Fix oversights from 4170ae4e

4170ae4ea6 was intended to tackle TOCTOU
race conditions reported by CodeQL, but as an oversight, a file
descriptor was not closed and some comments were not updated.
Interestingly, CodeQL did not complain about the file descriptor leak,
so there is room for improvement in how we configure it to try to detect
this issue so that we get early warning about this.

In addition, an optimization opportunity was missed by mistake in
lib/libshare/os/linux/smb.c, which prevented us from truly closing the
TOCTOU race. This was also caught by Coverity.

Reported-by: Coverity (CID 1524424)
Reported-by: Coverity (CID 1526804)
Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Signed-off-by: Richard Yao <richard.yao@alumni.stonybrook.edu>
Closes #14109
This commit is contained in:
Richard Yao 2022-10-31 13:01:04 -04:00 committed by GitHub
parent b37d495e04
commit dcce0dc5f0
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 4 additions and 3 deletions

View File

@ -103,7 +103,7 @@ smb_retrieve_shares(void)
goto out; goto out;
} }
if (stat(file_path, &eStat) == -1) { if (fstat(fd, &eStat) == -1) {
close(fd); close(fd);
rc = SA_SYSTEM_ERR; rc = SA_SYSTEM_ERR;
goto out; goto out;

View File

@ -37,12 +37,12 @@
/* /*
* DESCRIPTION: * DESCRIPTION:
* Verify stat(2) for O_TMPFILE file considers umask. * Verify fstat(2) for O_TMPFILE file considers umask.
* *
* STRATEGY: * STRATEGY:
* 1. open(2) with O_TMPFILE. * 1. open(2) with O_TMPFILE.
* 2. linkat(2). * 2. linkat(2).
* 3. fstat(2)/stat(2) and verify .st_mode value. * 3. fstat(2) and verify .st_mode value.
*/ */
static void static void
@ -94,6 +94,7 @@ test_stat_mode(mode_t mask)
mode = fst.st_mode & 0777; mode = fst.st_mode & 0777;
if (mode != masked) if (mode != masked)
errx(8, "fstat(2) %o != %o\n", mode, masked); errx(8, "fstat(2) %o != %o\n", mode, masked);
close(fd);
} }
int int