Clear the pointers to the file in the struct filedesc before file is closed
in fdfree. Otherwise, sysctl_kern_proc_filedesc may dereference stale struct file * values. Reported and tested by: pho MFC after: 1 month
This commit is contained in:
parent
83e73926ad
commit
7efa697d80
@ -1703,14 +1703,16 @@ fdfree(struct thread *td)
|
||||
FILEDESC_XUNLOCK(fdp);
|
||||
if (i > 0)
|
||||
return;
|
||||
/*
|
||||
* We are the last reference to the structure, so we can
|
||||
* safely assume it will not change out from under us.
|
||||
*/
|
||||
|
||||
fpp = fdp->fd_ofiles;
|
||||
for (i = fdp->fd_lastfile; i-- >= 0; fpp++) {
|
||||
if (*fpp)
|
||||
(void) closef(*fpp, td);
|
||||
if (*fpp) {
|
||||
FILEDESC_XLOCK(fdp);
|
||||
fp = *fpp;
|
||||
*fpp = NULL;
|
||||
FILEDESC_XUNLOCK(fdp);
|
||||
(void) closef(fp, td);
|
||||
}
|
||||
}
|
||||
FILEDESC_XLOCK(fdp);
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user