Don't allow programs calling fnctl on valgrind's own file descriptors

Add a call to ML_(fd_allowed) in the PRE handler of fcntl and fcntl64
and block syscalls with EBADF when the file descriptor isn't allowed
to be used by the program.

https://bugs.kde.org/show_bug.cgi?id=337388
(cherry picked from commit 4b83e3d47daaf5eff2ca96867a8c790e13830eb5)

diff --git a/NEWS b/NEWS
index 94789a04ba9ebcb813df1adada671bf53fad6dca..523380a98fe551d2a0a12e22bd063b6559d2e60a 100644 (file)
--- a/NEWS
+++ b/NEWS
@@ -7,6 +7,7 @@ The following bugs have been fixed or resolved on this branch.
 
 202770  open fd at exit --log-socket=127.0.0.1:1500 with --track-fds=yes
 311655  --log-file=FILE leads to apparent fd leak
+337388  fcntl works on Valgrind's own file descriptors
 453044  gbserver_tests failures in aarch64
 479661  Valgrind leaks file descriptors
 486180  [MIPS] 'VexGuestArchState' has no member named 'guest_IP_AT_SYSCALL'

diff --git a/coregrind/m_syswrap/syswrap-linux.c b/coregrind/m_syswrap/syswrap-linux.c
index 45413fdd9ef5e5f36d72edb634ee03929345e653..9f3c51c17948378e501f2200be8b141aa13016b6 100644 (file)
--- a/coregrind/m_syswrap/syswrap-linux.c
+++ b/coregrind/m_syswrap/syswrap-linux.c
@@ -6978,6 +6978,10 @@ PRE(sys_fcntl)
    if (ARG2 == VKI_F_SETLKW)
 #  endif
       *flags |= SfMayBlock;
+
+   if (!ML_(fd_allowed)(ARG1, "fcntl", tid, False)) {
+     SET_STATUS_Failure (VKI_EBADF);
+   }
 }
 
 POST(sys_fcntl)
@@ -7088,6 +7092,10 @@ PRE(sys_fcntl64)
    if (ARG2 == VKI_F_SETLKW)
 #  endif
       *flags |= SfMayBlock;
+
+   if (!ML_(fd_allowed)(ARG1, "fcntl64", tid, False)) {
+     SET_STATUS_Failure (VKI_EBADF);
+   }
 }
 
 POST(sys_fcntl64)