From: Jérémie Galarneau <jeremie.galarneau@efficios.com>
Date: Wed, 15 May 2019 15:37:55 +0000 (-0400)
Subject: Fix: double close of directory fd in runas worker
X-Git-Url: http://git.efficios.com/?p=lttng-tools.git;a=commitdiff_plain;h=87bbb85674277f43cb219223303c2e76f92c48dd

Fix: double close of directory fd in runas worker

The run-as worker implements its mkdirat and mkdirat_recursive commands
on top of the lttng_directory_handle interface. When a directory
handle is created from a directory file descriptor, it assumes the
ownership of this file descriptor and it will release it when
lttng_directory_handle_fini() is invoked.

The runas worker's post-command clean-up closes any file descriptor
received from its client. The command structure's `fd` is set to
`-1` in order to make the received file descriptor invalid and
prevent the double-close.

Signed-off-by: Jérémie Galarneau <jeremie.galarneau@efficios.com>
---

diff --git a/src/common/runas.c b/src/common/runas.c
index c77f198c4..45aad109a 100644
--- a/src/common/runas.c
+++ b/src/common/runas.c
@@ -199,6 +199,8 @@ int _mkdirat_recursive(struct run_as_data *data, struct run_as_ret *ret_value)
 	mode = data->u.mkdirat.mode;
 
 	(void) lttng_directory_handle_init_from_dirfd(&handle, data->fd);
+	/* Ownership of dirfd is transferred to the handle. */
+	data->fd = -1;
 	/* Safe to call as we have transitioned to the requested uid/gid. */
 	ret_value->u.mkdirat.ret =
 			lttng_directory_handle_create_subdirectory_recursive(
@@ -220,6 +222,8 @@ int _mkdirat(struct run_as_data *data, struct run_as_ret *ret_value)
 	mode = data->u.mkdirat.mode;
 
 	(void) lttng_directory_handle_init_from_dirfd(&handle, data->fd);
+	/* Ownership of dirfd is transferred to the handle. */
+	data->fd = -1;
 	/* Safe to call as we have transitioned to the requested uid/gid. */
 	ret_value->u.mkdirat.ret =
 			lttng_directory_handle_create_subdirectory(