d/freebsd-dev
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Close a race condition where num can be larger than tmp, giving the user

Browse Source 
too large of a boundary.

Reported by:	Ilja Van Sprundel
This commit is contained in:
Tom Rhodes 2006-10-14 10:30:14 +00:00
parent b9804a4b35
commit f51bf07af8
Notes: svn2git 2020-12-20 02:59:44 +00:00 
svn path=/head/; revision=163345
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
sys/kern/sys_process.c
View File

@ -980,7 +980,7 @@ kern_ptrace(struct thread *td, int req, pid_t pid, void *addr, int data)
error = copyout(buf, addr, tmp * sizeof(lwpid_t));
free(buf, M_TEMP);
if (!error)
td->td_retval[0] = num;
td->td_retval[0] = tmp;
PROC_LOCK(p);
break;