[src/trunk]: src/sys/kern kern: m_copym(M_DONTWAIT) can fail; handle that cas...

[riastradh <riastradh%NetBSD.org@localhost>]

details:   https://anonhg.NetBSD.org/src/rev/beba27878d62
branches:  trunk
changeset: 363435:beba27878d62
user:      riastradh <riastradh%NetBSD.org@localhost>
date:      Sat Mar 12 16:06:15 2022 +0000

description:
kern: m_copym(M_DONTWAIT) can fail; handle that case gracefully.

Not sure if this should truncate the result or just fail with nonzero
error code (ENOBUFS?).  Feel free to change this the other way if you
know better!

Reported-by: syzbot+54c34f25d1e4124eb85d%syzkaller.appspotmail.com@localhost

diffstat:

 sys/kern/uipc_socket.c |  7 ++++---
 1 files changed, 4 insertions(+), 3 deletions(-)

diffs (28 lines):

diff -r 2523490d903e -r beba27878d62 sys/kern/uipc_socket.c
--- a/sys/kern/uipc_socket.c    Sat Mar 12 15:54:23 2022 +0000
+++ b/sys/kern/uipc_socket.c    Sat Mar 12 16:06:15 2022 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: uipc_socket.c,v 1.300 2021/10/23 01:28:33 thorpej Exp $        */
+/*     $NetBSD: uipc_socket.c,v 1.301 2022/03/12 16:06:15 riastradh Exp $      */
 
 /*
  * Copyright (c) 2002, 2007, 2008, 2009 The NetBSD Foundation, Inc.
@@ -71,7 +71,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: uipc_socket.c,v 1.300 2021/10/23 01:28:33 thorpej Exp $");
+__KERNEL_RCSID(0, "$NetBSD: uipc_socket.c,v 1.301 2022/03/12 16:06:15 riastradh Exp $");
 
 #ifdef _KERNEL_OPT
 #include "opt_compat_netbsd.h"
@@ -1367,7 +1367,8 @@
                        if (flags & MSG_PEEK) {
                                if (controlp != NULL) {
                                        *controlp = m_copym(m, 0, m->m_len, M_DONTWAIT);
-                                       controlp = &(*controlp)->m_next;
+                                       controlp = (*controlp == NULL ? NULL :
+                                           &(*controlp)->m_next);
                                }
                                m = m->m_next;
                        } else {