diff options
author | fenner <fenner@FreeBSD.org> | 1999-01-25 16:58:56 +0000 |
---|---|---|
committer | fenner <fenner@FreeBSD.org> | 1999-01-25 16:58:56 +0000 |
commit | 56bddd51c28ba7ae74608ff9e0278bf9b2ac4ad4 (patch) | |
tree | 34acae73d887557e2b1596dd39b6b88ad399a920 /sys/kern/uipc_socket.c | |
parent | 479ab8882bc874ce42a63facf700e543ee0dd470 (diff) | |
download | FreeBSD-src-56bddd51c28ba7ae74608ff9e0278bf9b2ac4ad4.zip FreeBSD-src-56bddd51c28ba7ae74608ff9e0278bf9b2ac4ad4.tar.gz |
Port NetBSD's 19990120-accept bug fix. This works around the race condition
where select(2) can return that a listening socket has a connected socket
queued, the connection is broken, and the user calls accept(2), which then
blocks because there are no connections queued.
Reviewed by: wollman
Obtained from: NetBSD
(ftp://ftp.NetBSD.ORG/pub/NetBSD/misc/security/patches/19990120-accept)
Diffstat (limited to 'sys/kern/uipc_socket.c')
-rw-r--r-- | sys/kern/uipc_socket.c | 18 |
1 files changed, 15 insertions, 3 deletions
diff --git a/sys/kern/uipc_socket.c b/sys/kern/uipc_socket.c index 1efa8c5..77a4331 100644 --- a/sys/kern/uipc_socket.c +++ b/sys/kern/uipc_socket.c @@ -31,7 +31,7 @@ * SUCH DAMAGE. * * @(#)uipc_socket.c 8.3 (Berkeley) 4/15/94 - * $Id: uipc_socket.c,v 1.50 1999/01/20 17:31:54 fenner Exp $ + * $Id: uipc_socket.c,v 1.51 1999/01/20 17:45:22 fenner Exp $ */ #include <sys/param.h> @@ -193,7 +193,12 @@ sofree(so) TAILQ_REMOVE(&head->so_incomp, so, so_list); head->so_incqlen--; } else if (so->so_state & SS_COMP) { - TAILQ_REMOVE(&head->so_comp, so, so_list); + /* + * We must not decommission a socket that's + * on the accept(2) queue. If we do, then + * accept(2) may hang after select(2) indicated + * that the listening socket was ready. + */ } else { panic("sofree: not queued"); } @@ -228,6 +233,7 @@ soclose(so) } for (sp = so->so_comp.tqh_first; sp != NULL; sp = sonext) { sonext = sp->so_list.tqe_next; + TAILQ_REMOVE(&so->so_comp, sp, so_list); (void) soabort(sp); } } @@ -288,7 +294,13 @@ soaccept(so, nam) if ((so->so_state & SS_NOFDREF) == 0) panic("soaccept: !NOFDREF"); so->so_state &= ~SS_NOFDREF; - error = (*so->so_proto->pr_usrreqs->pru_accept)(so, nam); + if ((so->so_state & SS_ISDISCONNECTED) == 0) + error = (*so->so_proto->pr_usrreqs->pru_accept)(so, nam); + else { + if (nam) + *nam = 0; + error = 0; + } splx(s); return (error); } |