diff options
| author | pjd <pjd@FreeBSD.org> | 2012-09-01 11:21:56 +0000 |
|---|---|---|
| committer | pjd <pjd@FreeBSD.org> | 2012-09-01 11:21:56 +0000 |
| commit | 09be0bbef152583f8fa989d7f9c3a7cd76b50d2a (patch) | |
| tree | fd78400a68bac8d6f92a7aac54b9879ca9b1a260 /usr.sbin/inetd/builtins.c | |
| parent | 79fa964314bead3dd00a1a411724f8446667a8bc (diff) | |
| download | FreeBSD-src-09be0bbef152583f8fa989d7f9c3a7cd76b50d2a.zip FreeBSD-src-09be0bbef152583f8fa989d7f9c3a7cd76b50d2a.tar.gz | |
Fix panic in procdesc that can be triggered in the following scenario:
1. Process A pdfork(2)s process B.
2. Process A passes process descriptor of B to unrelated process C.
3. Hit CTRL+C to terminate process A. Process B is also terminated
with SIGINT.
4. init(8) collects status of process B.
5. Process C closes process descriptor associated with process B.
When we have such order of events, init(8), by collecting status of
process B, will call procdesc_reap(). This function sets pd_proc to NULL.
Now when process C calls close on this process descriptor,
procdesc_close() is called. Unfortunately procdesc_close() assumes that
pd_proc points at a valid proc structure, but it was set to NULL earlier,
so the kernel panics.
The patch also adds setting 'p->p_procdesc' to NULL in procdesc_reap(),
which I think should be done.
MFC after: 1 week
Diffstat (limited to 'usr.sbin/inetd/builtins.c')
0 files changed, 0 insertions, 0 deletions
