Module Name: src Committed By: martin Date: Sat Aug 8 15:45:47 UTC 2015
Modified Files: src/sys/kern [netbsd-7]: uipc_syscalls.c Log Message: Pull up following revision(s) (requested by maxv in ticket #942): sys/kern/uipc_syscalls.c: revision 1.179 Memory leak. Triggerable from an unprivileged user via COMPAT_43. To generate a diff of this commit: cvs rdiff -u -r1.172 -r1.172.2.1 src/sys/kern/uipc_syscalls.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
Modified files: Index: src/sys/kern/uipc_syscalls.c diff -u src/sys/kern/uipc_syscalls.c:1.172 src/sys/kern/uipc_syscalls.c:1.172.2.1 --- src/sys/kern/uipc_syscalls.c:1.172 Sat Aug 9 05:33:00 2014 +++ src/sys/kern/uipc_syscalls.c Sat Aug 8 15:45:47 2015 @@ -1,4 +1,4 @@ -/* $NetBSD: uipc_syscalls.c,v 1.172 2014/08/09 05:33:00 rtr Exp $ */ +/* $NetBSD: uipc_syscalls.c,v 1.172.2.1 2015/08/08 15:45:47 martin Exp $ */ /*- * Copyright (c) 2008, 2009 The NetBSD Foundation, Inc. @@ -61,7 +61,7 @@ */ #include <sys/cdefs.h> -__KERNEL_RCSID(0, "$NetBSD: uipc_syscalls.c,v 1.172 2014/08/09 05:33:00 rtr Exp $"); +__KERNEL_RCSID(0, "$NetBSD: uipc_syscalls.c,v 1.172.2.1 2015/08/08 15:45:47 martin Exp $"); #include "opt_pipe.h" @@ -665,9 +665,16 @@ do_sys_sendmsg(struct lwp *l, int s, str struct socket *so; file_t *fp; - if ((error = fd_getsock1(s, &so, &fp)) != 0) + if ((error = fd_getsock1(s, &so, &fp)) != 0) { + /* We have to free msg_name and msg_control ourselves */ + if (mp->msg_flags & MSG_NAMEMBUF) + m_freem(mp->msg_name); + if (mp->msg_flags & MSG_CONTROLMBUF) + m_freem(mp->msg_control); return error; + } error = do_sys_sendmsg_so(l, s, so, fp, mp, flags, retsize); + /* msg_name and msg_control freed */ fd_putfile(s); return error; }