Call crextend() before copying old credentials to the new credentials

and replace crcopysafe by crcopy as crcopysafe is is not intended to be safe in a threaded environment, it drops PROC_LOCK() in while() that can lead to unexpected results, such as overwrite kernel memory. In my POV crcopysafe() needs special attention. For now I do not see any problems with this function, but who knows. Submitted by: dchagin Found by: trinity Security: SA-16:04.linux
author: glebius <glebius@FreeBSD.org> 2016-01-14 10:16:25 +0000
committer: glebius <glebius@FreeBSD.org> 2016-01-14 10:16:25 +0000
commit: 796cbcc7388ed25b7353bd9266556844d1f346b7 (patch)
tree: 6673dc280aed0d93302ee0dd4aaf8da05c536c44 /sys/sys/ucred.h
parent: f65cb2db641567983c348e31026d5e1199fe3fdb (diff)
download: FreeBSD-src-796cbcc7388ed25b7353bd9266556844d1f346b7.zip
FreeBSD-src-796cbcc7388ed25b7353bd9266556844d1f346b7.tar.gz
1 files changed, 1 insertions, 0 deletions
diff --git a/sys/sys/ucred.h b/sys/sys/ucred.h
index d7e7fa5..8dbf2fe 100644
--- a/sys/sys/ucred.h
+++ b/sys/sys/ucred.h
@@ -105,6 +105,7 @@ void	change_svuid(struct ucred *newcred, uid_t svuid);
 void	crcopy(struct ucred *dest, struct ucred *src);
 struct ucred	*crcopysafe(struct proc *p, struct ucred *cr);
 struct ucred	*crdup(struct ucred *cr);
+void	crextend(struct ucred *cr, int n);
 void	proc_set_cred_init(struct proc *p, struct ucred *cr);
 struct ucred	*proc_set_cred(struct proc *p, struct ucred *cr);
 void	crfree(struct ucred *cr);
author	glebius <glebius@FreeBSD.org>	2016-01-14 10:16:25 +0000
committer	glebius <glebius@FreeBSD.org>	2016-01-14 10:16:25 +0000
commit	796cbcc7388ed25b7353bd9266556844d1f346b7 (patch)
tree	6673dc280aed0d93302ee0dd4aaf8da05c536c44 /sys/sys/ucred.h
parent	f65cb2db641567983c348e31026d5e1199fe3fdb (diff)
download	FreeBSD-src-796cbcc7388ed25b7353bd9266556844d1f346b7.zip FreeBSD-src-796cbcc7388ed25b7353bd9266556844d1f346b7.tar.gz