hrev52892 adds 1 changeset to branch 'master'
old head: 1efb85decc7f5c50838a53f35d000c8377f5ecc1
new head: c62142a72bd760f999a1f05b0547107cfda9fa11
overview:
https://git.haiku-os.org/haiku/log/?qt=range&q=c62142a72bd7+%5E1efb85decc7f
----------------------------------------------------------------------------
c62142a72bd7: kernel: Add missing NULL check to _user_xsi_semget.
Private semaphores will have a key of -1, but IPC_PRIVATE is 0,
meaning it is possible to wind up here and get a NULL semaphoreSet
if someone passes us an argument of -1.
Reported on Twitter.
[ Augustin Cavalier <waddlesplash@xxxxxxxxx> ]
----------------------------------------------------------------------------
Revision: hrev52892
Commit: c62142a72bd760f999a1f05b0547107cfda9fa11
URL: https://git.haiku-os.org/haiku/commit/?id=c62142a72bd7
Author: Augustin Cavalier <waddlesplash@xxxxxxxxx>
Date: Tue Feb 19 03:58:22 2019 UTC
----------------------------------------------------------------------------
1 file changed, 4 insertions(+), 4 deletions(-)
src/system/kernel/posix/xsi_semaphore.cpp | 8 ++++----
----------------------------------------------------------------------------
diff --git a/src/system/kernel/posix/xsi_semaphore.cpp
b/src/system/kernel/posix/xsi_semaphore.cpp
index f4f4a2ea9a..a52028dc8c 100644
--- a/src/system/kernel/posix/xsi_semaphore.cpp
+++ b/src/system/kernel/posix/xsi_semaphore.cpp
@@ -771,8 +771,8 @@ _user_xsi_semget(key_t key, int numberOfSemaphores, int
flags)
MutexLocker _(sXsiSemaphoreSetLock);
semaphoreSet =
sSemaphoreHashTable.Lookup(semaphoreSetID);
- if (!semaphoreSet->HasPermission()) {
- TRACE_ERROR(("xsi_semget: calling process has
not permission "
+ if (semaphoreSet == NULL ||
!semaphoreSet->HasPermission()) {
+ TRACE_ERROR(("xsi_semget: calling process has
no permission "
"on semaphore %d, key %d\n",
semaphoreSet->ID(),
(int)key));
return EACCES;
@@ -815,9 +815,9 @@ _user_xsi_semget(key_t key, int numberOfSemaphores, int
flags)
MutexLocker _(sXsiSemaphoreSetLock);
semaphoreSet->SetID();
- if (isPrivate)
+ if (isPrivate) {
semaphoreSet->SetIpcKey((key_t)-1);
- else {
+ } else {
semaphoreSet->SetIpcKey(key);
ipcKey->SetSemaphoreSetID(semaphoreSet);
}