From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!.POSTED!not-for-mail From: Paul Eggert Newsgroups: gmane.emacs.devel Subject: Re: [Emacs-diffs] master a066fb1: Fix use-after-close in connect_network_socket Date: Tue, 2 Aug 2016 00:32:40 -0700 Organization: UCLA Computer Science Department Message-ID: <6b0f65f3-2aed-858b-1979-1fdfc3e6c6fc@cs.ucla.edu> References: <20160721092948.2203.76649@vcs.savannah.gnu.org> <20160721092948.D1106220159@vcs.savannah.gnu.org> NNTP-Posting-Host: blaine Mime-Version: 1.0 Content-Type: multipart/mixed; boundary="------------7C5C548A0F99FA95A8B9D23C" X-Trace: blaine.gmane.org 1470124308 19591 195.159.176.226 (2 Aug 2016 07:51:48 GMT) X-Complaints-To: usenet@blaine.gmane.org NNTP-Posting-Date: Tue, 2 Aug 2016 07:51:48 +0000 (UTC) User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.2.0 To: Ken Brown , emacs-devel@gnu.org Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Tue Aug 02 09:51:44 2016 Return-path: Envelope-to: ged-emacs-devel@m.gmane.org Original-Received: from lists.gnu.org ([208.118.235.17]) by blaine.gmane.org with esmtp (Exim 4.84_2) (envelope-from ) id 1bUUUD-0003zP-68 for ged-emacs-devel@m.gmane.org; Tue, 02 Aug 2016 09:51:41 +0200 Original-Received: from localhost ([::1]:54446 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1bUUCD-0007Pp-Ef for ged-emacs-devel@m.gmane.org; Tue, 02 Aug 2016 03:33:01 -0400 Original-Received: from eggs.gnu.org ([2001:4830:134:3::10]:49148) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1bUUC3-0007PF-3b for emacs-devel@gnu.org; Tue, 02 Aug 2016 03:32:56 -0400 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1bUUBw-0007Z8-1k for emacs-devel@gnu.org; Tue, 02 Aug 2016 03:32:49 -0400 Original-Received: from zimbra.cs.ucla.edu ([131.179.128.68]:43251) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1bUUBv-0007Z0-Rt for emacs-devel@gnu.org; Tue, 02 Aug 2016 03:32:43 -0400 Original-Received: from localhost (localhost [127.0.0.1]) by zimbra.cs.ucla.edu (Postfix) with ESMTP id A12CC161325; Tue, 2 Aug 2016 00:32:42 -0700 (PDT) Original-Received: from zimbra.cs.ucla.edu ([127.0.0.1]) by localhost (zimbra.cs.ucla.edu [127.0.0.1]) (amavisd-new, port 10032) with ESMTP id cTeC7XP-jwxW; Tue, 2 Aug 2016 00:32:41 -0700 (PDT) Original-Received: from localhost (localhost [127.0.0.1]) by zimbra.cs.ucla.edu (Postfix) with ESMTP id 1A1B8161334; Tue, 2 Aug 2016 00:32:41 -0700 (PDT) X-Virus-Scanned: amavisd-new at zimbra.cs.ucla.edu Original-Received: from zimbra.cs.ucla.edu ([127.0.0.1]) by localhost (zimbra.cs.ucla.edu [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id VSeFUrTiYQRX; Tue, 2 Aug 2016 00:32:41 -0700 (PDT) Original-Received: from [192.168.1.9] (unknown [100.32.155.148]) by zimbra.cs.ucla.edu (Postfix) with ESMTPSA id E2F4E161325; Tue, 2 Aug 2016 00:32:40 -0700 (PDT) In-Reply-To: X-detected-operating-system: by eggs.gnu.org: GNU/Linux 3.x X-Received-From: 131.179.128.68 X-BeenThere: emacs-devel@gnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: "Emacs development discussions." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Original-Sender: "Emacs-devel" Xref: news.gmane.org gmane.emacs.devel:206341 Archived-At: This is a multi-part message in MIME format. --------------7C5C548A0F99FA95A8B9D23C Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 7bit Ken Brown wrote: > Did you perhaps get the condition (socket_to_use < 0) backwards? If > socket_to_use < 0, then it is not external_sock_fd that has been closed. Yes, thanks, I think you're right. I installed the attached on master to fix that. --------------7C5C548A0F99FA95A8B9D23C Content-Type: text/x-diff; name="0001-Fix-use-after-close-in-connect_network_socket.patch" Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename="0001-Fix-use-after-close-in-connect_network_socket.patch" >From 10ae6903134d0c501ede683e698a4f0a36cd6297 Mon Sep 17 00:00:00 2001 From: Paul Eggert Date: Tue, 2 Aug 2016 03:31:04 -0400 Subject: [PATCH] Fix use-after-close in connect_network_socket * src/process.c (connect_network_socket): Reverse sense of previous fix. Problem reported by Ken Brown in: http://lists.gnu.org/archive/html/emacs-devel/2016-08/msg00004.html --- src/process.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/process.c b/src/process.c index bc2ac45..5e48e43 100644 --- a/src/process.c +++ b/src/process.c @@ -3185,7 +3185,7 @@ connect_network_socket (Lisp_Object proc, Lisp_Object addrinfos, xerrno = errno; emacs_close (s); s = -1; - if (socket_to_use < 0) + if (0 <= socket_to_use) break; continue; } @@ -3314,7 +3314,7 @@ connect_network_socket (Lisp_Object proc, Lisp_Object addrinfos, specpdl_ptr = specpdl + count1; emacs_close (s); s = -1; - if (socket_to_use < 0) + if (0 <= socket_to_use) break; #ifdef WINDOWSNT -- 2.5.5 --------------7C5C548A0F99FA95A8B9D23C--