From 1eb58a5eb3f66e82d5f381c23e41ed5943ad48fb Mon Sep 17 00:00:00 2001
From: "Zheng, Qi" <huaiqing.zq@antgroup.com>
Date: Thu, 21 Oct 2021 14:16:47 +0800
Subject: [PATCH] Add new_fd range check for dup2/dup3

Signed-off-by: Zheng, Qi <huaiqing.zq@antgroup.com>
---
 src/libos/src/fs/file_ops/dup.rs | 21 +++++++++++++++++++++
 1 file changed, 21 insertions(+)

diff --git a/src/libos/src/fs/file_ops/dup.rs b/src/libos/src/fs/file_ops/dup.rs
index 099b787b..52bd9847 100644
--- a/src/libos/src/fs/file_ops/dup.rs
+++ b/src/libos/src/fs/file_ops/dup.rs
@@ -1,4 +1,5 @@
 use super::*;
+use misc::resource_t;
 
 pub fn do_dup(old_fd: FileDesc) -> Result<FileDesc> {
     let current = current!();
@@ -11,6 +12,16 @@ pub fn do_dup2(old_fd: FileDesc, new_fd: FileDesc) -> Result<FileDesc> {
     let current = current!();
     let mut files = current.files().lock().unwrap();
     let file = files.get(old_fd)?;
+    let soft_rlimit_nofile = current!()
+        .rlimits()
+        .lock()
+        .unwrap()
+        .get(resource_t::RLIMIT_NOFILE)
+        .get_cur();
+    if new_fd as u64 >= soft_rlimit_nofile {
+        return_errno!(EBADF, "Invalid new_fd file descriptor");
+    }
+
     if old_fd != new_fd {
         files.put_at(new_fd, file, false);
     }
@@ -22,6 +33,16 @@ pub fn do_dup3(old_fd: FileDesc, new_fd: FileDesc, flags: u32) -> Result<FileDes
     let current = current!();
     let mut files = current.files().lock().unwrap();
     let file = files.get(old_fd)?;
+    let soft_rlimit_nofile = current!()
+        .rlimits()
+        .lock()
+        .unwrap()
+        .get(resource_t::RLIMIT_NOFILE)
+        .get_cur();
+    if new_fd as u64 >= soft_rlimit_nofile {
+        return_errno!(EBADF, "Invalid new_fd file descriptor");
+    }
+
     if old_fd == new_fd {
         return_errno!(EINVAL, "old_fd must not be equal to new_fd");
     }