Site Navigation

Date:      Thu, 4 Sep 2014 01:21:33 +0000 (UTC)
From:      Mateusz Guzik <mjg@FreeBSD.org>
To:        src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org
Subject:   svn commit: r271074 - head/sys/kern
Message-ID:  <201409040121.s841LXRq088086@svn.freebsd.org>

---

next in thread | raw e-mail | index | archive | help

---

Author: mjg
Date: Thu Sep  4 01:21:33 2014
New Revision: 271074
URL: http://svnweb.freebsd.org/changeset/base/271074

Log:
  Plug a hypothetical use after free in sysctl kern.proc.groups.
  
  MFC after:	1 week

Modified:
  head/sys/kern/kern_proc.c

Modified: head/sys/kern/kern_proc.c
==============================================================================
--- head/sys/kern/kern_proc.c	Thu Sep  4 01:04:37 2014	(r271073)
+++ head/sys/kern/kern_proc.c	Thu Sep  4 01:21:33 2014	(r271074)
@@ -2508,6 +2508,7 @@ sysctl_kern_proc_groups(SYSCTL_HANDLER_A
 		return (EINVAL);
 	if (*pidp == -1) {	/* -1 means this process */
 		p = req->td->td_proc;
+		PROC_LOCK(p);
 	} else {
 		error = pget(*pidp, PGET_CANSEE, &p);
 		if (error != 0)
@@ -2515,8 +2516,7 @@ sysctl_kern_proc_groups(SYSCTL_HANDLER_A
 	}
 
 	cred = crhold(p->p_ucred);
-	if (*pidp != -1)
-		PROC_UNLOCK(p);
+	PROC_UNLOCK(p);
 
 	error = SYSCTL_OUT(req, cred->cr_groups,
 	    cred->cr_ngroups * sizeof(gid_t));

---

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201409040121.s841LXRq088086>

Legal Notices | © 1995-2024 The FreeBSD Project. All rights reserved.

Contact