From 2d733c424ba21cfa55386e81d668036cc801fc6d Mon Sep 17 00:00:00 2001 From: Joel Sherrill Date: Wed, 20 Jan 1999 15:48:22 +0000 Subject: More general fix based on bug report and patch from Ian Lance Taylor to fix this problem: There is a small bug in __rtems_close in c/src/lib/libc/libio.c. It does not check whether the file descriptor it is passed is open. This can cause it to make a null dereference if it is passed a file descriptor which is in the valid range but which was not opened, or which was already closed. --- c/src/exec/include/rtems/libio_.h | 16 +++++++++++++++- c/src/exec/libcsupport/include/rtems/libio_.h | 16 +++++++++++++++- c/src/exec/libcsupport/src/close.c | 1 + c/src/exec/libcsupport/src/fchmod.c | 1 + c/src/exec/libcsupport/src/fcntl.c | 1 + c/src/exec/libcsupport/src/fdatasync.c | 1 + c/src/exec/libcsupport/src/fpathconf.c | 1 + c/src/exec/libcsupport/src/fstat.c | 1 + c/src/exec/libcsupport/src/fsync.c | 1 + c/src/exec/libcsupport/src/ftruncate.c | 1 + c/src/exec/libcsupport/src/ioctl.c | 1 + c/src/exec/libcsupport/src/lseek.c | 1 + c/src/exec/libcsupport/src/read.c | 1 + c/src/exec/libcsupport/src/write.c | 1 + 14 files changed, 42 insertions(+), 2 deletions(-) (limited to 'c/src/exec') diff --git a/c/src/exec/include/rtems/libio_.h b/c/src/exec/include/rtems/libio_.h index d595500430..995809b6d5 100644 --- a/c/src/exec/include/rtems/libio_.h +++ b/c/src/exec/include/rtems/libio_.h @@ -103,6 +103,20 @@ extern mode_t rtems_filesystem_umask; ((((unsigned32)(_fd)) < rtems_libio_number_iops) ? \ &rtems_libio_iops[_fd] : 0) +/* + * rtems_libio_check_is_open + * + * Macro to check if a file descriptor is actually open. + */ + +#define rtems_libio_check_is_open(_iop) \ + do { \ + if (((_iop)->flags & LIBIO_FLAGS_OPEN) == 0) { \ + errno = EBADF; \ + return -1; \ + } \ + } while (0) + /* * rtems_libio_check_fd * @@ -118,7 +132,7 @@ extern mode_t rtems_filesystem_umask; } while (0) /* - * rtems_libio_check_fd + * rtems_libio_check_buffer * * Macro to check if a buffer pointer is valid. */ diff --git a/c/src/exec/libcsupport/include/rtems/libio_.h b/c/src/exec/libcsupport/include/rtems/libio_.h index d595500430..995809b6d5 100644 --- a/c/src/exec/libcsupport/include/rtems/libio_.h +++ b/c/src/exec/libcsupport/include/rtems/libio_.h @@ -103,6 +103,20 @@ extern mode_t rtems_filesystem_umask; ((((unsigned32)(_fd)) < rtems_libio_number_iops) ? \ &rtems_libio_iops[_fd] : 0) +/* + * rtems_libio_check_is_open + * + * Macro to check if a file descriptor is actually open. + */ + +#define rtems_libio_check_is_open(_iop) \ + do { \ + if (((_iop)->flags & LIBIO_FLAGS_OPEN) == 0) { \ + errno = EBADF; \ + return -1; \ + } \ + } while (0) + /* * rtems_libio_check_fd * @@ -118,7 +132,7 @@ extern mode_t rtems_filesystem_umask; } while (0) /* - * rtems_libio_check_fd + * rtems_libio_check_buffer * * Macro to check if a buffer pointer is valid. */ diff --git a/c/src/exec/libcsupport/src/close.c b/c/src/exec/libcsupport/src/close.c index 0583a36b22..04c269664b 100644 --- a/c/src/exec/libcsupport/src/close.c +++ b/c/src/exec/libcsupport/src/close.c @@ -24,6 +24,7 @@ int close( rtems_libio_check_fd(fd); iop = rtems_libio_iop(fd); + rtems_libio_check_is_open(iop); if ( iop->flags & LIBIO_FLAGS_HANDLER_MASK ) { int (*fp)(int fd); diff --git a/c/src/exec/libcsupport/src/fchmod.c b/c/src/exec/libcsupport/src/fchmod.c index f202a30eb0..46c64cd6f7 100644 --- a/c/src/exec/libcsupport/src/fchmod.c +++ b/c/src/exec/libcsupport/src/fchmod.c @@ -29,6 +29,7 @@ int fchmod( rtems_libio_check_fd( fd ); iop = rtems_libio_iop( fd ); + rtems_libio_check_is_open(iop); /* * If this is not a file system based entity, it is an error. diff --git a/c/src/exec/libcsupport/src/fcntl.c b/c/src/exec/libcsupport/src/fcntl.c index b327a447ac..a89306c9fc 100644 --- a/c/src/exec/libcsupport/src/fcntl.c +++ b/c/src/exec/libcsupport/src/fcntl.c @@ -34,6 +34,7 @@ int fcntl( rtems_libio_check_fd( fd ); iop = rtems_libio_iop( fd ); + rtems_libio_check_is_open(iop); /* * If this is not a file system based entity, it is an error. diff --git a/c/src/exec/libcsupport/src/fdatasync.c b/c/src/exec/libcsupport/src/fdatasync.c index 91bff3aaba..7de28ce38a 100644 --- a/c/src/exec/libcsupport/src/fdatasync.c +++ b/c/src/exec/libcsupport/src/fdatasync.c @@ -24,6 +24,7 @@ int fdatasync( rtems_libio_check_fd( fd ); iop = rtems_libio_iop( fd ); + rtems_libio_check_is_open(iop); rtems_libio_check_permissions( iop, LIBIO_FLAGS_WRITE ); /* diff --git a/c/src/exec/libcsupport/src/fpathconf.c b/c/src/exec/libcsupport/src/fpathconf.c index f3fb1162d0..97c392b5af 100644 --- a/c/src/exec/libcsupport/src/fpathconf.c +++ b/c/src/exec/libcsupport/src/fpathconf.c @@ -28,6 +28,7 @@ long fpathconf( rtems_libio_check_fd(fd); iop = rtems_libio_iop(fd); + rtems_libio_check_is_open(iop); rtems_libio_check_permissions(iop, LIBIO_FLAGS_READ); /* diff --git a/c/src/exec/libcsupport/src/fstat.c b/c/src/exec/libcsupport/src/fstat.c index 82d144dd2c..0399518532 100644 --- a/c/src/exec/libcsupport/src/fstat.c +++ b/c/src/exec/libcsupport/src/fstat.c @@ -66,6 +66,7 @@ int fstat( iop = rtems_libio_iop( fd ); rtems_libio_check_fd( fd ); + rtems_libio_check_is_open(iop); if ( !iop->handlers->fstat ) set_errno_and_return_minus_one( ENOTSUP ); diff --git a/c/src/exec/libcsupport/src/fsync.c b/c/src/exec/libcsupport/src/fsync.c index b77c77312c..eef1f85171 100644 --- a/c/src/exec/libcsupport/src/fsync.c +++ b/c/src/exec/libcsupport/src/fsync.c @@ -24,6 +24,7 @@ int fsync( rtems_libio_check_fd( fd ); iop = rtems_libio_iop( fd ); + rtems_libio_check_is_open(iop); rtems_libio_check_permissions( iop, LIBIO_FLAGS_WRITE ); /* diff --git a/c/src/exec/libcsupport/src/ftruncate.c b/c/src/exec/libcsupport/src/ftruncate.c index 5bcb2ea5d8..0e90db5c79 100644 --- a/c/src/exec/libcsupport/src/ftruncate.c +++ b/c/src/exec/libcsupport/src/ftruncate.c @@ -27,6 +27,7 @@ int ftruncate( rtems_libio_check_fd( fd ); iop = rtems_libio_iop( fd ); + rtems_libio_check_is_open(iop); /* * If this is not a file system based entity, it is an error. diff --git a/c/src/exec/libcsupport/src/ioctl.c b/c/src/exec/libcsupport/src/ioctl.c index 9284c7f9dc..5ac530b6e0 100644 --- a/c/src/exec/libcsupport/src/ioctl.c +++ b/c/src/exec/libcsupport/src/ioctl.c @@ -28,6 +28,7 @@ int ioctl( rtems_libio_check_fd( fd ); iop = rtems_libio_iop( fd ); + rtems_libio_check_is_open(iop); /* * If this file descriptor is mapped to an external set of handlers, diff --git a/c/src/exec/libcsupport/src/lseek.c b/c/src/exec/libcsupport/src/lseek.c index cd8046356f..3e586bbc31 100644 --- a/c/src/exec/libcsupport/src/lseek.c +++ b/c/src/exec/libcsupport/src/lseek.c @@ -26,6 +26,7 @@ off_t lseek( rtems_libio_check_fd( fd ); iop = rtems_libio_iop( fd ); + rtems_libio_check_is_open(iop); /* * If this file descriptor is mapped to an external set of handlers, diff --git a/c/src/exec/libcsupport/src/read.c b/c/src/exec/libcsupport/src/read.c index 52f61d9b50..e2866744a4 100644 --- a/c/src/exec/libcsupport/src/read.c +++ b/c/src/exec/libcsupport/src/read.c @@ -25,6 +25,7 @@ ssize_t read( rtems_libio_check_fd( fd ); iop = rtems_libio_iop( fd ); + rtems_libio_check_is_open(iop); rtems_libio_check_buffer( buffer ); rtems_libio_check_count( count ); rtems_libio_check_permissions( iop, LIBIO_FLAGS_READ ); diff --git a/c/src/exec/libcsupport/src/write.c b/c/src/exec/libcsupport/src/write.c index 4b4d076185..13dc90bb89 100644 --- a/c/src/exec/libcsupport/src/write.c +++ b/c/src/exec/libcsupport/src/write.c @@ -33,6 +33,7 @@ ssize_t write( rtems_libio_check_fd( fd ); iop = rtems_libio_iop( fd ); + rtems_libio_check_is_open(iop); rtems_libio_check_buffer( buffer ); rtems_libio_check_count( count ); rtems_libio_check_permissions( iop, LIBIO_FLAGS_WRITE ); -- cgit v1.2.3