diff options
author | jhb <jhb@FreeBSD.org> | 2002-11-26 17:22:15 +0000 |
---|---|---|
committer | jhb <jhb@FreeBSD.org> | 2002-11-26 17:22:15 +0000 |
commit | 390d1b415b4ef343dc89c751254861f0a69afeef (patch) | |
tree | 9ed4a394b401eaf22a67ecbfc26542743210735d /sys | |
parent | 2f11222833739f6b579a85ecde37ef6edf2e138c (diff) | |
download | FreeBSD-src-390d1b415b4ef343dc89c751254861f0a69afeef.zip FreeBSD-src-390d1b415b4ef343dc89c751254861f0a69afeef.tar.gz |
If the file descriptors passed into do_dup() are negative, return EBADF
instead of panicing. Also, perform some of the simpler sanity checks on
the fds before acquiring the filedesc lock.
Approved by: re
Reported by: Dan Nelson <dan@emsphone.com> and others
Diffstat (limited to 'sys')
-rw-r--r-- | sys/kern/kern_descrip.c | 7 |
1 files changed, 4 insertions, 3 deletions
diff --git a/sys/kern/kern_descrip.c b/sys/kern/kern_descrip.c index 13b339b..852cd39 100644 --- a/sys/kern/kern_descrip.c +++ b/sys/kern/kern_descrip.c @@ -469,10 +469,11 @@ do_dup(td, type, old, new, retval) * Verify we have a valid descriptor to dup from and possibly to * dup to. */ + if (old < 0 || new < 0 || new >= p->p_rlimit[RLIMIT_NOFILE].rlim_cur || + new >= maxfilesperproc) + return (EBADF); FILEDESC_LOCK(fdp); - if (old >= fdp->fd_nfiles || fdp->fd_ofiles[old] == NULL || - new >= p->p_rlimit[RLIMIT_NOFILE].rlim_cur || - new >= maxfilesperproc) { + if (old >= fdp->fd_nfiles || fdp->fd_ofiles[old] == NULL) { FILEDESC_UNLOCK(fdp); return (EBADF); } |