From 786e18e2983525384b47757362dc5a8c151f650a Mon Sep 17 00:00:00 2001
From: jamie <jamie@FreeBSD.org>
Date: Thu, 9 Jun 2016 20:43:14 +0000
Subject: [PATCH] Re-order some jail parameter reading to prevent a vnode leak.

---
 sys/kern/kern_jail.c | 80 ++++++++++++++++++++++----------------------
 1 file changed, 40 insertions(+), 40 deletions(-)

diff --git a/sys/kern/kern_jail.c b/sys/kern/kern_jail.c
index 7bc496e39ce4..74522d99605c 100644
--- a/sys/kern/kern_jail.c
+++ b/sys/kern/kern_jail.c
@@ -920,6 +920,46 @@ kern_jail_set(struct thread *td, struct uio *optuio, int flags)
 	}
 #endif
 
+	error = vfs_getopt(opts, "osrelease", (void **)&osrelstr, &len);
+	if (error == ENOENT)
+		osrelstr = NULL;
+	else if (error != 0)
+		goto done_free;
+	else {
+		if (flags & JAIL_UPDATE) {
+			error = EINVAL;
+			vfs_opterror(opts,
+			    "osrelease cannot be changed after creation");
+			goto done_errmsg;
+		}
+		if (len == 0 || len >= OSRELEASELEN) {
+			error = EINVAL;
+			vfs_opterror(opts,
+			    "osrelease string must be 1-%d bytes long",
+			    OSRELEASELEN - 1);
+			goto done_errmsg;
+		}
+	}
+
+	error = vfs_copyopt(opts, "osreldate", &osreldt, sizeof(osreldt));
+	if (error == ENOENT)
+		osreldt = 0;
+	else if (error != 0)
+		goto done_free;
+	else {
+		if (flags & JAIL_UPDATE) {
+			error = EINVAL;
+			vfs_opterror(opts,
+			    "osreldate cannot be changed after creation");
+			goto done_errmsg;
+		}
+		if (osreldt == 0) {
+			error = EINVAL;
+			vfs_opterror(opts, "osreldate cannot be 0");
+			goto done_errmsg;
+		}
+	}
+
 	fullpath_disabled = 0;
 	root = NULL;
 	error = vfs_getopt(opts, "path", (void **)&path, &len);
@@ -975,46 +1015,6 @@ kern_jail_set(struct thread *td, struct uio *optuio, int flags)
 		}
 	}
 
-	error = vfs_getopt(opts, "osrelease", (void **)&osrelstr, &len);
-	if (error == ENOENT)
-		osrelstr = NULL;
-	else if (error != 0)
-		goto done_free;
-	else {
-		if (flags & JAIL_UPDATE) {
-			error = EINVAL;
-			vfs_opterror(opts,
-			    "osrelease cannot be changed after creation");
-			goto done_errmsg;
-		}
-		if (len == 0 || len >= OSRELEASELEN) {
-			error = EINVAL;
-			vfs_opterror(opts,
-			    "osrelease string must be 1-%d bytes long",
-			    OSRELEASELEN - 1);
-			goto done_errmsg;
-		}
-	}
-
-	error = vfs_copyopt(opts, "osreldate", &osreldt, sizeof(osreldt));
-	if (error == ENOENT)
-		osreldt = 0;
-	else if (error != 0)
-		goto done_free;
-	else {
-		if (flags & JAIL_UPDATE) {
-			error = EINVAL;
-			vfs_opterror(opts,
-			    "osreldate cannot be changed after creation");
-			goto done_errmsg;
-		}
-		if (osreldt == 0) {
-			error = EINVAL;
-			vfs_opterror(opts, "osreldate cannot be 0");
-			goto done_errmsg;
-		}
-	}
-
 	/*
 	 * Find the specified jail, or at least its parent.
 	 * This abuses the file error codes ENOENT and EEXIST.