More general fix based on bug report and patch from Ian Lance Taylor

<ian@airs.com> to fix this problem: There is a small bug in __rtems_close in c/src/lib/libc/libio.c. It does not check whether the file descriptor it is passed is open. This can cause it to make a null dereference if it is passed a file descriptor which is in the valid range but which was not opened, or which was already closed.
1999-01-20 15:48:22 +00:00
parent 5f22d0916a
commit 2d733c424b
42 changed files with 126 additions and 6 deletions
--- a/c/src/exec/include/rtems/libio_.h
+++ b/c/src/exec/include/rtems/libio_.h
@@ -103,6 +103,20 @@ extern mode_t    rtems_filesystem_umask;
  ((((unsigned32)(_fd)) < rtems_libio_number_iops) ? \
         &rtems_libio_iops[_fd] : 0)
 /*  
 *  rtems_libio_check_is_open
 *  
 *  Macro to check if a file descriptor is actually open.
 */
 #define rtems_libio_check_is_open(_iop) \
  do {                                               \
      if (((_iop)->flags & LIBIO_FLAGS_OPEN) == 0) { \
          errno = EBADF;                             \
          return -1;                                 \
      }                                              \
  } while (0)
 /*
 *  rtems_libio_check_fd
 *
@@ -118,7 +132,7 @@ extern mode_t    rtems_filesystem_umask;
  } while (0)
 /*
- *  rtems_libio_check_fd
+ *  rtems_libio_check_buffer
 *
 *  Macro to check if a buffer pointer is valid.
 */
--- a/c/src/exec/libcsupport/include/rtems/libio_.h
+++ b/c/src/exec/libcsupport/include/rtems/libio_.h
@@ -103,6 +103,20 @@ extern mode_t    rtems_filesystem_umask;
  ((((unsigned32)(_fd)) < rtems_libio_number_iops) ? \
         &rtems_libio_iops[_fd] : 0)
 /*  
 *  rtems_libio_check_is_open
 *  
 *  Macro to check if a file descriptor is actually open.
 */
 #define rtems_libio_check_is_open(_iop) \
  do {                                               \
      if (((_iop)->flags & LIBIO_FLAGS_OPEN) == 0) { \
          errno = EBADF;                             \
          return -1;                                 \
      }                                              \
  } while (0)
 /*
 *  rtems_libio_check_fd
 *
@@ -118,7 +132,7 @@ extern mode_t    rtems_filesystem_umask;
  } while (0)
 /*
- *  rtems_libio_check_fd
+ *  rtems_libio_check_buffer
 *
 *  Macro to check if a buffer pointer is valid.
 */
--- a/c/src/exec/libcsupport/src/close.c
+++ b/c/src/exec/libcsupport/src/close.c
@@ -24,6 +24,7 @@ int close(
  rtems_libio_check_fd(fd);
  iop = rtems_libio_iop(fd);
  rtems_libio_check_is_open(iop);
  if ( iop->flags & LIBIO_FLAGS_HANDLER_MASK ) {
    int (*fp)(int  fd);
--- a/c/src/exec/libcsupport/src/fchmod.c
+++ b/c/src/exec/libcsupport/src/fchmod.c
@@ -29,6 +29,7 @@ int fchmod(
  rtems_libio_check_fd( fd );
  iop = rtems_libio_iop( fd );
  rtems_libio_check_is_open(iop);
  /*
   *  If this is not a file system based entity, it is an error.
--- a/c/src/exec/libcsupport/src/fcntl.c
+++ b/c/src/exec/libcsupport/src/fcntl.c
@@ -34,6 +34,7 @@ int fcntl(
  rtems_libio_check_fd( fd );
  iop = rtems_libio_iop( fd );
  rtems_libio_check_is_open(iop);
  /*
   *  If this is not a file system based entity, it is an error.
--- a/c/src/exec/libcsupport/src/fdatasync.c
+++ b/c/src/exec/libcsupport/src/fdatasync.c
@@ -24,6 +24,7 @@ int fdatasync(
  rtems_libio_check_fd( fd );
  iop = rtems_libio_iop( fd );
  rtems_libio_check_is_open(iop);
  rtems_libio_check_permissions( iop, LIBIO_FLAGS_WRITE );
  /*
--- a/c/src/exec/libcsupport/src/fpathconf.c
+++ b/c/src/exec/libcsupport/src/fpathconf.c
@@ -28,6 +28,7 @@ long fpathconf(
  rtems_libio_check_fd(fd);
  iop = rtems_libio_iop(fd);
  rtems_libio_check_is_open(iop);
  rtems_libio_check_permissions(iop, LIBIO_FLAGS_READ);
  /*
--- a/c/src/exec/libcsupport/src/fstat.c
+++ b/c/src/exec/libcsupport/src/fstat.c
@@ -66,6 +66,7 @@ int fstat(
  iop = rtems_libio_iop( fd );
  rtems_libio_check_fd( fd );
  rtems_libio_check_is_open(iop);
  if ( !iop->handlers->fstat )
    set_errno_and_return_minus_one( ENOTSUP );
--- a/c/src/exec/libcsupport/src/fsync.c
+++ b/c/src/exec/libcsupport/src/fsync.c
@@ -24,6 +24,7 @@ int fsync(
  rtems_libio_check_fd( fd );
  iop = rtems_libio_iop( fd );
  rtems_libio_check_is_open(iop);
  rtems_libio_check_permissions( iop, LIBIO_FLAGS_WRITE );
  /*
--- a/c/src/exec/libcsupport/src/ftruncate.c
+++ b/c/src/exec/libcsupport/src/ftruncate.c
@@ -27,6 +27,7 @@ int ftruncate(
  rtems_libio_check_fd( fd );
  iop = rtems_libio_iop( fd );
  rtems_libio_check_is_open(iop);
  /*
   *  If this is not a file system based entity, it is an error.
--- a/c/src/exec/libcsupport/src/ioctl.c
+++ b/c/src/exec/libcsupport/src/ioctl.c
@@ -28,6 +28,7 @@ int ioctl(
  rtems_libio_check_fd( fd );
  iop = rtems_libio_iop( fd );
  rtems_libio_check_is_open(iop);
  /*
   *  If this file descriptor is mapped to an external set of handlers,
--- a/c/src/exec/libcsupport/src/lseek.c
+++ b/c/src/exec/libcsupport/src/lseek.c
@@ -26,6 +26,7 @@ off_t lseek(
  rtems_libio_check_fd( fd );
  iop = rtems_libio_iop( fd );
  rtems_libio_check_is_open(iop);
  /*
   *  If this file descriptor is mapped to an external set of handlers,
--- a/c/src/exec/libcsupport/src/read.c
+++ b/c/src/exec/libcsupport/src/read.c
@@ -25,6 +25,7 @@ ssize_t read(
  rtems_libio_check_fd( fd );
  iop = rtems_libio_iop( fd );
  rtems_libio_check_is_open(iop);
  rtems_libio_check_buffer( buffer );
  rtems_libio_check_count( count );
  rtems_libio_check_permissions( iop, LIBIO_FLAGS_READ );
--- a/c/src/exec/libcsupport/src/write.c
+++ b/c/src/exec/libcsupport/src/write.c
@@ -33,6 +33,7 @@ ssize_t write(
  rtems_libio_check_fd( fd );
  iop = rtems_libio_iop( fd );
  rtems_libio_check_is_open(iop);
  rtems_libio_check_buffer( buffer );
  rtems_libio_check_count( count );
  rtems_libio_check_permissions( iop, LIBIO_FLAGS_WRITE );
--- a/c/src/lib/include/rtems/libio_.h
+++ b/c/src/lib/include/rtems/libio_.h
@@ -103,6 +103,20 @@ extern mode_t    rtems_filesystem_umask;
  ((((unsigned32)(_fd)) < rtems_libio_number_iops) ? \
         &rtems_libio_iops[_fd] : 0)
 /*  
 *  rtems_libio_check_is_open
 *  
 *  Macro to check if a file descriptor is actually open.
 */
 #define rtems_libio_check_is_open(_iop) \
  do {                                               \
      if (((_iop)->flags & LIBIO_FLAGS_OPEN) == 0) { \
          errno = EBADF;                             \
          return -1;                                 \
      }                                              \
  } while (0)
 /*
 *  rtems_libio_check_fd
 *
@@ -118,7 +132,7 @@ extern mode_t    rtems_filesystem_umask;
  } while (0)
 /*
- *  rtems_libio_check_fd
+ *  rtems_libio_check_buffer
 *
 *  Macro to check if a buffer pointer is valid.
 */
--- a/c/src/lib/libc/close.c
+++ b/c/src/lib/libc/close.c
@@ -24,6 +24,7 @@ int close(
  rtems_libio_check_fd(fd);
  iop = rtems_libio_iop(fd);
  rtems_libio_check_is_open(iop);
  if ( iop->flags & LIBIO_FLAGS_HANDLER_MASK ) {
    int (*fp)(int  fd);
--- a/c/src/lib/libc/fchmod.c
+++ b/c/src/lib/libc/fchmod.c
@@ -29,6 +29,7 @@ int fchmod(
  rtems_libio_check_fd( fd );
  iop = rtems_libio_iop( fd );
  rtems_libio_check_is_open(iop);
  /*
   *  If this is not a file system based entity, it is an error.
--- a/c/src/lib/libc/fcntl.c
+++ b/c/src/lib/libc/fcntl.c
@@ -34,6 +34,7 @@ int fcntl(
  rtems_libio_check_fd( fd );
  iop = rtems_libio_iop( fd );
  rtems_libio_check_is_open(iop);
  /*
   *  If this is not a file system based entity, it is an error.
--- a/c/src/lib/libc/fdatasync.c
+++ b/c/src/lib/libc/fdatasync.c
@@ -24,6 +24,7 @@ int fdatasync(
  rtems_libio_check_fd( fd );
  iop = rtems_libio_iop( fd );
  rtems_libio_check_is_open(iop);
  rtems_libio_check_permissions( iop, LIBIO_FLAGS_WRITE );
  /*
--- a/c/src/lib/libc/fpathconf.c
+++ b/c/src/lib/libc/fpathconf.c
@@ -28,6 +28,7 @@ long fpathconf(
  rtems_libio_check_fd(fd);
  iop = rtems_libio_iop(fd);
  rtems_libio_check_is_open(iop);
  rtems_libio_check_permissions(iop, LIBIO_FLAGS_READ);
  /*
--- a/c/src/lib/libc/fstat.c
+++ b/c/src/lib/libc/fstat.c
@@ -66,6 +66,7 @@ int fstat(
  iop = rtems_libio_iop( fd );
  rtems_libio_check_fd( fd );
  rtems_libio_check_is_open(iop);
  if ( !iop->handlers->fstat )
    set_errno_and_return_minus_one( ENOTSUP );
--- a/c/src/lib/libc/fsync.c
+++ b/c/src/lib/libc/fsync.c
@@ -24,6 +24,7 @@ int fsync(
  rtems_libio_check_fd( fd );
  iop = rtems_libio_iop( fd );
  rtems_libio_check_is_open(iop);
  rtems_libio_check_permissions( iop, LIBIO_FLAGS_WRITE );
  /*
--- a/c/src/lib/libc/ftruncate.c
+++ b/c/src/lib/libc/ftruncate.c
@@ -27,6 +27,7 @@ int ftruncate(
  rtems_libio_check_fd( fd );
  iop = rtems_libio_iop( fd );
  rtems_libio_check_is_open(iop);
  /*
   *  If this is not a file system based entity, it is an error.
--- a/c/src/lib/libc/ioctl.c
+++ b/c/src/lib/libc/ioctl.c
@@ -28,6 +28,7 @@ int ioctl(
  rtems_libio_check_fd( fd );
  iop = rtems_libio_iop( fd );
  rtems_libio_check_is_open(iop);
  /*
   *  If this file descriptor is mapped to an external set of handlers,
--- a/c/src/lib/libc/libio_.h
+++ b/c/src/lib/libc/libio_.h
@@ -103,6 +103,20 @@ extern mode_t    rtems_filesystem_umask;
  ((((unsigned32)(_fd)) < rtems_libio_number_iops) ? \
         &rtems_libio_iops[_fd] : 0)
 /*  
 *  rtems_libio_check_is_open
 *  
 *  Macro to check if a file descriptor is actually open.
 */
 #define rtems_libio_check_is_open(_iop) \
  do {                                               \
      if (((_iop)->flags & LIBIO_FLAGS_OPEN) == 0) { \
          errno = EBADF;                             \
          return -1;                                 \
      }                                              \
  } while (0)
 /*
 *  rtems_libio_check_fd
 *
@@ -118,7 +132,7 @@ extern mode_t    rtems_filesystem_umask;
  } while (0)
 /*
- *  rtems_libio_check_fd
+ *  rtems_libio_check_buffer
 *
 *  Macro to check if a buffer pointer is valid.
 */
--- a/c/src/lib/libc/lseek.c
+++ b/c/src/lib/libc/lseek.c
@@ -26,6 +26,7 @@ off_t lseek(
  rtems_libio_check_fd( fd );
  iop = rtems_libio_iop( fd );
  rtems_libio_check_is_open(iop);
  /*
   *  If this file descriptor is mapped to an external set of handlers,
--- a/c/src/lib/libc/read.c
+++ b/c/src/lib/libc/read.c
@@ -25,6 +25,7 @@ ssize_t read(
  rtems_libio_check_fd( fd );
  iop = rtems_libio_iop( fd );
  rtems_libio_check_is_open(iop);
  rtems_libio_check_buffer( buffer );
  rtems_libio_check_count( count );
  rtems_libio_check_permissions( iop, LIBIO_FLAGS_READ );
--- a/c/src/lib/libc/write.c
+++ b/c/src/lib/libc/write.c
@@ -33,6 +33,7 @@ ssize_t write(
  rtems_libio_check_fd( fd );
  iop = rtems_libio_iop( fd );
  rtems_libio_check_is_open(iop);
  rtems_libio_check_buffer( buffer );
  rtems_libio_check_count( count );
  rtems_libio_check_permissions( iop, LIBIO_FLAGS_WRITE );
--- a/cpukit/include/rtems/libio_.h
+++ b/cpukit/include/rtems/libio_.h
@@ -103,6 +103,20 @@ extern mode_t    rtems_filesystem_umask;
  ((((unsigned32)(_fd)) < rtems_libio_number_iops) ? \
         &rtems_libio_iops[_fd] : 0)
 /*  
 *  rtems_libio_check_is_open
 *  
 *  Macro to check if a file descriptor is actually open.
 */
 #define rtems_libio_check_is_open(_iop) \
  do {                                               \
      if (((_iop)->flags & LIBIO_FLAGS_OPEN) == 0) { \
          errno = EBADF;                             \
          return -1;                                 \
      }                                              \
  } while (0)
 /*
 *  rtems_libio_check_fd
 *
@@ -118,7 +132,7 @@ extern mode_t    rtems_filesystem_umask;
  } while (0)
 /*
- *  rtems_libio_check_fd
+ *  rtems_libio_check_buffer
 *
 *  Macro to check if a buffer pointer is valid.
 */
--- a/cpukit/libcsupport/include/rtems/libio_.h
+++ b/cpukit/libcsupport/include/rtems/libio_.h
@@ -103,6 +103,20 @@ extern mode_t    rtems_filesystem_umask;
  ((((unsigned32)(_fd)) < rtems_libio_number_iops) ? \
         &rtems_libio_iops[_fd] : 0)
 /*  
 *  rtems_libio_check_is_open
 *  
 *  Macro to check if a file descriptor is actually open.
 */
 #define rtems_libio_check_is_open(_iop) \
  do {                                               \
      if (((_iop)->flags & LIBIO_FLAGS_OPEN) == 0) { \
          errno = EBADF;                             \
          return -1;                                 \
      }                                              \
  } while (0)
 /*
 *  rtems_libio_check_fd
 *
@@ -118,7 +132,7 @@ extern mode_t    rtems_filesystem_umask;
  } while (0)
 /*
- *  rtems_libio_check_fd
+ *  rtems_libio_check_buffer
 *
 *  Macro to check if a buffer pointer is valid.
 */
--- a/cpukit/libcsupport/src/close.c
+++ b/cpukit/libcsupport/src/close.c
@@ -24,6 +24,7 @@ int close(
  rtems_libio_check_fd(fd);
  iop = rtems_libio_iop(fd);
  rtems_libio_check_is_open(iop);
  if ( iop->flags & LIBIO_FLAGS_HANDLER_MASK ) {
    int (*fp)(int  fd);
--- a/cpukit/libcsupport/src/fchmod.c
+++ b/cpukit/libcsupport/src/fchmod.c
@@ -29,6 +29,7 @@ int fchmod(
  rtems_libio_check_fd( fd );
  iop = rtems_libio_iop( fd );
  rtems_libio_check_is_open(iop);
  /*
   *  If this is not a file system based entity, it is an error.
--- a/cpukit/libcsupport/src/fcntl.c
+++ b/cpukit/libcsupport/src/fcntl.c
@@ -34,6 +34,7 @@ int fcntl(
  rtems_libio_check_fd( fd );
  iop = rtems_libio_iop( fd );
  rtems_libio_check_is_open(iop);
  /*
   *  If this is not a file system based entity, it is an error.
--- a/cpukit/libcsupport/src/fdatasync.c
+++ b/cpukit/libcsupport/src/fdatasync.c
@@ -24,6 +24,7 @@ int fdatasync(
  rtems_libio_check_fd( fd );
  iop = rtems_libio_iop( fd );
  rtems_libio_check_is_open(iop);
  rtems_libio_check_permissions( iop, LIBIO_FLAGS_WRITE );
  /*
--- a/cpukit/libcsupport/src/fpathconf.c
+++ b/cpukit/libcsupport/src/fpathconf.c
@@ -28,6 +28,7 @@ long fpathconf(
  rtems_libio_check_fd(fd);
  iop = rtems_libio_iop(fd);
  rtems_libio_check_is_open(iop);
  rtems_libio_check_permissions(iop, LIBIO_FLAGS_READ);
  /*
--- a/cpukit/libcsupport/src/fstat.c
+++ b/cpukit/libcsupport/src/fstat.c
@@ -66,6 +66,7 @@ int fstat(
  iop = rtems_libio_iop( fd );
  rtems_libio_check_fd( fd );
  rtems_libio_check_is_open(iop);
  if ( !iop->handlers->fstat )
    set_errno_and_return_minus_one( ENOTSUP );
--- a/cpukit/libcsupport/src/fsync.c
+++ b/cpukit/libcsupport/src/fsync.c
@@ -24,6 +24,7 @@ int fsync(
  rtems_libio_check_fd( fd );
  iop = rtems_libio_iop( fd );
  rtems_libio_check_is_open(iop);
  rtems_libio_check_permissions( iop, LIBIO_FLAGS_WRITE );
  /*
--- a/cpukit/libcsupport/src/ftruncate.c
+++ b/cpukit/libcsupport/src/ftruncate.c
@@ -27,6 +27,7 @@ int ftruncate(
  rtems_libio_check_fd( fd );
  iop = rtems_libio_iop( fd );
  rtems_libio_check_is_open(iop);
  /*
   *  If this is not a file system based entity, it is an error.
--- a/cpukit/libcsupport/src/ioctl.c
+++ b/cpukit/libcsupport/src/ioctl.c
@@ -28,6 +28,7 @@ int ioctl(
  rtems_libio_check_fd( fd );
  iop = rtems_libio_iop( fd );
  rtems_libio_check_is_open(iop);
  /*
   *  If this file descriptor is mapped to an external set of handlers,
--- a/cpukit/libcsupport/src/lseek.c
+++ b/cpukit/libcsupport/src/lseek.c
@@ -26,6 +26,7 @@ off_t lseek(
  rtems_libio_check_fd( fd );
  iop = rtems_libio_iop( fd );
  rtems_libio_check_is_open(iop);
  /*
   *  If this file descriptor is mapped to an external set of handlers,
--- a/cpukit/libcsupport/src/read.c
+++ b/cpukit/libcsupport/src/read.c
@@ -25,6 +25,7 @@ ssize_t read(
  rtems_libio_check_fd( fd );
  iop = rtems_libio_iop( fd );
  rtems_libio_check_is_open(iop);
  rtems_libio_check_buffer( buffer );
  rtems_libio_check_count( count );
  rtems_libio_check_permissions( iop, LIBIO_FLAGS_READ );
--- a/cpukit/libcsupport/src/write.c
+++ b/cpukit/libcsupport/src/write.c
@@ -33,6 +33,7 @@ ssize_t write(
  rtems_libio_check_fd( fd );
  iop = rtems_libio_iop( fd );
  rtems_libio_check_is_open(iop);
  rtems_libio_check_buffer( buffer );
  rtems_libio_check_count( count );
  rtems_libio_check_permissions( iop, LIBIO_FLAGS_WRITE );