aboutsummaryrefslogtreecommitdiff
path: root/sys/kern/kern_proc.c
diff options
context:
space:
mode:
authorMateusz Guzik <mjg@FreeBSD.org>2014-09-04 01:21:33 +0000
committerMateusz Guzik <mjg@FreeBSD.org>2014-09-04 01:21:33 +0000
commit2570cdd60504003f1afee9ea127b28e1d08aac70 (patch)
tree9ddeab45763caa41cfe4f17a124cea5a139bcac1 /sys/kern/kern_proc.c
parent1dc616851a79bbe48995be873d151327f6155c6c (diff)
downloadsrc-2570cdd60504003f1afee9ea127b28e1d08aac70.tar.gz
src-2570cdd60504003f1afee9ea127b28e1d08aac70.zip
Plug a hypothetical use after free in sysctl kern.proc.groups.
MFC after: 1 week
Notes
Notes: svn path=/head/; revision=271074
Diffstat (limited to 'sys/kern/kern_proc.c')
-rw-r--r--sys/kern/kern_proc.c4
1 files changed, 2 insertions, 2 deletions
diff --git a/sys/kern/kern_proc.c b/sys/kern/kern_proc.c
index ee2e4d2c42c0..96510c9f66a9 100644
--- a/sys/kern/kern_proc.c
+++ b/sys/kern/kern_proc.c
@@ -2508,6 +2508,7 @@ sysctl_kern_proc_groups(SYSCTL_HANDLER_ARGS)
return (EINVAL);
if (*pidp == -1) { /* -1 means this process */
p = req->td->td_proc;
+ PROC_LOCK(p);
} else {
error = pget(*pidp, PGET_CANSEE, &p);
if (error != 0)
@@ -2515,8 +2516,7 @@ sysctl_kern_proc_groups(SYSCTL_HANDLER_ARGS)
}
cred = crhold(p->p_ucred);
- if (*pidp != -1)
- PROC_UNLOCK(p);
+ PROC_UNLOCK(p);
error = SYSCTL_OUT(req, cred->cr_groups,
cred->cr_ngroups * sizeof(gid_t));
generated by cgit v1.2.3 (git 2.25.1) at 2024-10-18 02:16:02 +0000