Source-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[src/trunk]: src/sys/kern fix sys_accept() to return EOPNOTSUPP for protocols...



details:   https://anonhg.NetBSD.org/src/rev/24576ae0a2ef
branches:  trunk
changeset: 474190:24576ae0a2ef
user:      darrenr <darrenr%NetBSD.org@localhost>
date:      Thu Jul 01 05:56:32 1999 +0000

description:
fix sys_accept() to return EOPNOTSUPP for protocols which don't support
listen/accept (PR_LISTEN flag in protosw) and detect obvious faults in
parameters passed.  It is still possible for the address used for copying
the socket information to become invalid between that check and the copyout
so close the connection's allocated fd if the copyout fails so that we can
return EFAULT without allocating an fd and the application not knowing about
it.  Ideally we'd be able to queue the connection back up so a later accept
could retrieve it but unfortunately that's not possible.

diffstat:

 sys/kern/uipc_syscalls.c |  16 +++++++++++++++-
 1 files changed, 15 insertions(+), 1 deletions(-)

diffs (50 lines):

diff -r 119c06f7a6c6 -r 24576ae0a2ef sys/kern/uipc_syscalls.c
--- a/sys/kern/uipc_syscalls.c  Thu Jul 01 05:53:04 1999 +0000
+++ b/sys/kern/uipc_syscalls.c  Thu Jul 01 05:56:32 1999 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: uipc_syscalls.c,v 1.43 1999/05/05 20:01:09 thorpej Exp $       */
+/*     $NetBSD: uipc_syscalls.c,v 1.44 1999/07/01 05:56:32 darrenr Exp $       */
 
 /*
  * Copyright (c) 1982, 1986, 1989, 1990, 1993
@@ -69,6 +69,9 @@
 #include <sys/mount.h>
 #include <sys/syscallargs.h>
 
+#include <vm/vm.h>
+#include <uvm/uvm_extern.h>
+
 /*
  * System call interface to the socket abstraction.
  */
@@ -183,12 +186,21 @@
        if (SCARG(uap, name) && (error = copyin((caddr_t)SCARG(uap, anamelen),
            (caddr_t)&namelen, sizeof(namelen))))
                return (error);
+       if (SCARG(uap, name) != NULL &&
+           uvm_useracc((caddr_t)SCARG(uap, name), sizeof(struct sockaddr),
+            B_WRITE) == FALSE)
+               return (EFAULT);
+
        /* getsock() will use the descriptor for us */
        if ((error = getsock(p->p_fd, SCARG(uap, s), &fp)) != 0)
                return (error);
        s = splsoftnet();
        so = (struct socket *)fp->f_data;
        FILE_UNUSE(fp, p);
+       if (!(so->so_proto->pr_flags & PR_LISTEN)) {
+               splx(s);
+               return (EOPNOTSUPP);
+       }
        if ((so->so_options & SO_ACCEPTCONN) == 0) {
                splx(s);
                return (EINVAL);
@@ -242,6 +254,8 @@
                        error = copyout((caddr_t)&namelen,
                            (caddr_t)SCARG(uap, anamelen),
                            sizeof(*SCARG(uap, anamelen)));
+               if (error != 0)
+                       (void) closef(fp, p);
        }
        m_freem(nam);
        splx(s);



Home | Main Index | Thread Index | Old Index