From 40ad5890f99644f19f0ac0348b6a383e4137d709 Mon Sep 17 00:00:00 2001
From: truckman <truckman@FreeBSD.org>
Date: Sun, 13 Dec 1998 07:07:51 +0000
Subject: [PATCH] getpgid() and getsid() were doing a comparision rather than
 an assignment, which is fortunate, because otherwise another bug would allow
 them to be used to stomp on the syscall return value of another process.

---
 sys/kern/kern_prot.c | 16 +++++++++++-----
 1 file changed, 11 insertions(+), 5 deletions(-)

diff --git a/sys/kern/kern_prot.c b/sys/kern/kern_prot.c
index eae9baed43ef..e5e1a3eacb07 100644
--- a/sys/kern/kern_prot.c
+++ b/sys/kern/kern_prot.c
@@ -36,7 +36,7 @@
  * SUCH DAMAGE.
  *
  *	@(#)kern_prot.c	8.6 (Berkeley) 1/21/94
- * $Id: kern_prot.c,v 1.41 1998/11/09 15:07:42 truckman Exp $
+ * $Id: kern_prot.c,v 1.42 1998/11/10 09:16:29 peter Exp $
  */
 
 /*
@@ -122,13 +122,16 @@ getpgid(p, uap)
 	struct proc *p;
 	struct getpgid_args *uap;
 {
+	struct proc *pt;
+
+	pt = p;
 	if (uap->pid == 0)
 		goto found;
 
-	if ((p == pfind(uap->pid)) == 0)
+	if ((pt = pfind(uap->pid)) == 0)
 		return ESRCH;
 found:
-	p->p_retval[0] = p->p_pgrp->pg_id;
+	p->p_retval[0] = pt->p_pgrp->pg_id;
 	return 0;
 }
 
@@ -146,13 +149,16 @@ getsid(p, uap)
 	struct proc *p;
 	struct getsid_args *uap;
 {
+	struct proc *pt;
+
+	pt = p;
 	if (uap->pid == 0)
 		goto found;
 
-	if ((p == pfind(uap->pid)) == 0)
+	if ((pt == pfind(uap->pid)) == 0)
 		return ESRCH;
 found:
-	p->p_retval[0] = p->p_session->s_sid;
+	p->p_retval[0] = pt->p_session->s_sid;
 	return 0;
 }