From 2570cdd60504003f1afee9ea127b28e1d08aac70 Mon Sep 17 00:00:00 2001
From: Mateusz Guzik <mjg@FreeBSD.org>
Date: Thu, 4 Sep 2014 01:21:33 +0000
Subject: Plug a hypothetical use after free in sysctl kern.proc.groups.

MFC after:	1 week
---
 sys/kern/kern_proc.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'sys/kern/kern_proc.c')

diff --git a/sys/kern/kern_proc.c b/sys/kern/kern_proc.c
index ee2e4d2c42c0..96510c9f66a9 100644
--- a/sys/kern/kern_proc.c
+++ b/sys/kern/kern_proc.c
@@ -2508,6 +2508,7 @@ sysctl_kern_proc_groups(SYSCTL_HANDLER_ARGS)
 		return (EINVAL);
 	if (*pidp == -1) {	/* -1 means this process */
 		p = req->td->td_proc;
+		PROC_LOCK(p);
 	} else {
 		error = pget(*pidp, PGET_CANSEE, &p);
 		if (error != 0)
@@ -2515,8 +2516,7 @@ sysctl_kern_proc_groups(SYSCTL_HANDLER_ARGS)
 	}
 
 	cred = crhold(p->p_ucred);
-	if (*pidp != -1)
-		PROC_UNLOCK(p);
+	PROC_UNLOCK(p);
 
 	error = SYSCTL_OUT(req, cred->cr_groups,
 	    cred->cr_ngroups * sizeof(gid_t));
-- 
cgit v1.2.3