FUSE: Prevent trivial panic

When open(2) was invoked against a FUSE filesystem with an unexpected flags value (no O_RDONLY / O_RDWR / O_WRONLY), an assertion fired, causing panic. For now, prevent the panic by rejecting such VOP_OPENs with EINVAL. This is not considered the correct long term fix, but does prevent an unprivileged denial-of-service. PR: 236329 Reported by: asomers Reviewed by: asomers Sponsored by: Dell EMC Isilon
2019-03-06 22:56:49 +00:00 · 2019-03-06 22:56:49 +00:00 · 7baf6b27c4
commit 7baf6b27c4
parent ae6222b0c3
1 changed files with 3 additions and 0 deletions
--- a/sys/fs/fuse/fuse_vnops.c
+++ b/sys/fs/fuse/fuse_vnops.c
@ -1174,6 +1174,9 @@ fuse_vnop_open(struct vop_open_args *ap)
 	if (fuse_isdeadfs(vp)) {
 		return ENXIO;
 	}
+	if ((mode & (FREAD | FWRITE)) == 0)
+		return EINVAL;
+
 	fvdat = VTOFUD(vp);

 	if (vnode_isdir(vp)) {