From c78e42e207a67e75c0ccc1136a928b83c1f0dfa8 Mon Sep 17 00:00:00 2001 From: Mark Johnston Date: Mon, 1 Jun 2020 15:32:13 +0000 Subject: [PATCH] cap_fileargs: Fix a descriptor leak in the service process. The service handler for fileargs_open() tries to pre-open multiple files and pass descriptors for each back to the sandboxed process in a single message. This is to amortize the cost of round-trips between the two processes. The service process adds a "cache" nvlist to the reply to "open", containing file descriptors for pre-opened files. However, when adding that nvlist to the reply, it was making a copy, effectively leaking the cached descriptors. While here, fix spelling in a local variable name. PR: 241226 Reviewed by: oshogbo MFC after: 3 days Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D25095 --- lib/libcasper/services/cap_fileargs/cap_fileargs.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/lib/libcasper/services/cap_fileargs/cap_fileargs.c b/lib/libcasper/services/cap_fileargs/cap_fileargs.c index ff8b182a5a4e..a777647b1720 100644 --- a/lib/libcasper/services/cap_fileargs/cap_fileargs.c +++ b/lib/libcasper/services/cap_fileargs/cap_fileargs.c @@ -500,7 +500,7 @@ open_file(const char *name) static void fileargs_add_cache(nvlist_t *nvlout, const nvlist_t *limits, - const char *curent_name) + const char *current_name) { int type, i, fd; void *cookie; @@ -527,9 +527,9 @@ fileargs_add_cache(nvlist_t *nvlout, const nvlist_t *limits, break; } - if (type != NV_TYPE_NULL || - (curent_name != NULL && strcmp(fname, curent_name) == 0)) { - curent_name = NULL; + if (type != NV_TYPE_NULL || (current_name != NULL && + strcmp(fname, current_name) == 0)) { + current_name = NULL; i--; continue; } @@ -553,7 +553,7 @@ fileargs_add_cache(nvlist_t *nvlout, const nvlist_t *limits, nvlist_add_binary(new, "stat", &sb, sizeof(sb)); } - nvlist_add_nvlist(nvlout, fname, new); + nvlist_move_nvlist(nvlout, fname, new); } cacheposition = cookie; lastname = fname;