Don't leave a dangling socket (no associated struct file) if

user supplied a bad name or anamelen parameter to accept(2).
If bad paramaters were suplied and a copyout() failed, the
struct file was cleaned up but not the associated socket.  This
could leave sockets in CLOSE_WAIT that could never be closed.

sys/kern/uipc_syscalls.c

@@ -1,4 +1,4 @@
-/*	$NetBSD: uipc_syscalls.c,v 1.101 2006/07/23 22:06:11 ad Exp $	*/
+/*	$NetBSD: uipc_syscalls.c,v 1.102 2006/08/22 13:39:48 seanb Exp $	*/
 
 /*
  * Copyright (c) 1982, 1986, 1989, 1990, 1993
@@ -32,7 +32,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: uipc_syscalls.c,v 1.101 2006/07/23 22:06:11 ad Exp $");
+__KERNEL_RCSID(0, "$NetBSD: uipc_syscalls.c,v 1.102 2006/08/22 13:39:48 seanb Exp $");
 
 #include "opt_ktrace.h"
 #include "opt_pipe.h"
@@ -240,10 +240,12 @@ sys_accept(struct lwp *l, void *v, register_t *retval)
 			namelen = nam->m_len;
 		/* SHOULD COPY OUT A CHAIN HERE */
 		if ((error = copyout(mtod(nam, caddr_t),
-		    (caddr_t)SCARG(uap, name), namelen)) == 0)
+		    (caddr_t)SCARG(uap, name), namelen)) != 0 ||
-			error = copyout((caddr_t)&namelen,
+		    (error = copyout((caddr_t)&namelen,
-			    (caddr_t)SCARG(uap, anamelen),
+		    (caddr_t)SCARG(uap, anamelen),
-			    sizeof(*SCARG(uap, anamelen)));
+		    sizeof(*SCARG(uap, anamelen)))) != 0) {
+			soclose(so);
+		}
 	}
 	/* if an error occurred, free the file descriptor */
 	if (error) {