From 7b2f4ab767a1ab993d01774a4fa28dabd6f3c4ab Mon Sep 17 00:00:00 2001
From: Jérôme Duval <jerome.duval@gmail.com>
Date: Wed, 18 Jun 2025 21:27:20 +0200
Subject: [PATCH] kernel/socket: for accept()/recvmsg() invalid user addresses are not fatal

needed to align with FreeBSD and Linux.
FreeBSD Test: tools/regression/sockets/accept_fd_leak/accept_fd_leak.c

Change-Id: Ia87e1713f0fb2a8010257539d2fe62cef9331c56
Reviewed-on: https://review.haiku-os.org/c/haiku/+/9382
Reviewed-by: Jérôme Duval <jerome.duval@gmail.com>
Tested-by: Commit checker robot <no-reply+buildbot@haiku-os.org>
---
 src/system/kernel/fs/socket.cpp | 12 +++++++-----
 1 file changed, 7 insertions(+), 5 deletions(-)

diff --git a/src/system/kernel/fs/socket.cpp b/src/system/kernel/fs/socket.cpp
index 18f24ed..5c2ec81 100644
--- a/src/system/kernel/fs/socket.cpp
+++ b/src/system/kernel/fs/socket.cpp
@@ -107,9 +107,11 @@
 	if (userAddress == NULL) {
 		if (addressRequired)
 			return B_BAD_VALUE;
-	} else if (!IS_USER_ADDRESS(userAddress)
-			|| !IS_USER_ADDRESS(_addressLength)) {
-		return B_BAD_ADDRESS;
+	} else {
+		if (!IS_USER_ADDRESS(_addressLength))
+			return B_BAD_ADDRESS;
+		if (!IS_USER_ADDRESS(userAddress) && addressRequired)
+			return B_BAD_ADDRESS;
 	}
 
 	// copy the buffer size from userland
@@ -136,8 +138,8 @@
 	if (user_memcpy(userAddressLength, &addressLength,
 			sizeof(socklen_t)) != B_OK
 		|| (userAddress != NULL
-			&& user_memcpy(userAddress, address,
-				min_c(addressLength, userAddressBufferSize)) != B_OK)) {
+			&& (!IS_USER_ADDRESS(userAddress) || user_memcpy(userAddress, address,
+				min_c(addressLength, userAddressBufferSize)) != B_OK))) {
 		return B_BAD_ADDRESS;
 	}
 
--
gitore 0.2.2