Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 07 Aug 2018 16:37:18 +0000
From:      bugzilla-noreply@freebsd.org
To:        net@FreeBSD.org
Subject:   [Bug 131876] [socket] FD leak by receiving SCM_RIGHTS by recvmsg with small control message buffer
Message-ID:  <bug-131876-7501-z6BJykQscJ@https.bugs.freebsd.org/bugzilla/>
In-Reply-To: <bug-131876-7501@https.bugs.freebsd.org/bugzilla/>
References:  <bug-131876-7501@https.bugs.freebsd.org/bugzilla/>
next in thread | previous in thread | raw e-mail | index | archive | help 
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D131876

--- Comment #9 from commit-hook@freebsd.org ---
A commit references this bug:

Author: markj
Date: Tue Aug  7 16:36:50 UTC 2018
New revision: 337423
URL: https://svnweb.freebsd.org/changeset/base/337423

Log:
  Improve handling of control message truncation.

  If a recvmsg(2) or recvmmsg(2) caller doesn't provide sufficient space
  for all control messages, the kernel sets MSG_CTRUNC in the message
  flags to indicate truncation of the control messages.  In the case
  of SCM_RIGHTS messages, however, we were failing to dispose of the
  rights that had already been externalized into the recipient's file
  descriptor table.  Add a new function and mbuf type to handle this
  cleanup task, and use it any time we fail to copy control messages
  out to the recipient.  To simplify cleanup, control message truncation
  is now only performed at control message boundaries.

  The change also fixes a few related bugs:
  - Rights could be leaked to the recipient process if an error occurred
    while copying out a message's contents.
  - We failed to set MSG_CTRUNC if the truncation occurred on a control
    message boundary, e.g., if the caller received two control messages
    and provided only the exact amount of buffer space needed for the
    first.

  PR:           131876
  Reviewed by:  ed (previous version)
  MFC after:    1 month
  Sponsored by: The FreeBSD Foundation
  Differential Revision:        https://reviews.freebsd.org/D16561

Changes:
  head/sys/compat/cloudabi/cloudabi_sock.c
  head/sys/compat/freebsd32/freebsd32_misc.c
  head/sys/compat/linux/linux_socket.c
  head/sys/kern/uipc_syscalls.c
  head/sys/kern/uipc_usrreq.c
  head/sys/sys/mbuf.h

--=20
You are receiving this mail because:
You are on the CC list for the bug.=

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-131876-7501-z6BJykQscJ>