From 7d3a63f4e88b4a7f54bfe72904ee33239bf0e620 Mon Sep 17 00:00:00 2001 From: Samuel Thibault Date: Sun, 5 Jul 2020 18:32:02 +0200 Subject: pflocal: Fix referencing connection queue entries. As asserted in connq_destroy, for each entry in the queue we are supposed to keep a reference to the socket that contains the queue. So we need to keep it when connecting and release it when accepting. * pflocal/socket.c (S_socket_connect): Do not deref the peer socket when sock_connect succeeded. (S_socket_accept): Deref the socket when the accept succeeded. --- pflocal/socket.c | 15 +++++++++++++-- 1 file changed, 13 insertions(+), 2 deletions(-) (limited to 'pflocal/socket.c') diff --git a/pflocal/socket.c b/pflocal/socket.c index 89444370..30ebe33f 100644 --- a/pflocal/socket.c +++ b/pflocal/socket.c @@ -80,6 +80,7 @@ S_socket_connect (struct sock_user *user, struct addr *addr) { error_t err; struct sock *peer; + int deref = 1; if (! addr) return ECONNREFUSED; @@ -137,7 +138,12 @@ S_socket_connect (struct sock_user *user, struct addr *addr) { err = sock_connect (sock, server); if (!err) - connq_connect_complete (peer->listen_queue, server); + { + /* Keep the ref of on the peer for the connection + request in the queue. */ + deref = 0; + connq_connect_complete (peer->listen_queue, server); + } else sock_free (server); } @@ -157,7 +163,8 @@ S_socket_connect (struct sock_user *user, struct addr *addr) else err = ECONNREFUSED; - sock_deref (peer); + if (deref) + sock_deref (peer); } return err; @@ -190,6 +197,10 @@ S_socket_accept (struct sock_user *user, if (!err) { struct addr *peer_addr; + + /* Release the reference for the connection request in the queue */ + sock_deref (sock); + *port_type = MACH_MSG_TYPE_MAKE_SEND; err = sock_create_port (peer_sock, port); if (!err) -- cgit v1.2.3