diff options
| author |   tedu <tedu@openbsd.org> | 2016-07-12 14:28:02 +0000 |
|---|---|---|
| committer | tedu <tedu@openbsd.org> | 2016-07-12 14:28:02 +0000 |
| commit | fc98e2bdc0c653eee0b3e9a76a6d96f190c4eb04 (patch) | |
| tree | 2e86b4fcd5f89e860fdc86d3c898864bfa0ce0b0 | |
| parent | The check for pledge "recvfd" was mistakenly only being performed (diff) | |
| download | wireguard-openbsd-fc98e2bdc0c653eee0b3e9a76a6d96f190c4eb04.tar.xz wireguard-openbsd-fc98e2bdc0c653eee0b3e9a76a6d96f190c4eb04.zip | |
in the great unp_gc rewrite, a null check was lost. we have spent some
time investigating and arguing about whether a NULL fp is a bug or not,
but what has become clear is that NULL fps get passed to unp_discard
and have been for quite some time.
restore old accomodating behavior by checking for null in unp_gc.
ok deraadt kettenis
| -rw-r--r-- | sys/kern/uipc_usrreq.c | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/sys/kern/uipc_usrreq.c b/sys/kern/uipc_usrreq.c index 60e4f11b41f..ea4c716b0bb 100644 --- a/sys/kern/uipc_usrreq.c +++ b/sys/kern/uipc_usrreq.c @@ -1,4 +1,4 @@ -/* $OpenBSD: uipc_usrreq.c,v 1.98 2016/07/12 13:19:14 deraadt Exp $ */ +/* $OpenBSD: uipc_usrreq.c,v 1.99 2016/07/12 14:28:02 tedu Exp $ */ /* $NetBSD: uipc_usrreq.c,v 1.18 1996/02/09 19:00:50 christos Exp $ */ /* @@ -898,6 +898,8 @@ unp_gc(void *arg __unused) for (i = 0; i < defer->ud_n; i++) { memcpy(&fp, &((struct file **)(defer + 1))[i], sizeof(fp)); + if (fp == NULL) + continue; FREF(fp); if ((unp = fptounp(fp)) != NULL) unp->unp_msgcount--; |