diff options
author | glebius <glebius@FreeBSD.org> | 2016-01-14 10:16:25 +0000 |
---|---|---|
committer | glebius <glebius@FreeBSD.org> | 2016-01-14 10:16:25 +0000 |
commit | 796cbcc7388ed25b7353bd9266556844d1f346b7 (patch) | |
tree | 6673dc280aed0d93302ee0dd4aaf8da05c536c44 /sys/sys/ucred.h | |
parent | f65cb2db641567983c348e31026d5e1199fe3fdb (diff) | |
download | FreeBSD-src-796cbcc7388ed25b7353bd9266556844d1f346b7.zip FreeBSD-src-796cbcc7388ed25b7353bd9266556844d1f346b7.tar.gz |
Call crextend() before copying old credentials to the new credentials
and replace crcopysafe by crcopy as crcopysafe is is not intended to be
safe in a threaded environment, it drops PROC_LOCK() in while() that
can lead to unexpected results, such as overwrite kernel memory.
In my POV crcopysafe() needs special attention. For now I do not see
any problems with this function, but who knows.
Submitted by: dchagin
Found by: trinity
Security: SA-16:04.linux
Diffstat (limited to 'sys/sys/ucred.h')
-rw-r--r-- | sys/sys/ucred.h | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/sys/sys/ucred.h b/sys/sys/ucred.h index d7e7fa5..8dbf2fe 100644 --- a/sys/sys/ucred.h +++ b/sys/sys/ucred.h @@ -105,6 +105,7 @@ void change_svuid(struct ucred *newcred, uid_t svuid); void crcopy(struct ucred *dest, struct ucred *src); struct ucred *crcopysafe(struct proc *p, struct ucred *cr); struct ucred *crdup(struct ucred *cr); +void crextend(struct ucred *cr, int n); void proc_set_cred_init(struct proc *p, struct ucred *cr); struct ucred *proc_set_cred(struct proc *p, struct ucred *cr); void crfree(struct ucred *cr); |