diff options
| author | Samuel Thibault <samuel.thibault@ens-lyon.org> | 2021-08-10 21:57:04 +0200 |
|---|---|---|
| committer | Samuel Thibault <samuel.thibault@ens-lyon.org> | 2021-08-10 21:59:00 +0200 |
| commit | b011199cf330b90483b312c57f25c90a31f2577b (patch) | |
| tree | 38679badf10a67c80d7c186592082ab30c20c608 | |
| parent | d65affb8a22bc259a9b55d38d15f6353d527fef4 (diff) | |
startup: Fix double-free on bogus startup_essential_task call
Returning an error will deallocate the RPC references.
Reported-by: Sergey Bugaev <bugaevc@gmail.com>
| -rw-r--r-- | startup/startup.c | 8 |
1 files changed, 4 insertions, 4 deletions
diff --git a/startup/startup.c b/startup/startup.c index 90cdaa85..bc0ff73a 100644 --- a/startup/startup.c +++ b/startup/startup.c @@ -1465,10 +1465,6 @@ S_startup_essential_task (mach_port_t server, static int authinit, procinit, execinit, fsinit; int fail; - /* Always deallocate the extra reference this message carries. */ - if (MACH_PORT_VALID (credential)) - mach_port_deallocate (mach_task_self (), credential); - if (credential != host_priv) return EPERM; @@ -1480,6 +1476,10 @@ S_startup_essential_task (mach_port_t server, if (fail) return fail; + /* Always deallocate the extra reference this message carries. */ + if (MACH_PORT_VALID (credential)) + mach_port_deallocate (mach_task_self (), credential); + if (!booted) { if (!strcmp (name, "auth")) |