From: Qualys Security Advisory <qsa@qualys.com>
Date: Thu, 1 Jan 1970 00:00:00 +0000 (+0000)
Subject: proc/readproc.c: Fix double-free()s in readtask().
X-Git-Tag: v3.3.15~60
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=a013f6e02002347ea223533aa4b94c86722bf436;p=procps-ng

proc/readproc.c: Fix double-free()s in readtask().

If QUICK_THREADS is not defined (it is not by default, but most
distributions enable it) and task_dir_missing is true (only on very old
kernels), then readtask() forgets to reset some of the struct proc_t t's
members, which later results in double-free()s in free_acquired().

For now, we simply synchronized the list of members to be reset with the
list of members freed in free_acquired().
---

diff --git a/proc/readproc.c b/proc/readproc.c
index 8caa3920..a8065111 100644
--- a/proc/readproc.c
+++ b/proc/readproc.c
@@ -1343,11 +1343,19 @@ proc_t* readtask(PROCTAB *restrict const PT, const proc_t *restrict const p, pro
 #ifdef QUICK_THREADS
     MK_THREAD(t);
 #else
-    t->environ = NULL;
-    t->cmdline = vectorize_this_str("n/a");
-    t->cgroup  = NULL;
-    t->supgid  = NULL;
-    t->supgrp  = NULL;
+    t->environ  = NULL;
+    t->cmdline  = vectorize_this_str("n/a");
+    t->cgroup   = NULL;
+    t->cgname   = NULL;
+    t->supgid   = NULL;
+    t->supgrp   = NULL;
+    t->sd_mach  = NULL;
+    t->sd_ouid  = NULL;
+    t->sd_seat  = NULL;
+    t->sd_sess  = NULL;
+    t->sd_slice = NULL;
+    t->sd_unit  = NULL;
+    t->sd_uunit = NULL;
 #endif
     return t;
   }