d/freebsd-dev
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
813361c140
freebsd-dev/sys
History
Mateusz Guzik 813361c140 fork: plug a use after free of the returned process 
fork1 required its callers to pass a pointer to struct proc * which would
be set to the new process (if any). procdesc and racct manipulation also
used said pointer.

However, the process could have exited prior to do_fork return and be
automatically reaped, thus making this a use-after-free.

Fix the problem by letting callers indicate whether they want the pid or
the struct proc, return the process in stopped state for the latter case.

Reviewed by:	kib
2016-02-04 04:25:30 +00:00
..
amd64 Redo r292484. Embed task(9) into zone, so that uz_maxaction is called 2016-02-03 23:30:17 +00:00
arm ARM: Consistently use cpu_setttb() instead of setttb(). 2016-02-03 16:44:06 +00:00
arm64 Fix build. 2016-02-04 03:55:41 +00:00
boot Still open the network interface when EFI_OPEN_PROTOCOL_EXCLUSIVE failed. 2016-02-03 14:34:25 +00:00
bsm Merge from contrib/openbsm to bring the kernel audit bits up to date with OpenBSM 1.2 alpha 4: 2015-12-20 23:22:04 +00:00
cam Clean up unused-but-set-variable spotted by gcc-4.9. 2016-02-01 02:33:58 +00:00
cddl MFV r294821: 6529 Properly handle updates of variably-sized SA entries. 2016-02-01 15:40:40 +00:00
compat fork: plug a use after free of the returned process 2016-02-04 04:25:30 +00:00
conf ARM: Remove support for xscale i80219 and i80321 CPUs. We haven't single 2016-02-03 09:15:44 +00:00
contrib These files were getting sys/malloc.h and vm/uma.h with header pollution 2016-02-01 17:41:21 +00:00
crypto Break up opencrypto/xform.c so it can be reused piecemeal 2015-12-30 22:43:07 +00:00
ddb Add helper to catch single step debug event and distinguish it from bkpt 2015-11-27 19:03:59 +00:00
dev Fix inverse logic. If this is zone_pack, then we shouldn't free the 2016-02-03 20:39:52 +00:00
fs Revert r294695: 2016-02-03 14:31:23 +00:00
gdb
geom Teach the flashmap code about the SPI flash. 2016-01-23 05:26:29 +00:00
gnu
i386 Convert ss_sp in stack_t and sigstack to void *. 2016-01-27 17:55:01 +00:00
isa Convert rman to use rman_res_t instead of u_long 2016-01-27 02:23:54 +00:00
kern fork: plug a use after free of the returned process 2016-02-04 04:25:30 +00:00
kgssapi kcrypto_aes: Use separate sessions for AES and SHA1 2016-02-02 00:14:51 +00:00
libkern libkern: ffs, fls: s/4/3/ the 3rd BSD clause 2015-10-22 21:04:47 +00:00
mips Fix build. 2016-02-04 03:55:41 +00:00
modules filemon: Use process_exec EVENTHANDLER to capture sys_execve. 2016-01-28 21:45:25 +00:00
net These files were getting sys/malloc.h and vm/uma.h with header pollution 2016-02-01 17:41:21 +00:00
net80211 These files were getting sys/malloc.h and vm/uma.h with header pollution 2016-02-01 17:41:21 +00:00
netgraph These files were getting sys/malloc.h and vm/uma.h with header pollution 2016-02-01 17:41:21 +00:00
netinet Increase max allowed backlog for listen sockets 2016-02-02 05:57:59 +00:00
netinet6 These files were getting sys/malloc.h and vm/uma.h with header pollution 2016-02-01 17:41:21 +00:00
netipsec These files were getting sys/malloc.h and vm/uma.h with header pollution 2016-02-01 17:41:21 +00:00
netnatm
netpfil These files were getting sys/malloc.h and vm/uma.h with header pollution 2016-02-01 17:41:21 +00:00
netsmb The problem report was for a crash that happened when smbfs was 2015-11-18 23:04:01 +00:00
nfs MFP r287070,r287073: split radix implementation and route table structure. 2016-01-25 06:33:15 +00:00
nfsclient
nfsserver
nlm
ofed LinuxKPI list updates: 2016-01-26 15:12:31 +00:00
opencrypto Break up opencrypto/xform.c so it can be reused piecemeal 2015-12-30 22:43:07 +00:00
pc98 Convert rman to use rman_res_t instead of u_long 2016-01-27 02:23:54 +00:00
powerpc Fix build. 2016-02-04 03:55:41 +00:00
riscv Fix build. 2016-02-04 03:55:41 +00:00
rpc These files were getting sys/malloc.h and vm/uma.h with header pollution 2016-02-01 17:41:21 +00:00
security Busy the mount point which is the owner of the audit vnode, around 2016-01-16 10:06:33 +00:00
sparc64 Convert ss_sp in stack_t and sigstack to void *. 2016-01-27 17:55:01 +00:00
sys fork: plug a use after free of the returned process 2016-02-04 04:25:30 +00:00
teken
tests Style 9 changes. 2015-11-12 10:31:14 +00:00
tools Fix MFS builds when both MD_ROOT_SIZE and MFS_IMAGE are specified 2016-02-02 07:02:51 +00:00
ufs Remove ffs_mountroot() prototype; seems to be long gone. 2016-01-28 12:21:23 +00:00
vm Redo r292484. Embed task(9) into zone, so that uz_maxaction is called 2016-02-03 23:30:17 +00:00
x86 Convert rman to use rman_res_t instead of u_long 2016-01-27 02:23:54 +00:00
xdr
xen xenbus: add a comment with the names of the generated accessors 2016-01-15 14:34:31 +00:00
Makefile