]> granicus.if.org Git - procps-ng/commitdiff
0082-proc/readproc.c: Fix double-free()s in readtask().
authorQualys Security Advisory <qsa@qualys.com>
Thu, 1 Jan 1970 00:00:00 +0000 (00:00 +0000)
committerCraig Small <csmall@enc.com.au>
Sat, 9 Jun 2018 11:35:19 +0000 (21:35 +1000)
If QUICK_THREADS is not defined (it is not by default, but most
distributions enable it) and task_dir_missing is true (only on very old
kernels), then readtask() forgets to reset some of the struct proc_t t's
members, which later results in double-free()s in free_acquired().

For now, we simply synchronized the list of members to be reset with the
list of members freed in free_acquired().

---------------------------- adapted for newlib branch
. now 'cmd' is also dynamic
. just synchronized with those freed in free_acquired
. QUICK_THREADS is now FALSE_THREADS, serving different purpose
. entire patch will be effectively reverted with upcoming refactor

Signed-off-by: Jim Warner <james.warner@comcast.net>
proc/readproc.c

index 61633612149aed88f9f98e0f8e18aa034f116758..18c16d17288728f74c8648a530bc762900a963cd 100644 (file)
@@ -1172,15 +1172,16 @@ static proc_t* simple_readtask(PROCTAB *restrict const PT, const proc_t *restric
 
 #ifdef FALSE_THREADS
     } else {
-        t->cmdline   = NULL;
-        t->cmdline_v = NULL;
         t->environ   = NULL;
-        t->environ_v = NULL;
+        t->cmdline   = NULL;
         t->cgname    = NULL;
         t->cgroup    = NULL;
+        t->environ_v = NULL;
+        t->cmdline_v = NULL;
         t->cgroup_v  = NULL;
         t->supgid    = NULL;
         t->supgrp    = NULL;
+        t->cmd       = NULL;
         t->sd_mach   = NULL;
         t->sd_ouid   = NULL;
         t->sd_seat   = NULL;