[src/trunk]: src/sys/kern fix sys_accept() to return EOPNOTSUPP for protocols...

To: source-changes-hg%NetBSD.org@localhost
Subject: [src/trunk]: src/sys/kern fix sys_accept() to return EOPNOTSUPP for protocols...
From: darrenr <darrenr%NetBSD.org@localhost>
Date: Fri, 24 Jan 2020 06:02:27 +0000

details:   https://anonhg.NetBSD.org/src/rev/24576ae0a2ef
branches:  trunk
changeset: 474190:24576ae0a2ef
user:      darrenr <darrenr%NetBSD.org@localhost>
date:      Thu Jul 01 05:56:32 1999 +0000

description:
fix sys_accept() to return EOPNOTSUPP for protocols which don't support
listen/accept (PR_LISTEN flag in protosw) and detect obvious faults in
parameters passed.  It is still possible for the address used for copying
the socket information to become invalid between that check and the copyout
so close the connection's allocated fd if the copyout fails so that we can
return EFAULT without allocating an fd and the application not knowing about
it.  Ideally we'd be able to queue the connection back up so a later accept
could retrieve it but unfortunately that's not possible.

diffstat:

 sys/kern/uipc_syscalls.c |  16 +++++++++++++++-
 1 files changed, 15 insertions(+), 1 deletions(-)

diffs (50 lines):

diff -r 119c06f7a6c6 -r 24576ae0a2ef sys/kern/uipc_syscalls.c
--- a/sys/kern/uipc_syscalls.c  Thu Jul 01 05:53:04 1999 +0000
+++ b/sys/kern/uipc_syscalls.c  Thu Jul 01 05:56:32 1999 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: uipc_syscalls.c,v 1.43 1999/05/05 20:01:09 thorpej Exp $       */
+/*     $NetBSD: uipc_syscalls.c,v 1.44 1999/07/01 05:56:32 darrenr Exp $       */
 
 /*
  * Copyright (c) 1982, 1986, 1989, 1990, 1993
@@ -69,6 +69,9 @@
 #include <sys/mount.h>
 #include <sys/syscallargs.h>
 
+#include <vm/vm.h>
+#include <uvm/uvm_extern.h>
+
 /*
  * System call interface to the socket abstraction.
  */
@@ -183,12 +186,21 @@
        if (SCARG(uap, name) && (error = copyin((caddr_t)SCARG(uap, anamelen),
            (caddr_t)&namelen, sizeof(namelen))))
                return (error);
+       if (SCARG(uap, name) != NULL &&
+           uvm_useracc((caddr_t)SCARG(uap, name), sizeof(struct sockaddr),
+            B_WRITE) == FALSE)
+               return (EFAULT);
+
        /* getsock() will use the descriptor for us */
        if ((error = getsock(p->p_fd, SCARG(uap, s), &fp)) != 0)
                return (error);
        s = splsoftnet();
        so = (struct socket *)fp->f_data;
        FILE_UNUSE(fp, p);
+       if (!(so->so_proto->pr_flags & PR_LISTEN)) {
+               splx(s);
+               return (EOPNOTSUPP);
+       }
        if ((so->so_options & SO_ACCEPTCONN) == 0) {
                splx(s);
                return (EINVAL);
@@ -242,6 +254,8 @@
                        error = copyout((caddr_t)&namelen,
                            (caddr_t)SCARG(uap, anamelen),
                            sizeof(*SCARG(uap, anamelen)));
+               if (error != 0)
+                       (void) closef(fp, p);
        }
        m_freem(nam);
        splx(s);

Prev by Date: [src/trunk]: src/sys/arch/vax/if Outdated; moved to another location.
Next by Date: [src/trunk]: src/sys/sys define PR_LISTEN to indicate listen(2)/accept(2) sup...
Previous by Thread: [src/trunk]: src/sys/arch/vax/if Outdated; moved to another location.
Next by Thread: [src/trunk]: src/sys/sys define PR_LISTEN to indicate listen(2)/accept(2) sup...
Indexes:

Home | Main Index | Thread Index | Old Index