open: Fix race condition when called with O_TRUNC

Fix a race condition in which a file opened with O_TRUNC is made available to other file functions expecting a file descriptor before the truncation is performed. This is only possible if the other thread was using an invalid file descriptor as the open call has yet to finish. Closes #5109
2024-07-27 18:40:23 +02:00
parent 7440264601
commit 9c57576a4b
1 changed files with 13 additions and 3 deletions
--- a/cpukit/libcsupport/src/open.c
+++ b/cpukit/libcsupport/src/open.c
@@ -142,16 +142,26 @@ static int do_open(
  rv = (*iop->pathinfo.handlers->open_h)( iop, path, oflag, mode );

  if ( rv == 0 ) {
-    rtems_libio_iop_flags_set( iop, LIBIO_FLAGS_OPEN );
-
+    /*
+     * Postpone the setting of LIBIO_FLAGS_OPEN after the truncation of the
+     * file, this ensures that the file descriptor cannot be used or closed
+     * during or just before the truncation by some other thread.
+     */
    if ( truncate ) {
-      rv = ftruncate( fd, 0 );
+      if ( write_access ) {
+        rv = (*iop->pathinfo.handlers->ftruncate_h)( iop, 0 );
+      } else {
+        rv = -1;
+        errno = EINVAL;
+      }
+
      if ( rv != 0 ) {
        (*iop->pathinfo.handlers->close_h)( iop );
      }
    }

    if ( rv == 0 ) {
+      rtems_libio_iop_flags_set( iop, LIBIO_FLAGS_OPEN );
      rv = fd;
    } else {
      rv = -1;