Bug #2136
open
socketpair() doesn't free file descriptors on copyout failure
0%
Description
Hi,
sys_socketpair() has a copyout() to copy two file descriptors back to userspace;
if this copyout fails, the socketpair file descriptors are not freed.
-- vs
Files
Updated by vsrinivas about 13 years ago
Same bug is present in linux_socketpair().
Updated by vsrinivas about 13 years ago
8b8ad3364067a0c4a6471fcdb98593e563ab6d31 should fix for the BSD ops vector;
linux_socketpair still needs a fix.
Updated by jerome over 11 years ago
- File 0001-linux_socketpair-Free-socketpair-file-descriptors-if.patch 0001-linux_socketpair-Free-socketpair-file-descriptors-if.patch added
Here is a patch that, I think, fix linux_socketpair(), in the same way sys_socketpair() was fixed.
---
sys/emulation/linux/linux_socket.c | 9 ++++++-
1 file changed, 8 insertions(+), 1 deletion(-)
diff --git a/sys/emulation/linux/linux_socket.c b/sys/emulation/linux/linux_socket.c
index b60870a..55644aa 100644
--- a/sys/emulation/linux/linux_socket.c
+++ b/sys/emulation/linux/linux_socket.c@ -556,8 +556,15 @ linux_socketpair(struct linux_socketpair_args *args, int *res)
error = kern_socketpair(domain, linux_args.type, linux_args.protocol,
sockv);
- if (error 0)
+ if (error 0) {
error = copyout(sockv, linux_args.rsv, sizeof(sockv));
+
+ if (error != 0) {
+ kern_close(sockv0);
+ kern_close(sockv1);
+ }
+ }
+
return(error);
}
--