xnu-792.25.20.tar.gz

[apple/xnu.git] / bsd / kern / uipc_usrreq.c

diff --git a/bsd/kern/uipc_usrreq.c b/bsd/kern/uipc_usrreq.c
index ca560d4156c22c2c7fa5dd765356a599fc1285b7..4555e7e1e46ed022bad8a581ed7401f45c6cd7e5 100644 (file)
--- a/bsd/kern/uipc_usrreq.c
+++ b/bsd/kern/uipc_usrreq.c
@@ -632,13 +632,17 @@ unp_bind(
        char buf[SOCK_MAXADDRLEN];
 
        context.vc_proc = p;
-       context.vc_ucred = p->p_ucred;  /* XXX kauth_cred_get() ??? proxy */
+       context.vc_ucred = kauth_cred_proc_ref(p);      /* XXX kauth_cred_get() ??? proxy */
 
-       if (unp->unp_vnode != NULL)
+       if (unp->unp_vnode != NULL) {
+               kauth_cred_unref(&context.vc_ucred);
                return (EINVAL);
+       }
        namelen = soun->sun_len - offsetof(struct sockaddr_un, sun_path);
-       if (namelen <= 0)
+       if (namelen <= 0) {
+               kauth_cred_unref(&context.vc_ucred);
                return EINVAL;
+       }
        strncpy(buf, soun->sun_path, namelen);
        buf[namelen] = 0;       /* null-terminate the string */
        NDINIT(&nd, CREATE, FOLLOW | LOCKPARENT, UIO_SYSSPACE32,
@@ -646,6 +650,7 @@ unp_bind(
 /* SHOULD BE ABLE TO ADOPT EXISTING AND wakeup() ALA FIFO's */
        error = namei(&nd);
        if (error) {
+               kauth_cred_unref(&context.vc_ucred);
                return (error);
        }
        dvp = nd.ni_dvp;
@@ -661,6 +666,7 @@ unp_bind(
                vnode_put(dvp);
                vnode_put(vp);
 
+               kauth_cred_unref(&context.vc_ucred);
                return (EADDRINUSE);
        }
 
@@ -680,6 +686,7 @@ unp_bind(
        vnode_put(dvp);
 
        if (error) {
+               kauth_cred_unref(&context.vc_ucred);
                return (error);
        }
        vnode_ref(vp);  /* gain a longterm reference */
@@ -688,6 +695,7 @@ unp_bind(
        unp->unp_addr = (struct sockaddr_un *)dup_sockaddr(nam, 1);
        vnode_put(vp);          /* drop the iocount */
 
+       kauth_cred_unref(&context.vc_ucred);
        return (0);
 }
 
@@ -707,18 +715,21 @@ unp_connect(
        char buf[SOCK_MAXADDRLEN];
 
        context.vc_proc = p;
-       context.vc_ucred = p->p_ucred;  /* XXX kauth_cred_get() ??? proxy */
+       context.vc_ucred = kauth_cred_proc_ref(p);      /* XXX kauth_cred_get() ??? proxy */
        so2 = so3 = NULL;
 
        len = nam->sa_len - offsetof(struct sockaddr_un, sun_path);
-       if (len <= 0)
+       if (len <= 0) {
+               kauth_cred_unref(&context.vc_ucred);
                return EINVAL;
+       }
        strncpy(buf, soun->sun_path, len);
        buf[len] = 0;
 
        NDINIT(&nd, LOOKUP, FOLLOW | LOCKLEAF, UIO_SYSSPACE32, CAST_USER_ADDR_T(buf), &context);
        error = namei(&nd);
        if (error) {
+               kauth_cred_unref(&context.vc_ucred);
                return (error);
        }
        nameidone(&nd);
@@ -776,7 +787,7 @@ unp_connect(
                 * from its process structure at the time of connect()
                 * (which is now).
                 */
-               cru2x(p->p_ucred, &unp3->unp_peercred);
+               cru2x(context.vc_ucred, &unp3->unp_peercred);
                unp3->unp_flags |= UNP_HAVEPC;
                /*
                 * The receiver's (server's) credentials are copied
@@ -802,6 +813,7 @@ bad:
                        so2->so_usecount--;     /* release count on socket */
        
        vnode_put(vp);
+       kauth_cred_unref(&context.vc_ucred);
        return (error);
 }
 
@@ -1381,8 +1393,9 @@ unp_listen(
        struct unpcb *unp,
        struct proc *p)
 {
-
-       cru2x(p->p_ucred, &unp->unp_peercred);
+       kauth_cred_t safecred = kauth_cred_proc_ref(p);
+       cru2x(safecred, &unp->unp_peercred);
+       kauth_cred_unref(&safecred);
        unp->unp_flags |= UNP_HAVEPCCACHED;
        return (0);
 }