From fc98e2bdc0c653eee0b3e9a76a6d96f190c4eb04 Mon Sep 17 00:00:00 2001 From: tedu Date: Tue, 12 Jul 2016 14:28:02 +0000 Subject: [PATCH] in the great unp_gc rewrite, a null check was lost. we have spent some time investigating and arguing about whether a NULL fp is a bug or not, but what has become clear is that NULL fps get passed to unp_discard and have been for quite some time. restore old accomodating behavior by checking for null in unp_gc. ok deraadt kettenis --- sys/kern/uipc_usrreq.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/sys/kern/uipc_usrreq.c b/sys/kern/uipc_usrreq.c index 60e4f11b41f..ea4c716b0bb 100644 --- a/sys/kern/uipc_usrreq.c +++ b/sys/kern/uipc_usrreq.c @@ -1,4 +1,4 @@ -/* $OpenBSD: uipc_usrreq.c,v 1.98 2016/07/12 13:19:14 deraadt Exp $ */ +/* $OpenBSD: uipc_usrreq.c,v 1.99 2016/07/12 14:28:02 tedu Exp $ */ /* $NetBSD: uipc_usrreq.c,v 1.18 1996/02/09 19:00:50 christos Exp $ */ /* @@ -898,6 +898,8 @@ unp_gc(void *arg __unused) for (i = 0; i < defer->ud_n; i++) { memcpy(&fp, &((struct file **)(defer + 1))[i], sizeof(fp)); + if (fp == NULL) + continue; FREF(fp); if ((unp = fptounp(fp)) != NULL) unp->unp_msgcount--; -- 2.20.1