If an application closes one of its stdio descriptors (0..2),
an excessive close() on one of these descriptors would cause a memory for this descriptor to be allocated in the internal descriptor table. When this descriptor gets used again, e.g. through the call to open() or socket(), the descriptor would be erroneously left in the blocking mode, and the whole application would get stuck on a blocking operation, e.g., in accept(2). Prevent this bug from happening by disallowing close() against non-active descriptors (return -1 and set errno to EBADF in this case). Reviewed by: deischen Approved by: re (scottl)
This commit is contained in:
parent
2450346579
commit
d635dc4671
Notes:
svn2git
2020-12-20 02:59:44 +00:00
svn path=/head/; revision=115421
@ -49,9 +49,11 @@ _close(int fd)
|
||||
struct stat sb;
|
||||
struct fd_table_entry *entry;
|
||||
|
||||
if ((fd == _thread_kern_pipe[0]) || (fd == _thread_kern_pipe[1])) {
|
||||
if ((fd == _thread_kern_pipe[0]) || (fd == _thread_kern_pipe[1]) ||
|
||||
(_thread_fd_table[fd] == NULL)) {
|
||||
/*
|
||||
* Don't allow silly programs to close the kernel pipe.
|
||||
* Don't allow silly programs to close the kernel pipe
|
||||
* and non-active descriptors.
|
||||
*/
|
||||
errno = EBADF;
|
||||
ret = -1;
|
||||
|
Loading…
Reference in New Issue
Block a user