d/freebsd-nq
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

This is a fix for a problem described in PR kern/19572. It was

Browse Source 
recently discussed at -hackers. The problem is a null-pointer
    dereference that happens in kern/vfs_lookup.c when accessing ".."
    with a v_mount entry for the current directory vnode of NULL. This
    happens when a volume is forcibly unmounted, and the vnode for a
    working directory in the mounted volume is cleared.

PR: 23191
Submitted by: Thomas Moestl <tmoestl@gmx.net>
This commit is contained in:
Alfred Perlstein 2000-11-30 20:04:44 +00:00
parent 9b67ac593b
commit 237710275e
1 changed files with 11 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
sys/kern/vfs_lookup.c
View File

@ -404,6 +404,10 @@ lookup(ndp)
if ((dp->v_flag & VROOT) == 0 ||
(cnp->cn_flags & NOCROSSMOUNT))
break;
if (dp->v_mount == NULL) { /* forced unmount */
error = EBADF;
goto bad;
}
tdp = dp;
dp = dp->v_mount->mnt_vnodecovered;
vput(tdp);
@ -426,7 +430,7 @@ lookup(ndp)
printf("not found\n");
#endif
if ((error == ENOENT) &&
(dp->v_flag & VROOT) &&
(dp->v_flag & VROOT) && (dp->v_mount != NULL) &&
(dp->v_mount->mnt_flag & MNT_UNION)) {
tdp = dp;
dp = dp->v_mount->mnt_vnodecovered;
@ -510,6 +514,12 @@ lookup(ndp)
((cnp->cn_flags & FOLLOW) || trailing_slash ||
*ndp->ni_next == '/')) {
cnp->cn_flags |= ISSYMLINK;
if (dp->v_mount == NULL) {
/* We can't know whether the directory was mounted with
* NOSYMFOLLOW, so we can't follow safely. */
error = EBADF;
goto bad2;
}
if (dp->v_mount->mnt_flag & MNT_NOSYMFOLLOW) {
error = EACCES;
goto bad2;