From 0526a0cabfe1cb63e93947a4d34a050a13d97851 Mon Sep 17 00:00:00 2001
From: markj <markj@FreeBSD.org>
Date: Tue, 5 Feb 2019 17:56:22 +0000
Subject: [PATCH] MFC r343784: Avoid leaking fp references when truncating
 SCM_RIGHTS control messages.

Approved by:	so
Security:	CVE-2019-5596
---
 sys/kern/uipc_syscalls.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/sys/kern/uipc_syscalls.c b/sys/kern/uipc_syscalls.c
index 57cddd153972..4181ce3b72c4 100644
--- a/sys/kern/uipc_syscalls.c
+++ b/sys/kern/uipc_syscalls.c
@@ -1607,8 +1607,10 @@ m_dispose_extcontrolm(struct mbuf *m)
 					fd = *fds++;
 					error = fget(td, fd, &cap_no_rights,
 					    &fp);
-					if (error == 0)
+					if (error == 0) {
 						fdclose(td, fp, fd);
+						fdrop(fp, td);
+					}
 				}
 			}
 			clen -= datalen;