Source-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[src/trunk]: src/sys/kern Reset so_cred to NULL after freeing it, because clo...



details:   https://anonhg.NetBSD.org/src/rev/290588b69677
branches:  trunk
changeset: 998138:290588b69677
user:      maxv <maxv%NetBSD.org@localhost>
date:      Mon Apr 08 18:38:45 2019 +0000

description:
Reset so_cred to NULL after freeing it, because close() may leave the PCB
in pcblist, and we don't want a future lookup (via eg netstat) to read
freed data.

Detected by KASAN, reported by Alexander Nasonov.

diffstat:

 sys/kern/uipc_socket.c |  5 +++--
 1 files changed, 3 insertions(+), 2 deletions(-)

diffs (26 lines):

diff -r 225cdd3d04eb -r 290588b69677 sys/kern/uipc_socket.c
--- a/sys/kern/uipc_socket.c    Mon Apr 08 18:30:54 2019 +0000
+++ b/sys/kern/uipc_socket.c    Mon Apr 08 18:38:45 2019 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: uipc_socket.c,v 1.272 2019/03/31 19:54:36 maxv Exp $   */
+/*     $NetBSD: uipc_socket.c,v 1.273 2019/04/08 18:38:45 maxv Exp $   */
 
 /*
  * Copyright (c) 2002, 2007, 2008, 2009 The NetBSD Foundation, Inc.
@@ -71,7 +71,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: uipc_socket.c,v 1.272 2019/03/31 19:54:36 maxv Exp $");
+__KERNEL_RCSID(0, "$NetBSD: uipc_socket.c,v 1.273 2019/04/08 18:38:45 maxv Exp $");
 
 #ifdef _KERNEL_OPT
 #include "opt_compat_netbsd.h"
@@ -749,6 +749,7 @@
  discard:
        KASSERT((so->so_state & SS_NOFDREF) == 0);
        kauth_cred_free(so->so_cred);
+       so->so_cred = NULL;
        so->so_state |= SS_NOFDREF;
        sofree(so);
        return error;



Home | Main Index | Thread Index | Old Index