Module Name: src
Committed By: christos
Date: Wed Mar 26 16:45:22 UTC 2025
Modified Files:
src/external/bsd/blocklist/lib: bl.c
Log Message:
PR/59218: Taylor R Campbell: Remove extra slop on receive size and prevent
fd leak by closing all passed descriptors if we receive more than one.
To generate a diff of this commit:
cvs rdiff -u -r1.6 -r1.7 src/external/bsd/blocklist/lib/bl.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/external/bsd/blocklist/lib/bl.c
diff -u src/external/bsd/blocklist/lib/bl.c:1.6 src/external/bsd/blocklist/lib/bl.c:1.7
--- src/external/bsd/blocklist/lib/bl.c:1.6 Wed Mar 26 09:52:47 2025
+++ src/external/bsd/blocklist/lib/bl.c Wed Mar 26 12:45:22 2025
@@ -1,4 +1,4 @@
-/* $NetBSD: bl.c,v 1.6 2025/03/26 13:52:47 christos Exp $ */
+/* $NetBSD: bl.c,v 1.7 2025/03/26 16:45:22 christos Exp $ */
/*-
* Copyright (c) 2014 The NetBSD Foundation, Inc.
@@ -35,7 +35,7 @@
#ifdef HAVE_SYS_CDEFS_H
#include <sys/cdefs.h>
#endif
-__RCSID("$NetBSD: bl.c,v 1.6 2025/03/26 13:52:47 christos Exp $");
+__RCSID("$NetBSD: bl.c,v 1.7 2025/03/26 16:45:22 christos Exp $");
#include <sys/param.h>
#include <sys/types.h>
@@ -465,7 +465,7 @@ bl_recv(bl_t b)
msg.msg_flags = 0;
msg.msg_control = ua.ctrl;
- msg.msg_controllen = sizeof(ua.ctrl) + 100;
+ msg.msg_controllen = sizeof(ua.ctrl);
rlen = recvmsg(b->b_fd, &msg, 0);
if (rlen == -1) {
@@ -484,10 +484,15 @@ bl_recv(bl_t b)
switch (cmsg->cmsg_type) {
case SCM_RIGHTS:
if (cmsg->cmsg_len != CMSG_LEN(sizeof(int))) {
+ int *fd = (void *)CMSG_DATA(cmsg);
+ size_t len = cmsg->cmsg_len / sizeof(int);
bl_log(b, LOG_ERR,
"%s: unexpected cmsg_len %d != %zu",
__func__, cmsg->cmsg_len,
- CMSG_LEN(2 * sizeof(int)));
+ CMSG_LEN(sizeof(int)));
+
+ for (size_t i = 0; i < len; i++)
+ (void)close(fd[i]);
continue;
}
memcpy(&bi->bi_fd, CMSG_DATA(cmsg), sizeof(bi->bi_fd));
