file: Avoid a read-after-free of fd tables in sysctl handlers
Some loops access the fd table of a different process, and drop the
filedesc lock while iterating, so they check the table's refcount.
However, we access the table before the first iteration, in order to get
the number of table entries, and this access can be a use-after-free.
Fix the problem by checking the refcount before we start iterating.
Reported by: pho
Reviewed by: mjg
Sponsored by: The FreeBSD Foundation
(cherry picked from commit
c70224229205c756bf1c2007a6b96b37126eb047)
projects / FreeBSD / FreeBSD.git / commit