sys_pipe(): fix file descriptor leaks

author Ulrich Drepper <drepper@redhat.com>

Wed, 7 May 2008 03:42:38 +0000 (20:42 -0700)

committer Linus Torvalds <torvalds@linux-foundation.org>

Thu, 8 May 2008 17:46:56 +0000 (10:46 -0700)
author Ulrich Drepper <drepper@redhat.com>
Wed, 7 May 2008 03:42:38 +0000 (20:42 -0700)
committer Linus Torvalds <torvalds@linux-foundation.org>
Thu, 8 May 2008 17:46:56 +0000 (10:46 -0700)
diff --git a/arch/cris/kernel/sys_cris.c b/arch/cris/kernel/sys_cris.c

index 8b9984197edcc57878356a56848c237ea06aa109..d124066e1728880b29dc8778d103b5fed1309a1b 100644 (file)
--- a/arch/cris/kernel/sys_cris.c
+++ b/arch/cris/kernel/sys_cris.c
@@ -40,8 +40,11 @@ asmlinkage int sys_pipe(unsigned long __user * fildes)
          error = do_pipe(fd);
          unlock_kernel();
          if (!error) {
-                if (copy_to_user(fildes, fd, 2*sizeof(int)))
+                if (copy_to_user(fildes, fd, 2*sizeof(int))) {
+                       sys_close(fd[0]);
+                       sys_close(fd[1]);
                          error = -EFAULT;
+               }
          }
          return error;
  }
diff --git a/arch/m32r/kernel/sys_m32r.c b/arch/m32r/kernel/sys_m32r.c

index 6d7a80fdad488676b8e69c43b0db180e68baf823..319c79720b8a2ba3860ff35fad5a20b2552210cc 100644 (file)
--- a/arch/m32r/kernel/sys_m32r.c
+++ b/arch/m32r/kernel/sys_m32r.c
@@ -90,8 +90,11 @@ sys_pipe(unsigned long r0, unsigned long r1, unsigned long r2,
  
         error = do_pipe(fd);
         if (!error) {
-               if (copy_to_user((void __user *)r0, fd, 2*sizeof(int)))
+               if (copy_to_user((void __user *)r0, fd, 2*sizeof(int))) {
+                       sys_close(fd[0]);
+                       sys_close(fd[1]);
                         error = -EFAULT;
+               }
         }
         return error;
  }
diff --git a/fs/pipe.c b/fs/pipe.c

index 3499f9ff6316ba7189475ec11021bab74dcf083a..ec228bc9f8824128ea99c5cb24abc743063e00bb 100644 (file)
--- a/fs/pipe.c
+++ b/fs/pipe.c
@@ -17,6 +17,7 @@
  #include <linux/highmem.h>
  #include <linux/pagemap.h>
  #include <linux/audit.h>
+#include <linux/syscalls.h>
  
  #include <asm/uaccess.h>
  #include <asm/ioctls.h>
@@ -1086,8 +1087,11 @@ asmlinkage long __weak sys_pipe(int __user *fildes)
  
         error = do_pipe(fd);
         if (!error) {
-               if (copy_to_user(fildes, fd, sizeof(fd)))
+               if (copy_to_user(fildes, fd, sizeof(fd))) {
+                       sys_close(fd[0]);
+                       sys_close(fd[1]);
                         error = -EFAULT;
+               }
         }
         return error;
  }
author	Ulrich Drepper <drepper@redhat.com>
	Wed, 7 May 2008 03:42:38 +0000 (20:42 -0700)
committer	Linus Torvalds <torvalds@linux-foundation.org>
	Thu, 8 May 2008 17:46:56 +0000 (10:46 -0700)
arch/cris/kernel/sys_cris.c		patch \| blob \| history
arch/m32r/kernel/sys_m32r.c		patch \| blob \| history
fs/pipe.c		patch \| blob \| history