Date: Fri, 3 May 2002 11:15:09 -0600 (MDT) From: Fred Clift <fred@clift.org> To: FreeBSD-gnats-submit@FreeBSD.org Subject: bin/37717: [PATCH] calls to libc locatime can leak open file descriptors Message-ID: <200205031715.g43HF9s92692@dev.clift.org>
next in thread | raw e-mail | index | archive | help
>Number: 37717 >Category: bin >Synopsis: [PATCH] calls to libc locatime can leak open file descriptors >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Fri May 03 10:20:01 PDT 2002 >Closed-Date: >Last-Modified: >Originator: Fred Clift >Release: FreeBSD 4.5-STABLE i386 and -CURRENT too >Organization: on behalf ov NTT/Verio hosting >Environment: System: FreeBSD -STABLE and -CURRENT, any platform >Description: Clearly wrong behavior in libc's localtime.c - in tzload() in src/lib/libc/stdtime/localtime.c to be precise. There is a sanity check at the end to make sure that the file that was opened was indeed a regular file and not say, a directory, or device, etc... If the call to fstat succedes we _must_ have had an open file descriptor (in an automatic variable) which it doesn't close before the immediate 'return -1;'. hence, open file descriptor leaking >How-To-Repeat: write a program that calls localtime. Misconfigure /usr/share/zoneinfo/GMT to be a directory instead of a file and run your program. Thats it. Yes, this takes a misconfiguration to tickle, but since it is that misconfiguration that the code is checking for, we should fix it. There is a case where this was discovered was when running proftpd and letting it try and chroot - seems chroot fails when you have an open descriptor of a directory (could use the open descriptor to break out of the chroot). >Fix: patches for -stable and -current are: ** $FreeBSD: src/lib/libc/stdtime/localtime.c,v 1.25.2.1 2001/03/05 11:37:21 obrien Exp $ --- localtime.c.old Tue Apr 30 09:21:42 2002 +++ localtime.c Tue Apr 30 09:20:52 2002 @@ -316,8 +316,10 @@ return -1; if ((fid = _open(name, OPEN_MODE)) == -1) return -1; - if ((_fstat(fid, &stab) < 0) || !S_ISREG(stab.st_mode)) + if ((_fstat(fid, &stab) < 0) || !S_ISREG(stab.st_mode)) { + close(fid); return -1; + } } { struct tzhead * tzhp; (head) __FBSDID("$FreeBSD: src/lib/libc/stdtime/localtime.c,v 1.30 2002/03/22 21:53:13 obrien Exp $"); --- localtime.c.old Mon Mar 5 04:37:21 2001 +++ localtime.c Tue Apr 30 09:13:58 2002 @@ -315,8 +315,10 @@ return -1; if ((fid = _open(name, OPEN_MODE)) == -1) return -1; - if ((fstat(fid, &stab) < 0) || !S_ISREG(stab.st_mode)) + if ((fstat(fid, &stab) < 0) || !S_ISREG(stab.st_mode)) { + close(fid); return -1; + } } { struct tzhead * tzhp; >Release-Note: >Audit-Trail: >Unformatted: To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200205031715.g43HF9s92692>