07.06.2023 17:50, Greg Kurz wrote:
On Wed, 7 Jun 2023 15:50:01 +0200
..
+static inline int check_is_regular_file_or_dir(int fd) +{ + struct stat stbuf; + + if (qemu_fstat(fd, &stbuf) < 0) { + close_preserve_errno(fd);Maybe worth to mention somewhere that this function not only checks but also closes the fd if it doesn't point to a regular file or directory. Or maybe change the name, e.g. filter_out_special_files() ?
I realized this after sent initial comment, - my suggestion for the name was awful. It is either check_is_regular() and close after it failed, or it is ensure_regular_or_close().. But I didn't sent a correction, hoping it's easy to spot the awful suggestion.. :) I don't like it when such a simple thing, especially when reviewed without good care like in my case, generates so much ping-pong.. :(
Anyway the fix is fine enough to address the CVE.
Yeah. /mjt
