Close some holes with p->p_args by NULL'ing out the p->p_args pointer

while holding the proc lock, and by holding the pargs structure when accessing it from outside of the owner. Submitted by: Jonathan Mini <mini@haikugeek.com>
author: alfred <alfred@FreeBSD.org> 2002-03-31 10:33:12 +0000
committer: alfred <alfred@FreeBSD.org> 2002-03-31 10:33:12 +0000
commit: abeff55bde40353c261ed8d321536f7f4a03abc7 (patch)
tree: b144f5ea66e4d004f22d97e6595e1131f00e1ffb /sys/kern/kern_proc.c
parent: df30d6374fe92f59350770d63cd31f77979006da (diff)
download: FreeBSD-src-abeff55bde40353c261ed8d321536f7f4a03abc7.zip
FreeBSD-src-abeff55bde40353c261ed8d321536f7f4a03abc7.tar.gz
1 files changed, 10 insertions, 3 deletions
diff --git a/sys/kern/kern_proc.c b/sys/kern/kern_proc.c
index 79849bc..a1620bc 100644
--- a/sys/kern/kern_proc.c
+++ b/sys/kern/kern_proc.c
@@ -1019,10 +1019,17 @@ sysctl_kern_proc_args(SYSCTL_HANDLER_ARGS)
 	if (req->newptr && curproc != p)
 		return (EPERM);
 
-	if (req->oldptr && p->p_args != NULL)
-		error = SYSCTL_OUT(req, p->p_args->ar_args, p->p_args->ar_length);
-	if (req->newptr == NULL)
+	PROC_LOCK(p);
+	pa = p->p_args;
+	pargs_hold(pa);
+	PROC_UNLOCK(p);
+	if (req->oldptr && pa != NULL) {
+		error = SYSCTL_OUT(req, pa->ar_args, pa->ar_length);
+	}
+	if (req->newptr == NULL) {
+		pargs_drop(pa);
 		return (error);
+	}
 
 	PROC_LOCK(p);
 	pa = p->p_args;
author	alfred <alfred@FreeBSD.org>	2002-03-31 10:33:12 +0000
committer	alfred <alfred@FreeBSD.org>	2002-03-31 10:33:12 +0000
commit	abeff55bde40353c261ed8d321536f7f4a03abc7 (patch)
tree	b144f5ea66e4d004f22d97e6595e1131f00e1ffb /sys/kern/kern_proc.c
parent	df30d6374fe92f59350770d63cd31f77979006da (diff)
download	FreeBSD-src-abeff55bde40353c261ed8d321536f7f4a03abc7.zip FreeBSD-src-abeff55bde40353c261ed8d321536f7f4a03abc7.tar.gz