Fix unlocking readlink(2) and readlinkat(2).

- There is no need to check return value of LOCK_PATH() because the macro returns immediately when lock_user_string() fails. - The last argument of unlock_user() is buffer length, not errno.
seanbruno · Jun 9, 2016 · 8ae6af1 · 8ae6af1
1 parent 656f2e2
commit 8ae6af1
Showing 1 changed file with 17 additions and 17 deletions.
diff --git a/bsd-user/bsd-file.h b/bsd-user/bsd-file.h
@@ -657,20 +657,20 @@ static inline abi_long do_bsd_readlink(CPUArchState *env, abi_long arg1,
 
     LOCK_PATH(p1, arg1);
     p2 = lock_user(VERIFY_WRITE, arg2, arg3, 0);
-    if (!p1 || !p2) {
-        ret = -TARGET_EFAULT;
-    } else {
+    if (p2 == NULL) {
+        UNLOCK_PATH(p1, arg1);
+        return -TARGET_EFAULT;
+    }
 #ifdef __FreeBSD__
-        if (strcmp(p1, "/proc/curproc/file") == 0) {
-            CPUState *cpu = ENV_GET_CPU(env);
-            TaskState *ts = (TaskState *)cpu->opaque;
-            strncpy(p2, ts->bprm->fullpath, arg3);
-            ret = MIN((abi_long)strlen(ts->bprm->fullpath), arg3);
-        } else
+    if (strcmp(p1, "/proc/curproc/file") == 0) {
+        CPUState *cpu = ENV_GET_CPU(env);
+        TaskState *ts = (TaskState *)cpu->opaque;
+        strncpy(p2, ts->bprm->fullpath, arg3);
+        ret = MIN((abi_long)strlen(ts->bprm->fullpath), arg3);
+    } else
 #endif
-        ret = get_errno(readlink(path(p1), p2, arg3));
-    }
-    unlock_user(p2, arg2, ret);
+    ret = get_errno(readlink(path(p1), p2, arg3));
+    unlock_user(p2, arg2, arg3);
     UNLOCK_PATH(p1, arg1);
 
     return ret;
@@ -685,12 +685,12 @@ static inline abi_long do_bsd_readlinkat(abi_long arg1, abi_long arg2,
 
     LOCK_PATH(p1, arg2);
     p2 = lock_user(VERIFY_WRITE, arg3, arg4, 0);
-    if (!p1 || !p2) {
-        ret = -TARGET_EFAULT;
-    } else {
-        ret = get_errno(readlinkat(arg1, p1, p2, arg4));
+    if (p2 == NULL) {
+        UNLOCK_PATH(p1, arg2);
+        return -TARGET_EFAULT;
     }
-    unlock_user(p2, arg3, ret);
+    ret = get_errno(readlinkat(arg1, p1, p2, arg4));
+    unlock_user(p2, arg3, arg4);
     UNLOCK_PATH(p1, arg2);
 
     return ret;