From c39967573adbea0073d02e036bd8adbef3c31cd8 Mon Sep 17 00:00:00 2001
From: Matthew Dillon <dillon@dragonflybsd.org>
Date: Sat, 20 Dec 2003 05:53:59 +0000
Subject: [PATCH] Fix a syscall separation bug in recvfrom() which sometimes
 dereferenced a NULL pointer.

---
 sys/kern/uipc_syscalls.c | 16 +++++++++++-----
 1 file changed, 11 insertions(+), 5 deletions(-)

diff --git a/sys/kern/uipc_syscalls.c b/sys/kern/uipc_syscalls.c
index cb61b22ddc..a7408bb9d7 100644
--- a/sys/kern/uipc_syscalls.c
+++ b/sys/kern/uipc_syscalls.c
@@ -35,7 +35,7 @@
  *
  *	@(#)uipc_syscalls.c	8.4 (Berkeley) 2/21/94
  * $FreeBSD: src/sys/kern/uipc_syscalls.c,v 1.65.2.17 2003/04/04 17:11:16 tegge Exp $
- * $DragonFly: src/sys/kern/uipc_syscalls.c,v 1.22 2003/12/10 23:48:07 hsu Exp $
+ * $DragonFly: src/sys/kern/uipc_syscalls.c,v 1.23 2003/12/20 05:53:59 dillon Exp $
  */
 
 #include "opt_ktrace.h"
@@ -775,11 +775,17 @@ recvfrom(struct recvfrom_args *uap)
 	    &uap->flags, &uap->sysmsg_result);
 
 	if (error == 0 && uap->from) {
-		fromlen = MIN(fromlen, sa->sa_len);
-		error = copyout(sa, uap->from, fromlen);
-		if (error == 0)
+		/* note: sa may still be NULL */
+		if (sa) {
+			fromlen = MIN(fromlen, sa->sa_len);
+			error = copyout(sa, uap->from, fromlen);
+		} else {
+			fromlen = 0;
+		}
+		if (error == 0) {
 			error = copyout(&fromlen, uap->fromlenaddr,
-			    sizeof(fromlen));
+					sizeof(fromlen));
+		}
 	}
 	if (sa)
 		FREE(sa, M_SONAME);
-- 
2.41.0