From a307eb26ed43d1b9a2d8182231bcec9db1b29640 Mon Sep 17 00:00:00 2001 From: Gleb Smirnoff Date: Fri, 29 Mar 2013 13:57:55 +0000 Subject: [PATCH] When soreceive_generic() hands off an mbuf from buffer, clear its pointer to next record, since next record belongs to the buffer, and shouldn't be leaked. The ng_ksocket(4) used to clear this pointer itself, but the correct place is here. Sponsored by: Nginx, Inc --- sys/kern/uipc_socket.c | 1 + 1 file changed, 1 insertion(+) diff --git a/sys/kern/uipc_socket.c b/sys/kern/uipc_socket.c index bce61e5bfb9b..259a1232fc65 100644 --- a/sys/kern/uipc_socket.c +++ b/sys/kern/uipc_socket.c @@ -1860,6 +1860,7 @@ soreceive_generic(struct socket *so, struct sockaddr **psa, struct uio *uio, nextrecord = m->m_nextpkt; sbfree(&so->so_rcv, m); if (mp != NULL) { + m->m_nextpkt = NULL; *mp = m; mp = &m->m_next; so->so_rcv.sb_mb = m = m->m_next;