From ef88ae77ea029b3f59349aa1547395ba8bc394b2 Mon Sep 17 00:00:00 2001
From: Sergey Kandaurov <pluknet@FreeBSD.org>
Date: Thu, 23 Jul 2015 23:18:03 +0000
Subject: [PATCH] Call ksem_get() with initialized 'rights'.

ksem_get() consumes fget(), and it's mandatory there.

Reported by:	truckman
Reviewed by:	mjg
---
 sys/kern/uipc_sem.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/sys/kern/uipc_sem.c b/sys/kern/uipc_sem.c
index dbfa28a7f4c3..1b2c7615d44b 100644
--- a/sys/kern/uipc_sem.c
+++ b/sys/kern/uipc_sem.c
@@ -651,12 +651,13 @@ struct ksem_close_args {
 int
 sys_ksem_close(struct thread *td, struct ksem_close_args *uap)
 {
+	cap_rights_t rights;
 	struct ksem *ks;
 	struct file *fp;
 	int error;
 
 	/* No capability rights required to close a semaphore. */
-	error = ksem_get(td, uap->id, 0, &fp);
+	error = ksem_get(td, uap->id, cap_rights_init(&rights), &fp);
 	if (error)
 		return (error);
 	ks = fp->f_data;
@@ -872,12 +873,13 @@ struct ksem_destroy_args {
 int
 sys_ksem_destroy(struct thread *td, struct ksem_destroy_args *uap)
 {
+	cap_rights_t rights;
 	struct file *fp;
 	struct ksem *ks;
 	int error;
 
 	/* No capability rights required to close a semaphore. */
-	error = ksem_get(td, uap->id, 0, &fp);
+	error = ksem_get(td, uap->id, cap_rights_init(&rights), &fp);
 	if (error)
 		return (error);
 	ks = fp->f_data;