upstream/opnsense-src
1
0
Fork 0
mirror of https://github.com/opnsense/src.git synced 2026-04-22 14:49:36 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

Devfs replaces file ops vector with devfs-specific one in devfs_open(),

Browse source 
before the struct file is fully initialized in vn_open(), in particular,
fp->f_vnode is NULL. Other thread calling file operation before f_vnode
is set results in NULL pointer dereference in devvn_refthread().

Initialize f_vnode before calling d_fdopen() cdevsw method, that might
set file ops too.

Reported and tested by:	Chris Timmons <cwt networks cwu edu>
	(RELENG_7 version)
MFC after:	3 days
This commit is contained in:
Konstantin Belousov 2009-05-15 19:23:05 +00:00
parent 7293f0e67c
commit 0e9bd89d7d
1 changed files with 3 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
sys/fs/devfs/devfs_vnops.c
View file

@ -942,8 +942,10 @@ devfs_open(struct vop_open_args *ap)
fpop = td->td_fpop;
td->td_fpop = fp;
if (fp != NULL)
if (fp != NULL) {
fp->f_data = dev;
fp->f_vnode = vp;
}
if (dsw->d_fdopen != NULL)
error = dsw->d_fdopen(dev, ap->a_mode, td, fp);
else