shithub: gefs

Download patch

ref: ca1920836657ca041cd032e87cf80522187ea629
parent: 21eca27c6491c176c7f337de9c55e31ee70592b0
author: Michael Forney <mforney@mforney.org>
date: Thu Mar 24 01:08:03 EDT 2022

fs: keep userlk locked until we are done with the User
Otherwise, if the users are reloaded at the wrong time we will end
up with a use-after-free.

Also, add missing lock of userlk in readauth.

--- a/fs.c
+++ b/fs.c
@@ -738,6 +738,7 @@
 	Key dk;
 	Fid f;
 	Tree *t;
+	int uid;
 
 	if((mnt = mallocz(sizeof(Mount), 1)) == nil){
 		rerror(m, Enomem);
@@ -756,6 +757,7 @@
 		runlock(&fs->userlk);
 		return;
 	}
+	uid = u->id;
 	runlock(&fs->userlk);
 
 	if((t = openlabel(m->aname)) == nil){
@@ -803,8 +805,8 @@
 	f.mode = -1;
 	f.iounit = m->conn->iounit;
 	f.dent = de;
-	f.uid = u->id;
-	f.duid = u->id;
+	f.uid = uid;
+	f.duid = uid;
 	f.dgid = d.gid;
 	f.dmode = d.mode;
 	if(dupfid(m->conn, m->fid, &f) == nil){
@@ -1492,11 +1494,15 @@
 	case ARdone:
 		if((ai = auth_getinfo(rpc)) == nil)
 			goto Phase;
+		rlock(&fs->userlk);
 		u = name2user(ai->cuid);
 		auth_freeAI(ai);
-		if(u == nil)
+		if(u == nil){
+			runlock(&fs->userlk);
 			return Enouser;
+		}
 		f->uid = u->id;
+		runlock(&fs->userlk);
 		return nil;
 	case ARok:
 		if(m->count < rpc->narg)