summaryrefslogtreecommitdiffstats
path: root/fs/file.c
diff options
context:
space:
mode:
authorKirill Korotaev <dev@openvz.org>2006-07-12 18:03:05 +0200
committerLinus Torvalds <torvalds@g5.osdl.org>2006-07-12 21:52:54 +0200
commitd579091b4385e9386e244622d593fe064aa8e8e7 (patch)
treeb1fc0f3fef38d7580dc6bdf3b1842534126deda6 /fs/file.c
parent[PATCH] Fix prctl privilege escalation and suid_dumpable (CVE-2006-2451) (diff)
downloadlinux-d579091b4385e9386e244622d593fe064aa8e8e7.tar.xz
linux-d579091b4385e9386e244622d593fe064aa8e8e7.zip
[PATCH] fix fdset leakage
When found, it is obvious. nfds calculated when allocating fdsets is rewritten by calculation of size of fdtable, and when we are unlucky, we try to free fdsets of wrong size. Found due to OpenVZ resource management (User Beancounters). Signed-off-by: Alexey Kuznetsov <kuznet@ms2.inr.ac.ru> Signed-off-by: Kirill Korotaev <dev@openvz.org> Cc: <stable@kernel.org> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Diffstat (limited to 'fs/file.c')
-rw-r--r--fs/file.c4
1 files changed, 3 insertions, 1 deletions
diff --git a/fs/file.c b/fs/file.c
index 3f356086061d..c8f1b0af8e00 100644
--- a/fs/file.c
+++ b/fs/file.c
@@ -273,11 +273,13 @@ static struct fdtable *alloc_fdtable(int nr)
} while (nfds <= nr);
new_fds = alloc_fd_array(nfds);
if (!new_fds)
- goto out;
+ goto out2;
fdt->fd = new_fds;
fdt->max_fds = nfds;
fdt->free_files = NULL;
return fdt;
+out2:
+ nfds = fdt->max_fdset;
out:
if (new_openset)
free_fdset(new_openset, nfds);