From 387ba53bc6400160fea3d20ec32f42dbfe0f6873 Mon Sep 17 00:00:00 2001
From: itojun <itojun@NetBSD.org>
Date: Mon, 25 Nov 2002 06:32:37 +0000
Subject: [PATCH] MEXTMALLOC() can fail even if M_WAITOK, if arg is too big for
 malloc().

---
 sys/kern/uipc_syscalls.c |  8 ++++++--
 sys/kern/uipc_usrreq.c   | 14 ++++++++++----
 2 files changed, 16 insertions(+), 6 deletions(-)

diff --git a/sys/kern/uipc_syscalls.c b/sys/kern/uipc_syscalls.c
index cc69b1f1ab41..a0b2ce99c0e2 100644
--- a/sys/kern/uipc_syscalls.c
+++ b/sys/kern/uipc_syscalls.c
@@ -1,4 +1,4 @@
-/*	$NetBSD: uipc_syscalls.c,v 1.71 2002/10/23 09:14:29 jdolecek Exp $	*/
+/*	$NetBSD: uipc_syscalls.c,v 1.72 2002/11/25 06:32:37 itojun Exp $	*/
 
 /*
  * Copyright (c) 1982, 1986, 1989, 1990, 1993
@@ -36,7 +36,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: uipc_syscalls.c,v 1.71 2002/10/23 09:14:29 jdolecek Exp $");
+__KERNEL_RCSID(0, "$NetBSD: uipc_syscalls.c,v 1.72 2002/11/25 06:32:37 itojun Exp $");
 
 #include "opt_ktrace.h"
 #include "opt_pipe.h"
@@ -1035,6 +1035,10 @@ sockargs(struct mbuf **mp, const void *buf, size_t buflen, int type)
 		 * enough external storage to hold the argument.
 		 */
 		MEXTMALLOC(m, buflen, M_WAITOK);
+		if ((m->m_flags & M_EXT) == 0) {
+			m_free(m);
+			return (ENOBUFS);
+		}
 	}
 	m->m_len = buflen;
 	error = copyin(buf, mtod(m, caddr_t), buflen);
diff --git a/sys/kern/uipc_usrreq.c b/sys/kern/uipc_usrreq.c
index b652cf74ce62..ea83bc63f760 100644
--- a/sys/kern/uipc_usrreq.c
+++ b/sys/kern/uipc_usrreq.c
@@ -1,4 +1,4 @@
-/*	$NetBSD: uipc_usrreq.c,v 1.54 2002/09/04 01:32:45 matt Exp $	*/
+/*	$NetBSD: uipc_usrreq.c,v 1.55 2002/11/25 06:32:38 itojun Exp $	*/
 
 /*-
  * Copyright (c) 1998, 2000 The NetBSD Foundation, Inc.
@@ -74,7 +74,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: uipc_usrreq.c,v 1.54 2002/09/04 01:32:45 matt Exp $");
+__KERNEL_RCSID(0, "$NetBSD: uipc_usrreq.c,v 1.55 2002/11/25 06:32:38 itojun Exp $");
 
 #include <sys/param.h>
 #include <sys/systm.h>
@@ -144,8 +144,11 @@ unp_setsockaddr(unp, nam)
 	else
 		sun = &sun_noname;
 	nam->m_len = sun->sun_len;
-	if (nam->m_len > MLEN)
+	if (nam->m_len > MLEN) {
 		MEXTMALLOC(nam, nam->m_len, M_WAITOK);
+		if ((nam->m_flags & M_EXT) == 0)
+			panic("MEXTMALLOC with too big size");
+	}
 	memcpy(mtod(nam, caddr_t), sun, (size_t)nam->m_len);
 }
 
@@ -161,8 +164,11 @@ unp_setpeeraddr(unp, nam)
 	else
 		sun = &sun_noname;
 	nam->m_len = sun->sun_len;
-	if (nam->m_len > MLEN)
+	if (nam->m_len > MLEN) {
 		MEXTMALLOC(nam, nam->m_len, M_WAITOK);
+		if ((nam->m_flags & M_EXT) == 0)
+			panic("MEXTMALLOC with too big size");
+	}
 	memcpy(mtod(nam, caddr_t), sun, (size_t)nam->m_len);
 }