[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[hurd] 01/01: patches/hash-weakref: New patch to fix use-after-free
|
From: |
Samuel Thibault |
|
Subject: |
[hurd] 01/01: patches/hash-weakref: New patch to fix use-after-free |
|
Date: |
Tue, 19 Dec 2017 20:49:36 +0000 |
This is an automated email from the git hooks/post-receive script.
sthibault pushed a commit to branch master
in repository hurd.
commit 579bc372b785bea05ffc1d1b2bd9f485734596a4
Author: Samuel Thibault <address@hidden>
Date: Tue Dec 19 20:10:24 2017 +0000
patches/hash-weakref: New patch to fix use-after-free
Closes: Bug#882507
---
debian/changelog | 6 ++++++
debian/patches/hash-weakref | 52 +++++++++++++++++++++++++++++++++++++++++++++
debian/patches/series | 1 +
3 files changed, 59 insertions(+)
diff --git a/debian/changelog b/debian/changelog
index 3982270..3a8498b 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,9 @@
+hurd (1:0.9.git20171119-3) unstable; urgency=medium
+
+ * patches/hash-weakref: New patch to fix use-after-free. Closes: Bug#882507.
+
+ -- Samuel Thibault <address@hidden> Tue, 19 Dec 2017 20:09:37 +0000
+
hurd (1:0.9.git20171119-2) unstable; urgency=medium
* patches/pie-core: New patch to add at_entry note for PIE core dumps.
diff --git a/debian/patches/hash-weakref b/debian/patches/hash-weakref
new file mode 100644
index 0000000..ec44966
--- /dev/null
+++ b/debian/patches/hash-weakref
@@ -0,0 +1,52 @@
+commit b37c7dd4dd0de064b7ae2c9ad5687ebb635677c8
+Author: Samuel Thibault <address@hidden>
+Date: Tue Dec 19 01:39:36 2017 +0100
+
+ libfshelp: Add weak reference for hash table reference
+
+ Fixes reference w/o send right crash.
+
+ * libfshelp/get-identity.c (fshelp_get_identity): Get weak reference for
+ the hash table reference.
+ (id_initialize): Pass id_clean as dropweak_routine instead of
+ clean_routine to ports_create_class.
+ (id_clean): Remove from hash table only if there are no hard references
+ left, i.e. we didn't reacquired a port right in between.
+
+diff --git a/libfshelp/get-identity.c b/libfshelp/get-identity.c
+index 17244dee..9f92272e 100644
+--- a/libfshelp/get-identity.c
++++ b/libfshelp/get-identity.c
+@@ -42,7 +42,12 @@ id_clean (void *cookie)
+ {
+ struct idspec *i = cookie;
+ pthread_mutex_lock (&idlock);
+- hurd_ihash_locp_remove (&idhash, i->id_hashloc);
++ if (refcounts_hard_references(&i->pi.refcounts) == 0)
++ {
++ /* Nobody got a send right in between, we can remove from the hash. */
++ hurd_ihash_locp_remove (&idhash, i->id_hashloc);
++ ports_port_deref_weak (&i->pi);
++ }
+ pthread_mutex_unlock (&idlock);
+ }
+
+@@ -50,7 +55,7 @@ static void
+ id_initialize ()
+ {
+ assert_backtrace (!idclass);
+- idclass = ports_create_class (id_clean, NULL);
++ idclass = ports_create_class (NULL, id_clean);
+ }
+
+ error_t
+@@ -75,6 +80,9 @@ fshelp_get_identity (struct port_bucket *bucket,
+ if (err)
+ goto lose_port;
+
++ /* Weak reference for the hash entry. */
++ ports_port_ref_weak(&i->pi);
++
+ *pt = ports_get_right (i);
+ ports_port_deref (i);
+ }
diff --git a/debian/patches/series b/debian/patches/series
index 0cb5a88..1cba2e7 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -30,3 +30,4 @@ libports-iterate-refcount.patch
exec_filename_rpctrace.patch
exec_set_exe.patch
pie-core
+hash-weakref
--
Alioth's /usr/local/bin/git-commit-notice on
/srv/git.debian.org/git/pkg-hurd/hurd.git