From: anton Date: Mon, 30 Jul 2018 17:21:37 +0000 (+0000) Subject: Fix a NULL-pointer dereference when calling open() on a cloned device with write X-Git-Url: http://artulab.com/gitweb/?a=commitdiff_plain;h=43ae0e2115f5b86d1be2559c86e9b7163c7423ec;p=openbsd Fix a NULL-pointer dereference when calling open() on a cloned device with write permissions and the flags include O_TRUNC|O_SHLOCK. ok deraadt@ --- diff --git a/sys/kern/vfs_syscalls.c b/sys/kern/vfs_syscalls.c index 3fa74de8ce0..4c9d575cdda 100644 --- a/sys/kern/vfs_syscalls.c +++ b/sys/kern/vfs_syscalls.c @@ -1,4 +1,4 @@ -/* $OpenBSD: vfs_syscalls.c,v 1.298 2018/07/30 15:16:27 deraadt Exp $ */ +/* $OpenBSD: vfs_syscalls.c,v 1.299 2018/07/30 17:21:37 anton Exp $ */ /* $NetBSD: vfs_syscalls.c,v 1.71 1996/04/23 10:29:02 mycroft Exp $ */ /* @@ -1072,7 +1072,7 @@ doopenat(struct proc *p, int fd, const char *path, int oflags, mode_t mode, if (localtrunc) { if ((fp->f_flag & FWRITE) == 0) error = EACCES; - else if (vp->v_mount->mnt_flag & MNT_RDONLY) + else if (vp->v_mount && (vp->v_mount->mnt_flag & MNT_RDONLY)) error = EROFS; else if (vp->v_type == VDIR) error = EISDIR;