[src/netbsd-2-0]: src/sys/kern Pull up following revision(s) (requested by se...

To: source-changes-hg%NetBSD.org@localhost
Subject: [src/netbsd-2-0]: src/sys/kern Pull up following revision(s) (requested by se...
From: tron <tron%NetBSD.org@localhost>
Date: Fri, 24 Jan 2020 15:08:35 +0000

details:   https://anonhg.NetBSD.org/src/rev/5c9c83bcee69
branches:  netbsd-2-0
changeset: 564989:5c9c83bcee69
user:      tron <tron%NetBSD.org@localhost>
date:      Mon Aug 28 14:54:26 2006 +0000

description:
Pull up following revision(s) (requested by seanb in ticket #10675):
        sys/kern/uipc_syscalls.c: revision 1.102
Don't leave a dangling socket (no associated struct file) if
user supplied a bad name or anamelen parameter to accept(2).
If bad paramaters were suplied and a copyout() failed, the
struct file was cleaned up but not the associated socket.  This
could leave sockets in CLOSE_WAIT that could never be closed.

diffstat:

 sys/kern/uipc_syscalls.c |  14 ++++++++------
 1 files changed, 8 insertions(+), 6 deletions(-)

diffs (35 lines):

diff -r 8ef961dbe8ed -r 5c9c83bcee69 sys/kern/uipc_syscalls.c
--- a/sys/kern/uipc_syscalls.c  Wed Aug 23 20:20:11 2006 +0000
+++ b/sys/kern/uipc_syscalls.c  Mon Aug 28 14:54:26 2006 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: uipc_syscalls.c,v 1.86.2.1 2004/05/20 09:50:51 tron Exp $      */
+/*     $NetBSD: uipc_syscalls.c,v 1.86.2.2 2006/08/28 14:54:26 tron Exp $      */
 
 /*
  * Copyright (c) 1982, 1986, 1989, 1990, 1993
@@ -32,7 +32,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: uipc_syscalls.c,v 1.86.2.1 2004/05/20 09:50:51 tron Exp $");
+__KERNEL_RCSID(0, "$NetBSD: uipc_syscalls.c,v 1.86.2.2 2006/08/28 14:54:26 tron Exp $");
 
 #include "opt_ktrace.h"
 #include "opt_pipe.h"
@@ -242,10 +242,12 @@
                        namelen = nam->m_len;
                /* SHOULD COPY OUT A CHAIN HERE */
                if ((error = copyout(mtod(nam, caddr_t),
-                   (caddr_t)SCARG(uap, name), namelen)) == 0)
-                       error = copyout((caddr_t)&namelen,
-                           (caddr_t)SCARG(uap, anamelen),
-                           sizeof(*SCARG(uap, anamelen)));
+                   (caddr_t)SCARG(uap, name), namelen)) != 0 ||
+                   (error = copyout((caddr_t)&namelen,
+                   (caddr_t)SCARG(uap, anamelen),
+                   sizeof(*SCARG(uap, anamelen)))) != 0) {
+                       soclose(so);
+               }
        }
        /* if an error occurred, free the file descriptor */
        if (error) {

Prev by Date: [src/netbsd-2-0]: src/sys/net Pull up following revision(s) (requested by adr...
Next by Date: [src/trunk]: src/regress/usr.bin The bug that this test was intended to check...
Previous by Thread: [src/netbsd-2-0]: src/sys/net Pull up following revision(s) (requested by adr...
Next by Thread: [src/trunk]: src/regress/usr.bin The bug that this test was intended to check...
Indexes:

Home | Main Index | Thread Index | Old Index