svn commit: r344857 - head/sys/fs/fuse
Conrad Meyer
cem at FreeBSD.org
Wed Mar 6 22:56:50 UTC 2019
Author: cem
Date: Wed Mar 6 22:56:49 2019
New Revision: 344857
URL: https://svnweb.freebsd.org/changeset/base/344857
Log:
FUSE: Prevent trivial panic
When open(2) was invoked against a FUSE filesystem with an unexpected flags
value (no O_RDONLY / O_RDWR / O_WRONLY), an assertion fired, causing panic.
For now, prevent the panic by rejecting such VOP_OPENs with EINVAL.
This is not considered the correct long term fix, but does prevent an
unprivileged denial-of-service.
PR: 236329
Reported by: asomers
Reviewed by: asomers
Sponsored by: Dell EMC Isilon
Modified:
head/sys/fs/fuse/fuse_vnops.c
Modified: head/sys/fs/fuse/fuse_vnops.c
==============================================================================
--- head/sys/fs/fuse/fuse_vnops.c Wed Mar 6 22:13:53 2019 (r344856)
+++ head/sys/fs/fuse/fuse_vnops.c Wed Mar 6 22:56:49 2019 (r344857)
@@ -1174,6 +1174,9 @@ fuse_vnop_open(struct vop_open_args *ap)
if (fuse_isdeadfs(vp)) {
return ENXIO;
}
+ if ((mode & (FREAD | FWRITE)) == 0)
+ return EINVAL;
+
fvdat = VTOFUD(vp);
if (vnode_isdir(vp)) {
More information about the svn-src-head
mailing list