diff options
| author | Vitaliy Makkoveev <mvs@cvs.openbsd.org> | 2024-03-17 19:47:09 +0000 |
|---|---|---|
| committer | Vitaliy Makkoveev <mvs@cvs.openbsd.org> | 2024-03-17 19:47:09 +0000 |
| commit | 25d9df571ba85728892f90f63b13849635d7a575 (patch) | |
| tree | cb7d485bfc302a11f43d7d9732d4e778d6c1a747 /sys | |
| parent | 7951af8c72e9111ab6a780bf1ef250fa5468dd68 (diff) | |
Do UNP_CONNECTING and UNP_BINDING flags check in uipc_listen() and
return EINVAL if set. This prevents concurrent solisten() thread to make
this socket listening while socket is unlocked.
Reported-by: syzbot+4acfcd73d15382a3e7cf@syzkaller.appspotmail.com
ok mpi
Diffstat (limited to 'sys')
| -rw-r--r-- | sys/kern/uipc_usrreq.c | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/sys/kern/uipc_usrreq.c b/sys/kern/uipc_usrreq.c index 73a319bc387..b01cad482d6 100644 --- a/sys/kern/uipc_usrreq.c +++ b/sys/kern/uipc_usrreq.c @@ -1,4 +1,4 @@ -/* $OpenBSD: uipc_usrreq.c,v 1.200 2023/11/28 09:29:20 jsg Exp $ */ +/* $OpenBSD: uipc_usrreq.c,v 1.201 2024/03/17 19:47:08 mvs Exp $ */ /* $NetBSD: uipc_usrreq.c,v 1.18 1996/02/09 19:00:50 christos Exp $ */ /* @@ -415,6 +415,8 @@ uipc_listen(struct socket *so) { struct unpcb *unp = sotounpcb(so); + if (unp->unp_flags & (UNP_BINDING | UNP_CONNECTING)) + return (EINVAL); if (unp->unp_vnode == NULL) return (EINVAL); return (0); |