ntdll: Remove the source fd from the cache before calling the dup_handle request.
If another thread creates and accesses a file between the dup_handle request and the call to remove_fd_from_cache(), the file may be allocated to the same handle number, and that thread will then receive the wrong unix fd. Avoid this race by invalidating the cache first. Signed-off-by: Zebediah Figura <z.figura12@gmail.com> Signed-off-by: Alexandre Julliard <julliard@winehq.org>
This commit is contained in:
parent
5df0f5f6fb
commit
64cfcc1c62
|
@ -1693,6 +1693,7 @@ NTSTATUS WINAPI NtDuplicateObject( HANDLE source_process, HANDLE source, HANDLE
|
||||||
ACCESS_MASK access, ULONG attributes, ULONG options )
|
ACCESS_MASK access, ULONG attributes, ULONG options )
|
||||||
{
|
{
|
||||||
NTSTATUS ret;
|
NTSTATUS ret;
|
||||||
|
int fd;
|
||||||
|
|
||||||
if ((options & DUPLICATE_CLOSE_SOURCE) && source_process != NtCurrentProcess())
|
if ((options & DUPLICATE_CLOSE_SOURCE) && source_process != NtCurrentProcess())
|
||||||
{
|
{
|
||||||
|
@ -1715,6 +1716,14 @@ NTSTATUS WINAPI NtDuplicateObject( HANDLE source_process, HANDLE source, HANDLE
|
||||||
return result.dup_handle.status;
|
return result.dup_handle.status;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/* always remove the cached fd; if the server request fails we'll just
|
||||||
|
* retrieve it again */
|
||||||
|
if (options & DUPLICATE_CLOSE_SOURCE)
|
||||||
|
{
|
||||||
|
fd = remove_fd_from_cache( source );
|
||||||
|
if (fd != -1) close( fd );
|
||||||
|
}
|
||||||
|
|
||||||
SERVER_START_REQ( dup_handle )
|
SERVER_START_REQ( dup_handle )
|
||||||
{
|
{
|
||||||
req->src_process = wine_server_obj_handle( source_process );
|
req->src_process = wine_server_obj_handle( source_process );
|
||||||
|
@ -1726,11 +1735,6 @@ NTSTATUS WINAPI NtDuplicateObject( HANDLE source_process, HANDLE source, HANDLE
|
||||||
if (!(ret = wine_server_call( req )))
|
if (!(ret = wine_server_call( req )))
|
||||||
{
|
{
|
||||||
if (dest) *dest = wine_server_ptr_handle( reply->handle );
|
if (dest) *dest = wine_server_ptr_handle( reply->handle );
|
||||||
if (reply->closed && reply->self)
|
|
||||||
{
|
|
||||||
int fd = remove_fd_from_cache( source );
|
|
||||||
if (fd != -1) close( fd );
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
SERVER_END_REQ;
|
SERVER_END_REQ;
|
||||||
|
@ -1745,6 +1749,9 @@ NTSTATUS WINAPI NtClose( HANDLE handle )
|
||||||
{
|
{
|
||||||
HANDLE port;
|
HANDLE port;
|
||||||
NTSTATUS ret;
|
NTSTATUS ret;
|
||||||
|
|
||||||
|
/* always remove the cached fd; if the server request fails we'll just
|
||||||
|
* retrieve it again */
|
||||||
int fd = remove_fd_from_cache( handle );
|
int fd = remove_fd_from_cache( handle );
|
||||||
|
|
||||||
SERVER_START_REQ( close_handle )
|
SERVER_START_REQ( close_handle )
|
||||||
|
|
Loading…
Reference in New Issue