On Thu, Sep 01, 2022 at 01:27:18AM +0300, Vitaliy Makkoveev wrote:
> +int
> +uipc_connect2(struct socket *so, struct socket *so2)
> +{
> + struct unpcb *unp = sotounpcb(so), *unp2 = sotounpcb(so2);
> + int error;
> +
> + if ((error = unp_connect2(so, so2)))
> + return (error);
> +
> + unp->unp_connid.uid = curproc->p_ucred->cr_uid;
> + unp->unp_connid.gid = curproc->p_ucred->cr_gid;
> + unp->unp_connid.pid = curproc->p_p->ps_pid;
> + unp->unp_flags |= UNP_FEIDS;
> + unp2->unp_connid.uid = curproc->p_ucred->cr_uid;
> + unp2->unp_connid.gid = curproc->p_ucred->cr_gid;
> + unp2->unp_connid.pid = curproc->p_p->ps_pid;
> + unp2->unp_flags |= UNP_FEIDS;
>
> return (0);
> }
You should not move the unp2 = sotounpcb(so2) before unp_connect2(so,
so2). There is this check in unp_connect2(), don't assume so2 has
an unpcb too early.
if (so2->so_type != so->so_type)
return (EPROTOTYPE);
unp2 = sotounpcb(so2);
bluhm
