Date: Sun, 9 Oct 2005 17:28:13 +0000 (UTC) From: Paul Saab <ps@FreeBSD.org> To: src-committers@FreeBSD.org, cvs-src@FreeBSD.org, cvs-all@FreeBSD.org Subject: cvs commit: src/sys/kern kern_exec.c Message-ID: <200510091728.j99HSD4a018934@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
ps 2005-10-09 17:28:13 UTC
FreeBSD src repository
Modified files: (Branch: RELENG_6)
sys/kern kern_exec.c
Log:
MFC:
> revision 1.277
> date: 2005/10/03 12:49:54; author: cperciva; state: Exp; lines: +8 -0
> If sufficiently bad things happen during a call to kern_execve(), it is
> possible for do_execve() to call exit1() rather than returning. As a
> result, the sequence "allocate memory; call kern_execve; free memory"
> can end up leaking memory.
>
> This commit documents this astonishing behaviour and adds a call to
> exec_free_args() before the exit1() call in do_execve(). Since all
> the users of kern_execve() in the tree use exec_free_args() to free
> the command-line arguments after kern_execve() returns, this should
> be safe, and it fixes the memory leak which can otherwise occur.
>
> Submitted by: Peter Holm
> MFC after: 3 days
> Security: Local denial of service
Approved by: re (scottl)
Revision Changes Path
1.275.2.2 +8 -0 src/sys/kern/kern_exec.c
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200510091728.j99HSD4a018934>