From owner-cvs-src@FreeBSD.ORG  Sun Oct  9 17:28:14 2005
Return-Path: <owner-cvs-src@FreeBSD.ORG>
X-Original-To: cvs-src@FreeBSD.org
Delivered-To: cvs-src@FreeBSD.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 68A3016A41F;
	Sun,  9 Oct 2005 17:28:14 +0000 (GMT) (envelope-from ps@FreeBSD.org)
Received: from repoman.freebsd.org (repoman.freebsd.org [216.136.204.115])
	by mx1.FreeBSD.org (Postfix) with ESMTP id D81CC43D53;
	Sun,  9 Oct 2005 17:28:13 +0000 (GMT) (envelope-from ps@FreeBSD.org)
Received: from repoman.freebsd.org (localhost [127.0.0.1])
	by repoman.freebsd.org (8.13.1/8.13.1) with ESMTP id j99HSDfD018935;
	Sun, 9 Oct 2005 17:28:13 GMT (envelope-from ps@repoman.freebsd.org)
Received: (from ps@localhost)
	by repoman.freebsd.org (8.13.1/8.13.1/Submit) id j99HSD4a018934;
	Sun, 9 Oct 2005 17:28:13 GMT (envelope-from ps)
Message-Id: <200510091728.j99HSD4a018934@repoman.freebsd.org>
From: Paul Saab <ps@FreeBSD.org>
Date: Sun, 9 Oct 2005 17:28:13 +0000 (UTC)
To: src-committers@FreeBSD.org, cvs-src@FreeBSD.org, cvs-all@FreeBSD.org
X-FreeBSD-CVS-Branch: RELENG_6
Cc: 
Subject: cvs commit: src/sys/kern kern_exec.c
X-BeenThere: cvs-src@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: CVS commit messages for the src tree <cvs-src.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/cvs-src>,
	<mailto:cvs-src-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/cvs-src>
List-Post: <mailto:cvs-src@freebsd.org>
List-Help: <mailto:cvs-src-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/cvs-src>,
	<mailto:cvs-src-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 09 Oct 2005 17:28:14 -0000

ps          2005-10-09 17:28:13 UTC

  FreeBSD src repository

  Modified files:        (Branch: RELENG_6)
    sys/kern             kern_exec.c 
  Log:
  MFC:
  > revision 1.277
  > date: 2005/10/03 12:49:54;  author: cperciva;  state: Exp;  lines: +8 -0
  > If sufficiently bad things happen during a call to kern_execve(), it is
  > possible for do_execve() to call exit1() rather than returning.  As a
  > result, the sequence "allocate memory; call kern_execve; free memory"
  > can end up leaking memory.
  >
  > This commit documents this astonishing behaviour and adds a call to
  > exec_free_args() before the exit1() call in do_execve().  Since all
  > the users of kern_execve() in the tree use exec_free_args() to free
  > the command-line arguments after kern_execve() returns, this should
  > be safe, and it fixes the memory leak which can otherwise occur.
  >
  > Submitted by:   Peter Holm
  > MFC after:      3 days
  > Security:       Local denial of service
  
  Approved by:    re (scottl)
  
  Revision   Changes    Path
  1.275.2.2  +8 -0      src/sys/kern/kern_exec.c