Commit a work-around for a more general bug involving process state:

check whether p_ucred is NULL or not in pfs_getattr() before dereferencing the credential, and return ENOENT if there wasn't one. This is a symptom of a larger problem, wherein pfind() can return references to incompletely initialized processes, and we instead ought to not return them, or check the process state before acting on the process. Reported by: kris Discussed with: tjr, others
svn path=/head/; revision=133668
2004-08-13 20:27:56 +00:00 · 2004-08-13 20:27:56 +00:00 · d990378077 · 2020-12-20 02:59:44 +00:00
commit d990378077
parent 19ef43daef
1 changed files with 11 additions and 0 deletions
--- a/sys/fs/pseudofs/pseudofs_vnops.c
+++ b/sys/fs/pseudofs/pseudofs_vnops.c
@ -197,6 +197,17 @@ pfs_getattr(struct vop_getattr_args *va)
 	if (pvd->pvd_pid != NO_PID) {
 		if ((proc = pfind(pvd->pvd_pid)) == NULL)
 			PFS_RETURN (ENOENT);
+		/*
+		 * XXX: pfind() returning incompletely allocated processes
+		 * is probably a bug.  Or, at least, we should check the
+		 * process state, not the ucred pointer.  Work around for
+		 * now by checking that to avoid a possible NULL pointer
+		 * dereference.
+		 */
+		if (proc->p_ucred == NULL) {
+			PROC_UNLOCK(proc);
+			PFS_RETURN (ENOENT);
+		}
 		vap->va_uid = proc->p_ucred->cr_ruid;
 		vap->va_gid = proc->p_ucred->cr_rgid;
 		if (pn->pn_attr != NULL)