cap_fileargs: Fix a descriptor leak in the service process.

The service handler for fileargs_open() tries to pre-open multiple files and pass descriptors for each back to the sandboxed process in a single message. This is to amortize the cost of round-trips between the two processes. The service process adds a "cache" nvlist to the reply to "open", containing file descriptors for pre-opened files. However, when adding that nvlist to the reply, it was making a copy, effectively leaking the cached descriptors. While here, fix spelling in a local variable name. PR: 241226 Reviewed by: oshogbo MFC after: 3 days Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D25095
2020-06-01 15:32:13 +00:00 · 2020-06-01 15:32:13 +00:00 · c78e42e207
commit c78e42e207
parent b7ec5dea64
1 changed files with 5 additions and 5 deletions
--- a/lib/libcasper/services/cap_fileargs/cap_fileargs.c
+++ b/lib/libcasper/services/cap_fileargs/cap_fileargs.c
@ -500,7 +500,7 @@ open_file(const char *name)
 static void
 fileargs_add_cache(nvlist_t *nvlout, const nvlist_t *limits,
-    const char *curent_name)
+    const char *current_name)
 {
 	int type, i, fd;
 	void *cookie;
@ -527,9 +527,9 @@ fileargs_add_cache(nvlist_t *nvlout, const nvlist_t *limits,
 			break;
 		}
-		if (type != NV_TYPE_NULL ||
+		if (type != NV_TYPE_NULL || (current_name != NULL &&
-		    (curent_name != NULL && strcmp(fname, curent_name) == 0)) {
+		    strcmp(fname, current_name) == 0)) {
-			curent_name = NULL;
+			current_name = NULL;
 			i--;
 			continue;
 		}
@ -553,7 +553,7 @@ fileargs_add_cache(nvlist_t *nvlout, const nvlist_t *limits,
 			nvlist_add_binary(new, "stat", &sb, sizeof(sb));
 		}
-		nvlist_add_nvlist(nvlout, fname, new);
+		nvlist_move_nvlist(nvlout, fname, new);
 	}
 	cacheposition = cookie;
 	lastname = fname;