!1242 fs_epoll竞争漏洞修复

Merge pull request !1242 from 石子怡/master
This commit is contained in:
openharmony_ci 2024-10-15 14:09:01 +00:00 committed by Gitee
commit 0d1635757f
No known key found for this signature in database
GPG Key ID: 173E9B9CA92EEF8F
1 changed files with 23 additions and 11 deletions

View File

@ -220,14 +220,18 @@ int epoll_close(int epfd)
{
struct epoll_head *epHead = NULL;
(VOID)pthread_mutex_lock(&g_epollMutex);
epHead = EpollGetDataBuff(epfd);
if (epHead == NULL) {
(VOID)pthread_mutex_unlock(&g_epollMutex);
set_errno(EBADF);
return -1;
}
DoEpollClose(epHead);
return EpollFreeSysFd(epfd);
int ret = EpollFreeSysFd(epfd);
(VOID)pthread_mutex_unlock(&g_epollMutex);
return ret;
}
int epoll_ctl(int epfd, int op, int fd, struct epoll_event *ev)
@ -236,15 +240,16 @@ int epoll_ctl(int epfd, int op, int fd, struct epoll_event *ev)
int i;
int ret = -1;
(VOID)pthread_mutex_lock(&g_epollMutex);
epHead = EpollGetDataBuff(epfd);
if (epHead == NULL) {
set_errno(EBADF);
return ret;
goto OUT_RELEASE;
}
if (ev == NULL) {
set_errno(EINVAL);
return -1;
goto OUT_RELEASE;
}
switch (op) {
@ -252,18 +257,19 @@ int epoll_ctl(int epfd, int op, int fd, struct epoll_event *ev)
ret = CheckFdExist(epHead, fd);
if (ret == -1) {
set_errno(EEXIST);
return -1;
goto OUT_RELEASE;
}
if (epHead->nodeCount == EPOLL_DEFAULT_SIZE) {
set_errno(ENOMEM);
return -1;
goto OUT_RELEASE;
}
epHead->evs[epHead->nodeCount].events = ev->events | POLLERR | POLLHUP;
epHead->evs[epHead->nodeCount].data.fd = fd;
epHead->nodeCount++;
return 0;
ret = 0;
break;
case EPOLL_CTL_DEL:
for (i = 0; i < epHead->nodeCount; i++) {
if (epHead->evs[i].data.fd != fd) {
@ -275,23 +281,29 @@ int epoll_ctl(int epfd, int op, int fd, struct epoll_event *ev)
epHead->nodeCount - i);
}
epHead->nodeCount--;
return 0;
ret = 0;
goto OUT_RELEASE;
}
set_errno(ENOENT);
return -1;
break;
case EPOLL_CTL_MOD:
for (i = 0; i < epHead->nodeCount; i++) {
if (epHead->evs[i].data.fd == fd) {
epHead->evs[i].events = ev->events | POLLERR | POLLHUP;
return 0;
ret = 0;
goto OUT_RELEASE;
}
}
set_errno(ENOENT);
return -1;
break;
default:
set_errno(EINVAL);
return -1;
break;
}
OUT_RELEASE:
(VOID)pthread_mutex_unlock(&g_epollMutex);
return ret;
}
int epoll_wait(int epfd, FAR struct epoll_event *evs, int maxevents, int timeout)