Module Name: src
Committed By: martin
Date: Sat Aug 8 15:45:47 UTC 2015
Modified Files:
src/sys/kern [netbsd-7]: uipc_syscalls.c
Log Message:
Pull up following revision(s) (requested by maxv in ticket #942):
sys/kern/uipc_syscalls.c: revision 1.179
Memory leak. Triggerable from an unprivileged user via COMPAT_43.
To generate a diff of this commit:
cvs rdiff -u -r1.172 -r1.172.2.1 src/sys/kern/uipc_syscalls.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sys/kern/uipc_syscalls.c
diff -u src/sys/kern/uipc_syscalls.c:1.172 src/sys/kern/uipc_syscalls.c:1.172.2.1
--- src/sys/kern/uipc_syscalls.c:1.172 Sat Aug 9 05:33:00 2014
+++ src/sys/kern/uipc_syscalls.c Sat Aug 8 15:45:47 2015
@@ -1,4 +1,4 @@
-/* $NetBSD: uipc_syscalls.c,v 1.172 2014/08/09 05:33:00 rtr Exp $ */
+/* $NetBSD: uipc_syscalls.c,v 1.172.2.1 2015/08/08 15:45:47 martin Exp $ */
/*-
* Copyright (c) 2008, 2009 The NetBSD Foundation, Inc.
@@ -61,7 +61,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: uipc_syscalls.c,v 1.172 2014/08/09 05:33:00 rtr Exp $");
+__KERNEL_RCSID(0, "$NetBSD: uipc_syscalls.c,v 1.172.2.1 2015/08/08 15:45:47 martin Exp $");
#include "opt_pipe.h"
@@ -665,9 +665,16 @@ do_sys_sendmsg(struct lwp *l, int s, str
struct socket *so;
file_t *fp;
- if ((error = fd_getsock1(s, &so, &fp)) != 0)
+ if ((error = fd_getsock1(s, &so, &fp)) != 0) {
+ /* We have to free msg_name and msg_control ourselves */
+ if (mp->msg_flags & MSG_NAMEMBUF)
+ m_freem(mp->msg_name);
+ if (mp->msg_flags & MSG_CONTROLMBUF)
+ m_freem(mp->msg_control);
return error;
+ }
error = do_sys_sendmsg_so(l, s, so, fp, mp, flags, retsize);
+ /* msg_name and msg_control freed */
fd_putfile(s);
return error;
}
