svn commit: r344857 - head/sys/fs/fuse
Konstantin Belousov
kostikbel at gmail.com
Thu Mar 7 11:00:10 UTC 2019
On Wed, Mar 06, 2019 at 10:56:49PM +0000, Conrad Meyer wrote:
> Author: cem
> Date: Wed Mar 6 22:56:49 2019
> New Revision: 344857
> URL: https://svnweb.freebsd.org/changeset/base/344857
>
> Log:
> FUSE: Prevent trivial panic
>
> When open(2) was invoked against a FUSE filesystem with an unexpected flags
> value (no O_RDONLY / O_RDWR / O_WRONLY), an assertion fired, causing panic.
Did you miss O_EXEC ? O_RDONLY is defined as zero, and we interpret the
flags as having O_RDONLY if no other flags were passed.
VFS guarantees that one of the O_EXEC/FREAD/FWRITE flag is always
there. If it does not, it is bug. See the code at the start of
kern_openat().
>
> For now, prevent the panic by rejecting such VOP_OPENs with EINVAL.
>
> This is not considered the correct long term fix, but does prevent an
> unprivileged denial-of-service.
>
> PR: 236329
> Reported by: asomers
> Reviewed by: asomers
> Sponsored by: Dell EMC Isilon
>
> Modified:
> head/sys/fs/fuse/fuse_vnops.c
>
> Modified: head/sys/fs/fuse/fuse_vnops.c
> ==============================================================================
> --- head/sys/fs/fuse/fuse_vnops.c Wed Mar 6 22:13:53 2019 (r344856)
> +++ head/sys/fs/fuse/fuse_vnops.c Wed Mar 6 22:56:49 2019 (r344857)
> @@ -1174,6 +1174,9 @@ fuse_vnop_open(struct vop_open_args *ap)
> if (fuse_isdeadfs(vp)) {
> return ENXIO;
> }
> + if ((mode & (FREAD | FWRITE)) == 0)
> + return EINVAL;
> +
> fvdat = VTOFUD(vp);
>
> if (vnode_isdir(vp)) {
More information about the svn-src-head
mailing list