Don't leave a dangling socket (no associated struct file) if
user supplied a bad name or anamelen parameter to accept(2). If bad paramaters were suplied and a copyout() failed, the struct file was cleaned up but not the associated socket. This could leave sockets in CLOSE_WAIT that could never be closed.
This commit is contained in:
parent
0bfc315592
commit
eeb51ff4c3
@ -1,4 +1,4 @@
|
||||
/* $NetBSD: uipc_syscalls.c,v 1.101 2006/07/23 22:06:11 ad Exp $ */
|
||||
/* $NetBSD: uipc_syscalls.c,v 1.102 2006/08/22 13:39:48 seanb Exp $ */
|
||||
|
||||
/*
|
||||
* Copyright (c) 1982, 1986, 1989, 1990, 1993
|
||||
@ -32,7 +32,7 @@
|
||||
*/
|
||||
|
||||
#include <sys/cdefs.h>
|
||||
__KERNEL_RCSID(0, "$NetBSD: uipc_syscalls.c,v 1.101 2006/07/23 22:06:11 ad Exp $");
|
||||
__KERNEL_RCSID(0, "$NetBSD: uipc_syscalls.c,v 1.102 2006/08/22 13:39:48 seanb Exp $");
|
||||
|
||||
#include "opt_ktrace.h"
|
||||
#include "opt_pipe.h"
|
||||
@ -240,10 +240,12 @@ sys_accept(struct lwp *l, void *v, register_t *retval)
|
||||
namelen = nam->m_len;
|
||||
/* SHOULD COPY OUT A CHAIN HERE */
|
||||
if ((error = copyout(mtod(nam, caddr_t),
|
||||
(caddr_t)SCARG(uap, name), namelen)) == 0)
|
||||
error = copyout((caddr_t)&namelen,
|
||||
(caddr_t)SCARG(uap, anamelen),
|
||||
sizeof(*SCARG(uap, anamelen)));
|
||||
(caddr_t)SCARG(uap, name), namelen)) != 0 ||
|
||||
(error = copyout((caddr_t)&namelen,
|
||||
(caddr_t)SCARG(uap, anamelen),
|
||||
sizeof(*SCARG(uap, anamelen)))) != 0) {
|
||||
soclose(so);
|
||||
}
|
||||
}
|
||||
/* if an error occurred, free the file descriptor */
|
||||
if (error) {
|
||||
|
Loading…
Reference in New Issue
Block a user