diff options
author | alfred <alfred@FreeBSD.org> | 2002-03-29 19:12:40 +0000 |
---|---|---|
committer | alfred <alfred@FreeBSD.org> | 2002-03-29 19:12:40 +0000 |
commit | 3fad1fa6c0fdc4efcd0bf7004467065650eb02ad (patch) | |
tree | ab7faaf04475262dc00bd577a0bc504882219db7 /sys/compat | |
parent | de718acaf155fcf38b572a45fa1c1d4e0e2eaf05 (diff) | |
download | FreeBSD-src-3fad1fa6c0fdc4efcd0bf7004467065650eb02ad.zip FreeBSD-src-3fad1fa6c0fdc4efcd0bf7004467065650eb02ad.tar.gz |
Protect proc struct (p_args and p_comm) when doing procfs IO that pulls
data from it.
Submitted by: Jonathan Mini <mini@haikugeek.com>
Diffstat (limited to 'sys/compat')
-rw-r--r-- | sys/compat/linprocfs/linprocfs.c | 28 |
1 files changed, 17 insertions, 11 deletions
diff --git a/sys/compat/linprocfs/linprocfs.c b/sys/compat/linprocfs/linprocfs.c index 01b4c7c..f818651 100644 --- a/sys/compat/linprocfs/linprocfs.c +++ b/sys/compat/linprocfs/linprocfs.c @@ -672,17 +672,23 @@ linprocfs_doproccmdline(PFS_FILL_ARGS) * Linux behaviour is to return zero-length in this case. */ - if (p->p_args && (ps_argsopen || !p_cansee(td->td_proc, p))) { - sbuf_bcpy(sb, p->p_args->ar_args, p->p_args->ar_length); - } else if (p != td->td_proc) { - sbuf_printf(sb, "%.*s", MAXCOMLEN, p->p_comm); - } else { - error = copyin((void*)PS_STRINGS, &pstr, sizeof(pstr)); - if (error) - return (error); - for (i = 0; i < pstr.ps_nargvstr; i++) { - sbuf_copyin(sb, pstr.ps_argvstr[i], 0); - sbuf_printf(sb, "%c", '\0'); + if (ps_argsopen || !p_cansee(td->td_proc, p)) { + PROC_LOCK(p); + if (p->p_args) { + sbuf_bcpy(sb, p->p_args->ar_args, p->p_args->ar_length); + PROC_UNLOCK(p); + } else if (p != td->td_proc) { + sbuf_printf(sb, "%.*s", MAXCOMLEN, p->p_comm); + PROC_UNLOCK(p); + } else { + PROC_UNLOCK(p); + error = copyin((void*)PS_STRINGS, &pstr, sizeof(pstr)); + if (error) + return (error); + for (i = 0; i < pstr.ps_nargvstr; i++) { + sbuf_copyin(sb, pstr.ps_argvstr[i], 0); + sbuf_printf(sb, "%c", '\0'); + } } } |