libio_check_is_open(_iop) \
|
||||
do { \
|
||||
if (((_iop)->flags & LIBIO_FLAGS_OPEN) == 0) { \
|
||||
errno = EBADF; \
|
||||
return -1; \
|
||||
} \
|
||||
} while (0)
|
||||
|
||||
/*
|
||||
* rtems_libio_check_fd
|
||||
*
|
||||
@@ -118,7 +132,7 @@ extern mode_t rtems_filesystem_umask;
|
||||
} while (0)
|
||||
|
||||
/*
|
||||
* rtems_libio_check_fd
|
||||
* rtems_libio_check_buffer
|
||||
*
|
||||
* Macro to check if a buffer pointer is valid.
|
||||
*/
|
||||
|
||||
@@ -24,6 +24,7 @@ int close(
|
||||
|
||||
rtems_libio_check_fd(fd);
|
||||
iop = rtems_libio_iop(fd);
|
||||
rtems_libio_check_is_open(iop);
|
||||
if ( iop->flags & LIBIO_FLAGS_HANDLER_MASK ) {
|
||||
int (*fp)(int fd);
|
||||
|
||||
|
||||
@@ -29,6 +29,7 @@ int fchmod(
|
||||
|
||||
rtems_libio_check_fd( fd );
|
||||
iop = rtems_libio_iop( fd );
|
||||
rtems_libio_check_is_open(iop);
|
||||
|
||||
/*
|
||||
* If this is not a file system based entity, it is an error.
|
||||
|
||||
@@ -34,6 +34,7 @@ int fcntl(
|
||||
|
||||
rtems_libio_check_fd( fd );
|
||||
iop = rtems_libio_iop( fd );
|
||||
rtems_libio_check_is_open(iop);
|
||||
|
||||
/*
|
||||
* If this is not a file system based entity, it is an error.
|
||||
|
||||
@@ -24,6 +24,7 @@ int fdatasync(
|
||||
|
||||
rtems_libio_check_fd( fd );
|
||||
iop = rtems_libio_iop( fd );
|
||||
rtems_libio_check_is_open(iop);
|
||||
rtems_libio_check_permissions( iop, LIBIO_FLAGS_WRITE );
|
||||
|
||||
/*
|
||||
|
||||
@@ -28,6 +28,7 @@ long fpathconf(
|
||||
|
||||
rtems_libio_check_fd(fd);
|
||||
iop = rtems_libio_iop(fd);
|
||||
rtems_libio_check_is_open(iop);
|
||||
rtems_libio_check_permissions(iop, LIBIO_FLAGS_READ);
|
||||
|
||||
/*
|
||||
|
||||
@@ -66,6 +66,7 @@ int fstat(
|
||||
|
||||
iop = rtems_libio_iop( fd );
|
||||
rtems_libio_check_fd( fd );
|
||||
rtems_libio_check_is_open(iop);
|
||||
|
||||
if ( !iop->handlers->fstat )
|
||||
set_errno_and_return_minus_one( ENOTSUP );
|
||||
|
||||
@@ -24,6 +24,7 @@ int fsync(
|
||||
|
||||
rtems_libio_check_fd( fd );
|
||||
iop = rtems_libio_iop( fd );
|
||||
rtems_libio_check_is_open(iop);
|
||||
rtems_libio_check_permissions( iop, LIBIO_FLAGS_WRITE );
|
||||
|
||||
/*
|
||||
|
||||
@@ -27,6 +27,7 @@ int ftruncate(
|
||||
|
||||
rtems_libio_check_fd( fd );
|
||||
iop = rtems_libio_iop( fd );
|
||||
rtems_libio_check_is_open(iop);
|
||||
|
||||
/*
|
||||
* If this is not a file system based entity, it is an error.
|
||||
|
||||
@@ -28,6 +28,7 @@ int ioctl(
|
||||
|
||||
rtems_libio_check_fd( fd );
|
||||
iop = rtems_libio_iop( fd );
|
||||
rtems_libio_check_is_open(iop);
|
||||
|
||||
/*
|
||||
* If this file descriptor is mapped to an external set of handlers,
|
||||
|
||||
@@ -103,6 +103,20 @@ extern mode_t rtems_filesystem_umask;
|
||||
((((unsigned32)(_fd)) < rtems_libio_number_iops) ? \
|
||||
&rtems_libio_iops[_fd] : 0)
|
||||
|
||||
/*
|
||||
* rtems_libio_check_is_open
|
||||
*
|
||||
* Macro to check if a file descriptor is actually open.
|
||||
*/
|
||||
|
||||
#define rtems_libio_check_is_open(_iop) \
|
||||
do { \
|
||||
if (((_iop)->flags & LIBIO_FLAGS_OPEN) == 0) { \
|
||||
errno = EBADF; \
|
||||
return -1; \
|
||||
} \
|
||||
} while (0)
|
||||
|
||||
/*
|
||||
* rtems_libio_check_fd
|
||||
*
|
||||
@@ -118,7 +132,7 @@ extern mode_t rtems_filesystem_umask;
|
||||
} while (0)
|
||||
|
||||
/*
|
||||
* rtems_libio_check_fd
|
||||
* rtems_libio_check_buffer
|
||||
*
|
||||
* Macro to check if a buffer pointer is valid.
|
||||
*/
|
||||
|
||||
@@ -26,6 +26,7 @@ off_t lseek(
|
||||
|
||||
rtems_libio_check_fd( fd );
|
||||
iop = rtems_libio_iop( fd );
|
||||
rtems_libio_check_is_open(iop);
|
||||
|
||||
/*
|
||||
* If this file descriptor is mapped to an external set of handlers,
|
||||
|
||||
@@ -25,6 +25,7 @@ ssize_t read(
|
||||
|
||||
rtems_libio_check_fd( fd );
|
||||
iop = rtems_libio_iop( fd );
|
||||
rtems_libio_check_is_open(iop);
|
||||
rtems_libio_check_buffer( buffer );
|
||||
rtems_libio_check_count( count );
|
||||
rtems_libio_check_permissions( iop, LIBIO_FLAGS_READ );
|
||||
|
||||
@@ -33,6 +33,7 @@ ssize_t write(
|
||||
|
||||
rtems_libio_check_fd( fd );
|
||||
iop = rtems_libio_iop( fd );
|
||||
rtems_libio_check_is_open(iop);
|
||||
rtems_libio_check_buffer( buffer );
|
||||
rtems_libio_check_count( count );
|
||||
rtems_libio_check_permissions( iop, LIBIO_FLAGS_WRITE );
|
||||
|
||||
Reference in New Issue
Block a user