Author: mjg
Date: Thu Sep 4 01:21:33 2014
New Revision: 271074
URL: http://svnweb.freebsd.org/changeset/base/271074
Log:
Plug a hypothetical use after free in sysctl kern.proc.groups.
MFC after: 1 week
Modified:
head/sys/kern/kern_proc.c
Modified: head/sys/kern/kern_proc.c
==============================================================================
--- head/sys/kern/kern_proc.c Thu Sep 4 01:04:37 2014 (r271073)
+++ head/sys/kern/kern_proc.c Thu Sep 4 01:21:33 2014 (r271074)
@@ -2508,6 +2508,7 @@ sysctl_kern_proc_groups(SYSCTL_HANDLER_A
return (EINVAL);
if (*pidp == -1) { /* -1 means this process */
p = req->td->td_proc;
+ PROC_LOCK(p);
} else {
error = pget(*pidp, PGET_CANSEE, &p);
if (error != 0)
@@ -2515,8 +2516,7 @@ sysctl_kern_proc_groups(SYSCTL_HANDLER_A
}
cred = crhold(p->p_ucred);
- if (*pidp != -1)
- PROC_UNLOCK(p);
+ PROC_UNLOCK(p);
error = SYSCTL_OUT(req, cred->cr_groups,
cred->cr_ngroups * sizeof(gid_t));
_______________________________________________
svn-src-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
