[src/netbsd-3-0]: src/sys/kern Pull up following revision(s) (requested by se...

[ghen <ghen%NetBSD.org@localhost>]

details:   https://anonhg.NetBSD.org/src/rev/64930c580899
branches:  netbsd-3-0
changeset: 579280:64930c580899
user:      ghen <ghen%NetBSD.org@localhost>
date:      Fri Aug 25 11:34:02 2006 +0000

description:
Pull up following revision(s) (requested by seanb in ticket #1472):
        sys/kern/uipc_syscalls.c: revision 1.102
Don't leave a dangling socket (no associated struct file) if
user supplied a bad name or anamelen parameter to accept(2).
If bad paramaters were suplied and a copyout() failed, the
struct file was cleaned up but not the associated socket.  This
could leave sockets in CLOSE_WAIT that could never be closed.

diffstat:

 sys/kern/uipc_syscalls.c |  14 ++++++++------
 1 files changed, 8 insertions(+), 6 deletions(-)

diffs (35 lines):

diff -r ac7727c79ea0 -r 64930c580899 sys/kern/uipc_syscalls.c
--- a/sys/kern/uipc_syscalls.c  Wed Aug 23 20:14:55 2006 +0000
+++ b/sys/kern/uipc_syscalls.c  Fri Aug 25 11:34:02 2006 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: uipc_syscalls.c,v 1.90.2.4 2005/09/09 14:17:44 tron Exp $      */
+/*     $NetBSD: uipc_syscalls.c,v 1.90.2.4.2.1 2006/08/25 11:34:02 ghen Exp $  */
 
 /*
  * Copyright (c) 1982, 1986, 1989, 1990, 1993
@@ -32,7 +32,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: uipc_syscalls.c,v 1.90.2.4 2005/09/09 14:17:44 tron Exp $");
+__KERNEL_RCSID(0, "$NetBSD: uipc_syscalls.c,v 1.90.2.4.2.1 2006/08/25 11:34:02 ghen Exp $");
 
 #include "opt_ktrace.h"
 #include "opt_pipe.h"
@@ -244,10 +244,12 @@
                        namelen = nam->m_len;
                /* SHOULD COPY OUT A CHAIN HERE */
                if ((error = copyout(mtod(nam, caddr_t),
-                   (caddr_t)SCARG(uap, name), namelen)) == 0)
-                       error = copyout((caddr_t)&namelen,
-                           (caddr_t)SCARG(uap, anamelen),
-                           sizeof(*SCARG(uap, anamelen)));
+                   (caddr_t)SCARG(uap, name), namelen)) != 0 ||
+                   (error = copyout((caddr_t)&namelen,
+                   (caddr_t)SCARG(uap, anamelen),
+                   sizeof(*SCARG(uap, anamelen)))) != 0) {
+                       soclose(so);
+               }
        }
        /* if an error occurred, free the file descriptor */
        if (error) {