d/freebsd-nq
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

mqueuefs: fix compat32 struct file leak

Browse Source 
In a compat32 error case we previously leaked a struct file.

Submitted by:	Karsten König, Secfault Security
Security:	CVE-2019-5603
This commit is contained in:
Ed Maste 2019-08-20 17:44:03 +00:00
parent 51ff47d7a5
commit f37192064a
1 changed files with 2 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
sys/kern/uipc_mqueue.c
View File

@ -2806,7 +2806,7 @@ freebsd32_kmq_timedsend(struct thread *td,
if (uap->abs_timeout != NULL) {
error = copyin(uap->abs_timeout, &ets32, sizeof(ets32));
if (error != 0)
return (error);
goto out;
CP(ets32, ets, tv_sec);
CP(ets32, ets, tv_nsec);
abs_timeout = &ets;
@ -2815,6 +2815,7 @@ freebsd32_kmq_timedsend(struct thread *td,
waitok = !(fp->f_flag & O_NONBLOCK);
error = mqueue_send(mq, uap->msg_ptr, uap->msg_len,
uap->msg_prio, waitok, abs_timeout);
out:
fdrop(fp, td);
return (error);
}