From b9a9fd4c747fb04b0b74172349643475a3c88820 Mon Sep 17 00:00:00 2001 From: Qualys Security Advisory Date: Thu, 1 Jan 1970 00:00:00 +0000 Subject: [PATCH] 0082-proc/readproc.c: Fix double-free()s in readtask(). If QUICK_THREADS is not defined (it is not by default, but most distributions enable it) and task_dir_missing is true (only on very old kernels), then readtask() forgets to reset some of the struct proc_t t's members, which later results in double-free()s in free_acquired(). For now, we simply synchronized the list of members to be reset with the list of members freed in free_acquired(). ---------------------------- adapted for newlib branch . now 'cmd' is also dynamic . just synchronized with those freed in free_acquired . QUICK_THREADS is now FALSE_THREADS, serving different purpose . entire patch will be effectively reverted with upcoming refactor Signed-off-by: Jim Warner --- proc/readproc.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/proc/readproc.c b/proc/readproc.c index 61633612..18c16d17 100644 --- a/proc/readproc.c +++ b/proc/readproc.c @@ -1172,15 +1172,16 @@ static proc_t* simple_readtask(PROCTAB *restrict const PT, const proc_t *restric #ifdef FALSE_THREADS } else { - t->cmdline = NULL; - t->cmdline_v = NULL; t->environ = NULL; - t->environ_v = NULL; + t->cmdline = NULL; t->cgname = NULL; t->cgroup = NULL; + t->environ_v = NULL; + t->cmdline_v = NULL; t->cgroup_v = NULL; t->supgid = NULL; t->supgrp = NULL; + t->cmd = NULL; t->sd_mach = NULL; t->sd_ouid = NULL; t->sd_seat = NULL;