From 1f0bebcc7260480550ad114048a9428cea68e4f1 Mon Sep 17 00:00:00 2001 From: Richard Miller Date: Sat, 26 Mar 2016 19:35:21 +0000 Subject: syscall: fix accidental close of exec status pipe in StartProcess In syscall.forkAndExecInChild, blocks of code labelled Pass 1 and Pass 2 permute the file descriptors (if necessary) which are passed to the child process. If Pass 1 begins with fds = {0,2,1}, nextfd = 4 and pipe = 4, then the statement labelled "don't stomp on pipe" is too late -- the pipe (which will be needed to pass exec status back to the parent) will have been closed by the preceding DUP call. Moving the "don't stomp" test earlier ensures that the pipe is protected. Fixes #14979 Change-Id: I890c311527f6aa255be48b3277c1e84e2049ee22 Reviewed-on: https://go-review.googlesource.com/21184 Run-TryBot: David du Colombier <0intro@gmail.com> Reviewed-by: David du Colombier <0intro@gmail.com> Reviewed-by: Brad Fitzpatrick --- src/syscall/exec_linux.go | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'src/syscall/exec_linux.go') diff --git a/src/syscall/exec_linux.go b/src/syscall/exec_linux.go index c1fd53cc6e..e49bad75b2 100644 --- a/src/syscall/exec_linux.go +++ b/src/syscall/exec_linux.go @@ -255,6 +255,9 @@ func forkAndExecInChild(argv0 *byte, argv, envv []*byte, chroot, dir *byte, attr } for i = 0; i < len(fd); i++ { if fd[i] >= 0 && fd[i] < int(i) { + if nextfd == pipe { // don't stomp on pipe + nextfd++ + } _, _, err1 = RawSyscall(_SYS_dup, uintptr(fd[i]), uintptr(nextfd), 0) if err1 != 0 { goto childerror @@ -262,9 +265,6 @@ func forkAndExecInChild(argv0 *byte, argv, envv []*byte, chroot, dir *byte, attr RawSyscall(SYS_FCNTL, uintptr(nextfd), F_SETFD, FD_CLOEXEC) fd[i] = nextfd nextfd++ - if nextfd == pipe { // don't stomp on pipe - nextfd++ - } } } -- cgit v1.3-5-g9baa