ref: ca1920836657ca041cd032e87cf80522187ea629
parent: 21eca27c6491c176c7f337de9c55e31ee70592b0
author: Michael Forney <mforney@mforney.org>
date: Thu Mar 24 01:08:03 EDT 2022
fs: keep userlk locked until we are done with the User Otherwise, if the users are reloaded at the wrong time we will end up with a use-after-free. Also, add missing lock of userlk in readauth.
--- a/fs.c
+++ b/fs.c
@@ -738,6 +738,7 @@
Key dk;
Fid f;
Tree *t;
+ int uid;
if((mnt = mallocz(sizeof(Mount), 1)) == nil){
rerror(m, Enomem);
@@ -756,6 +757,7 @@
runlock(&fs->userlk);
return;
}
+ uid = u->id;
runlock(&fs->userlk);
if((t = openlabel(m->aname)) == nil){
@@ -803,8 +805,8 @@
f.mode = -1;
f.iounit = m->conn->iounit;
f.dent = de;
- f.uid = u->id;
- f.duid = u->id;
+ f.uid = uid;
+ f.duid = uid;
f.dgid = d.gid;
f.dmode = d.mode;
if(dupfid(m->conn, m->fid, &f) == nil){
@@ -1492,11 +1494,15 @@
case ARdone:
if((ai = auth_getinfo(rpc)) == nil)
goto Phase;
+ rlock(&fs->userlk);
u = name2user(ai->cuid);
auth_freeAI(ai);
- if(u == nil)
+ if(u == nil){
+ runlock(&fs->userlk);
return Enouser;
+ }
f->uid = u->id;
+ runlock(&fs->userlk);
return nil;
case ARok:
if(m->count < rpc->narg)