[Bug 192671] New: [cam] cam_close_device/cam_close_spec_device can trash valid file descriptors if called more than once on a device
bugzilla-noreply at freebsd.org
bugzilla-noreply at freebsd.org
Fri Aug 15 04:26:46 UTC 2014
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=192671
Bug ID: 192671
Summary: [cam] cam_close_device/cam_close_spec_device can trash
valid file descriptors if called more than once on a
device
Product: Base System
Version: 11.0-CURRENT
Hardware: Any
OS: Any
Status: Needs Triage
Severity: Affects Some People
Priority: ---
Component: kern
Assignee: freebsd-bugs at FreeBSD.org
Reporter: yaneurabeya at gmail.com
cam_close_spec_device doesn't modify dev->fd after calling
cam_close_spec_device, so if cam_close_spec_device is called multiple times on
a dev object, it can trash valid file descriptors associated with cam or other
pieces of code. See
http://svnweb.freebsd.org/base/head/lib/libcam/camlib.c?annotate=257388#l680
for more details.
Reported by: Scott Ferris <sferris at isilon.com>
--
You are receiving this mail because:
You are the assignee for the bug.
More information about the freebsd-bugs
mailing list