Sockets passed into uipc_abort() have been allocated by sonewconn()
but never accept'ed, so they must be destroyed. Originally, unp_drop() detected this situation by checking if so->so_head is non-NULL. However, since revision 1.54 of uipc_socket.c (Feb 1999), so->so_head is set to NULL before calling soabort(), so any unix-domain sockets waiting to be accept'ed are leaked if the server socket is closed. Resolve this by moving the socket destruction code into uipc_abort() itself, and making it unconditional (the other caller of unp_drop() never needs the socket to be destroyed). Use unp_detach() to avoid the original code duplication when destroying the socket. PR: kern/17895 Reviewed by: dwmalone (an earlier version of the patch) MFC after: 1 week
This commit is contained in:
iedowse
parent
aaf850a0ef
commit
293f2d1cfe
@ -103,6 +103,8 @@ uipc_abort(struct socket *so)
|
||||
if (unp == 0)
|
||||
return EINVAL;
|
||||
unp_drop(unp, ECONNABORTED);
|
||||
unp_detach(unp);
|
||||
sotryfree(so);
|
||||
return 0;
|
||||
}
|
||||
|
||||
@ -932,16 +934,6 @@ unp_drop(unp, errno)
|
||||
|
||||
so->so_error = errno;
|
||||
unp_disconnect(unp);
|
||||
if (so->so_head) {
|
||||
LIST_REMOVE(unp, unp_link);
|
||||
unp->unp_gencnt = ++unp_gencnt;
|
||||
unp_count--;
|
||||
so->so_pcb = (caddr_t) 0;
|
||||
if (unp->unp_addr)
|
||||
FREE(unp->unp_addr, M_SONAME);
|
||||
zfree(unp_zone, unp);
|
||||
sotryfree(so);
|
||||
}
|
||||
}
|
||||
|
||||
#ifdef notdef
|
||||
|
||||
Loading…
Reference in New Issue
Block a user