diff options
| author | Robert Watson <rwatson@FreeBSD.org> | 2004-08-13 20:27:56 +0000 |
|---|---|---|
| committer | Robert Watson <rwatson@FreeBSD.org> | 2004-08-13 20:27:56 +0000 |
| commit | d9903780774cd90e3ec144ba5d5b5b9368e6d185 (patch) | |
| tree | 2c99fad1b684591602c3d1609d09bc513346f1fa /sys/fs | |
| parent | 19ef43daef68f6099eb2c44b944f7e8f255e8ddb (diff) | |
| download | src-d9903780774cd90e3ec144ba5d5b5b9368e6d185.tar.gz src-d9903780774cd90e3ec144ba5d5b5b9368e6d185.zip | |
Commit a work-around for a more general bug involving process state:
check whether p_ucred is NULL or not in pfs_getattr() before
dereferencing the credential, and return ENOENT if there wasn't one.
This is a symptom of a larger problem, wherein pfind() can return
references to incompletely initialized processes, and we instead ought
to not return them, or check the process state before acting on the
process.
Reported by: kris
Discussed with: tjr, others
Notes
Notes:
svn path=/head/; revision=133668
Diffstat (limited to 'sys/fs')
| -rw-r--r-- | sys/fs/pseudofs/pseudofs_vnops.c | 11 |
1 files changed, 11 insertions, 0 deletions
diff --git a/sys/fs/pseudofs/pseudofs_vnops.c b/sys/fs/pseudofs/pseudofs_vnops.c index d8fa427b3e99..31d7bbd7f8fb 100644 --- a/sys/fs/pseudofs/pseudofs_vnops.c +++ b/sys/fs/pseudofs/pseudofs_vnops.c @@ -197,6 +197,17 @@ pfs_getattr(struct vop_getattr_args *va) if (pvd->pvd_pid != NO_PID) { if ((proc = pfind(pvd->pvd_pid)) == NULL) PFS_RETURN (ENOENT); + /* + * XXX: pfind() returning incompletely allocated processes + * is probably a bug. Or, at least, we should check the + * process state, not the ucred pointer. Work around for + * now by checking that to avoid a possible NULL pointer + * dereference. + */ + if (proc->p_ucred == NULL) { + PROC_UNLOCK(proc); + PFS_RETURN (ENOENT); + } vap->va_uid = proc->p_ucred->cr_ruid; vap->va_gid = proc->p_ucred->cr_rgid; if (pn->pn_attr != NULL) |