Aren
/
NetBSD
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

When partitioning a mbuf chain with m_split() the last mbuf of the returned 

tail chain is not necessarily the same as the last mbuf of the initial chain.

Always set "slp->ns_rawend" to the last mbuf of the tail chain to prevent
mbuf leaks and corruption.
This commit is contained in:
hannken 2022-12-20 09:40:09 +00:00
parent 9c6a0e327d
commit 218437a441
1 changed files with 5 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
sys/nfs/nfs_srvsocket.c
View File

@ -1,4 +1,4 @@
/* $NetBSD: nfs_srvsocket.c,v 1.4 2009/09/03 20:59:12 tls Exp $ */ /* $NetBSD: nfs_srvsocket.c,v 1.5 2022/12/20 09:40:09 hannken Exp $ */
/* /*
* Copyright (c) 1989, 1991, 1993, 1995 * Copyright (c) 1989, 1991, 1993, 1995
@ -39,7 +39,7 @@
*/ */
#include <sys/cdefs.h> #include <sys/cdefs.h>
__KERNEL_RCSID(0, "$NetBSD: nfs_srvsocket.c,v 1.4 2009/09/03 20:59:12 tls Exp $"); __KERNEL_RCSID(0, "$NetBSD: nfs_srvsocket.c,v 1.5 2022/12/20 09:40:09 hannken Exp $");
#include <sys/param.h> #include <sys/param.h>
#include <sys/systm.h> #include <sys/systm.h>
@ -323,8 +323,9 @@ nfsrv_getstream(struct nfssvc_sock *slp, int waitflag)
} }
m_claimm(recm, &nfs_mowner); m_claimm(recm, &nfs_mowner);
slp->ns_raw = m; slp->ns_raw = m;
if (m->m_next == NULL) while (m->m_next)
slp->ns_rawend = m; m = m->m_next;
slp->ns_rawend = m;
slp->ns_cc -= slp->ns_reclen; slp->ns_cc -= slp->ns_reclen;
slp->ns_reclen = 0; slp->ns_reclen = 0;
} else { } else {