Date: Wed, 6 Mar 2019 22:56:49 +0000 (UTC) From: Conrad Meyer <cem@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r344857 - head/sys/fs/fuse Message-ID: <201903062256.x26Munf3054948@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: cem Date: Wed Mar 6 22:56:49 2019 New Revision: 344857 URL: https://svnweb.freebsd.org/changeset/base/344857 Log: FUSE: Prevent trivial panic When open(2) was invoked against a FUSE filesystem with an unexpected flags value (no O_RDONLY / O_RDWR / O_WRONLY), an assertion fired, causing panic. For now, prevent the panic by rejecting such VOP_OPENs with EINVAL. This is not considered the correct long term fix, but does prevent an unprivileged denial-of-service. PR: 236329 Reported by: asomers Reviewed by: asomers Sponsored by: Dell EMC Isilon Modified: head/sys/fs/fuse/fuse_vnops.c Modified: head/sys/fs/fuse/fuse_vnops.c ============================================================================== --- head/sys/fs/fuse/fuse_vnops.c Wed Mar 6 22:13:53 2019 (r344856) +++ head/sys/fs/fuse/fuse_vnops.c Wed Mar 6 22:56:49 2019 (r344857) @@ -1174,6 +1174,9 @@ fuse_vnop_open(struct vop_open_args *ap) if (fuse_isdeadfs(vp)) { return ENXIO; } + if ((mode & (FREAD | FWRITE)) == 0) + return EINVAL; + fvdat = VTOFUD(vp); if (vnode_isdir(vp)) {
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201903062256.x26Munf3054948>