stash away SCM_RIGHTS fd until a getfd command arrives

If there is already a fd in s->msgfd before recvmsg it is closed by parts that this patch does not touch. So, only one descriptor can be "leaked" by attaching it to a command other than getfd. Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com>
2010-04-16 17:25:23 +02:00 · 2010-04-16 17:25:23 +02:00 · e53f27b9d9
commit e53f27b9d9
parent 97331287ed
2 changed files with 3 additions and 15 deletions
--- a/monitor.c
+++ b/monitor.c
@ -2415,15 +2415,6 @@ static int do_getfd(Monitor *mon, const QDict *qdict, QObject **ret_data)
        return -1;
    }

-    fd = dup(fd);
-    if (fd == -1) {
-        if (errno == EMFILE)
-            qerror_report(QERR_TOO_MANY_FILES);
-        else
-            qerror_report(QERR_UNDEFINED_ERROR);
-        return -1;
-    }
-
    QLIST_FOREACH(monfd, &mon->fds, next) {
        if (strcmp(monfd->name, fdname) != 0) {
            continue;
--- a/qemu-char.c
+++ b/qemu-char.c
@ -2000,8 +2000,9 @@ static void tcp_chr_process_IAC_bytes(CharDriverState *chr,
 static int tcp_get_msgfd(CharDriverState *chr)
 {
    TCPCharDriver *s = chr->opaque;
-
-    return s->msgfd;
+    int fd = s->msgfd;
+    s->msgfd = -1;
+    return fd;
 }

 #ifndef _WIN32
@ -2089,10 +2090,6 @@ static void tcp_chr_read(void *opaque)
            tcp_chr_process_IAC_bytes(chr, s, buf, &size);
        if (size > 0)
            qemu_chr_read(chr, buf, size);
-        if (s->msgfd != -1) {
-            close(s->msgfd);
-            s->msgfd = -1;
-        }
    }
 }