svn commit: r271074 - head/sys/kern
Mateusz Guzik
mjg at FreeBSD.org
Thu Sep 4 01:21:34 UTC 2014
Author: mjg
Date: Thu Sep 4 01:21:33 2014
New Revision: 271074
URL: http://svnweb.freebsd.org/changeset/base/271074
Log:
Plug a hypothetical use after free in sysctl kern.proc.groups.
MFC after: 1 week
Modified:
head/sys/kern/kern_proc.c
Modified: head/sys/kern/kern_proc.c
==============================================================================
--- head/sys/kern/kern_proc.c Thu Sep 4 01:04:37 2014 (r271073)
+++ head/sys/kern/kern_proc.c Thu Sep 4 01:21:33 2014 (r271074)
@@ -2508,6 +2508,7 @@ sysctl_kern_proc_groups(SYSCTL_HANDLER_A
return (EINVAL);
if (*pidp == -1) { /* -1 means this process */
p = req->td->td_proc;
+ PROC_LOCK(p);
} else {
error = pget(*pidp, PGET_CANSEE, &p);
if (error != 0)
@@ -2515,8 +2516,7 @@ sysctl_kern_proc_groups(SYSCTL_HANDLER_A
}
cred = crhold(p->p_ucred);
- if (*pidp != -1)
- PROC_UNLOCK(p);
+ PROC_UNLOCK(p);
error = SYSCTL_OUT(req, cred->cr_groups,
cred->cr_ngroups * sizeof(gid_t));
More information about the svn-src-head
mailing list