proc: fix a use-after-free error

If we have to create a new process group, we have to do this before leaving the current one. The current process group is deallocated if the process is the last process in that group. Likewise, if the current group was the last group in the current groups session, the session is deallocated. Found using the Clang Static Analyzer. * proc/pgrp.c (S_proc_setpgrp): Fix use-after-free error.
author: Justus Winter <4winter@informatik.uni-hamburg.de> 2013-11-06 14:55:47 +0100
committer: Justus Winter <4winter@informatik.uni-hamburg.de> 2013-11-09 19:39:42 +0100
commit: 20fdd28047bfe8fabb7cebbda49386f4cab3c020 (patch)
tree: 4600efbefea38a97fc646d3119b1089398bce259 /proc/pgrp.c
parent: e65dc371a1c421dcfe4b6bbf2f937ae7ef5a563d (diff)
1 files changed, 7 insertions, 1 deletions
diff --git a/proc/pgrp.c b/proc/pgrp.c
index d4ea9ee4..a828e179 100644
--- a/proc/pgrp.c
+++ b/proc/pgrp.c
@@ -341,8 +341,14 @@ S_proc_setpgrp (struct proc *callerp,
 
   if (p->p_pgrp != pg)
     {
+      /* If we have to create a new pgrp, we have to do this before
+	 leaving the current one.  p->p_pgrp is deallocated if p is
+	 the last process in that group.  Likewise, if p->p_pgrp was
+	 the last group in p->p_pgrp->pg_session, the session is
+	 deallocated.  */
+      struct pgrp *new = pg ? pg : new_pgrp (pgid, p->p_pgrp->pg_session);
       leave_pgrp (p);
-      p->p_pgrp = pg ? pg : new_pgrp (pgid, p->p_pgrp->pg_session);
+      p->p_pgrp = new;
       join_pgrp (p);
     }
   else
author	Justus Winter <4winter@informatik.uni-hamburg.de>	2013-11-06 14:55:47 +0100
committer	Justus Winter <4winter@informatik.uni-hamburg.de>	2013-11-09 19:39:42 +0100
commit	20fdd28047bfe8fabb7cebbda49386f4cab3c020 (patch)
tree	4600efbefea38a97fc646d3119b1089398bce259 /proc/pgrp.c
parent	e65dc371a1c421dcfe4b6bbf2f937ae7ef5a563d (diff)