The tmpfs_link() must not dereference the filesystem-specific data for
a vnode until it is verified that the vnode indeed belongs to tmpfs mount. Otherwise, it might access random memory, at least in the debug kernel. Reported and tested by: pho Sponsored by: The FreeBSD Foundation MFC after: 2 weeks
This commit is contained in:
Konstantin Belousov
parent
57ef02ff0f
commit
706f80801d
@ -570,8 +570,6 @@ tmpfs_link(struct vop_link_args *v)
|
||||
MPASS(cnp->cn_flags & HASBUF);
|
||||
MPASS(dvp != vp); /* XXX When can this be false? */
|
||||
|
||||
node = VP_TO_TMPFS_NODE(vp);
|
||||
|
||||
/* XXX: Why aren't the following two tests done by the caller? */
|
||||
|
||||
/* Hard links of directories are forbidden. */
|
||||
@ -586,6 +584,8 @@ tmpfs_link(struct vop_link_args *v)
|
||||
goto out;
|
||||
}
|
||||
|
||||
node = VP_TO_TMPFS_NODE(vp);
|
||||
|
||||
/* Ensure that we do not overflow the maximum number of links imposed
|
||||
* by the system. */
|
||||
MPASS(node->tn_links <= LINK_MAX);
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user