If the session leader dies, s_leader is set to NULL and getsid() may

dereference a NULL pointer, causing a panic.  Instead of following
s_leader to find the session id, store it in the session structure.

Jukka found the following info:

	BTW - I just found what I have been looking for. Std 1003.1
	Part 1: SYSTEM API [C LANGUAGE] section 2.2.2.80 states quite
	explicitly...

	Session lifetime: The period between when a session is created
	and the end of lifetime of all the process groups that remain
	as members of the session.

	So, this quite clearly tells that while there is any single
	process in any process group which is a member of the session,
	the session remains as an independent entity.

Reviewed by:	peter
Submitted by:	"Jukka A. Ukkonen" <jau@jau.tmt.tele.fi>

4 files changed, 12 insertions, 6 deletions

diff --git a/sys/kern/kern_fork.c b/sys/kern/kern_fork.c
index 26cbe47576d6..a1f6c859fe89 100644
--- a/sys/kern/kern_fork.c
+++ b/sys/kern/kern_fork.c
@@ -36,7 +36,7 @@
  * SUCH DAMAGE.
  *
  *	@(#)kern_fork.c	8.6 (Berkeley) 4/8/94
- * $Id: kern_fork.c,v 1.50 1997/12/12 04:00:58 dyson Exp $
+ * $Id: kern_fork.c,v 1.51 1998/01/22 17:29:46 dyson Exp $
  */
 
 #include "opt_ktrace.h"
@@ -271,7 +271,8 @@ retry:
 again:
 		for (; p2 != 0; p2 = p2->p_list.le_next) {
 			while (p2->p_pid == nextpid ||
-			    p2->p_pgrp->pg_id == nextpid) {
+			    p2->p_pgrp->pg_id == nextpid ||
+			    p2->p_session->s_sid == nextpid) {
 				nextpid++;
 				if (nextpid >= pidchecked)
 					goto retry;
@@ -281,6 +282,9 @@ again:
 			if (p2->p_pgrp->pg_id > nextpid &&
 			    pidchecked > p2->p_pgrp->pg_id)
 				pidchecked = p2->p_pgrp->pg_id;
+			if (p2->p_session->s_sid > nextpid &&
+			    pidchecked > p2->p_session->s_sid)
+				pidchecked = p2->p_session->s_sid;
 		}
 		if (!doingzomb) {
 			doingzomb = 1;
diff --git a/sys/kern/kern_proc.c b/sys/kern/kern_proc.c
index e229a5d4cd4e..d546ad771911 100644
--- a/sys/kern/kern_proc.c
+++ b/sys/kern/kern_proc.c
@@ -31,7 +31,7 @@
  * SUCH DAMAGE.
  *
  *	@(#)kern_proc.c	8.7 (Berkeley) 2/14/95
- * $Id: kern_proc.c,v 1.36 1998/02/20 13:52:14 bde Exp $
+ * $Id: kern_proc.c,v 1.37 1998/07/11 07:45:40 bde Exp $
  */
 
 #include <sys/param.h>
@@ -223,6 +223,7 @@ enterpgrp(p, pgid, mksess)
 			MALLOC(sess, struct session *, sizeof(struct session),
 			    M_SESSION, M_WAITOK);
 			sess->s_leader = p;
+			sess->s_sid = p->p_pid;
 			sess->s_count = 1;
 			sess->s_ttyvp = NULL;
 			sess->s_ttyp = NULL;
diff --git a/sys/kern/kern_prot.c b/sys/kern/kern_prot.c
index 24abb73f0ba6..59c01fb14bce 100644
--- a/sys/kern/kern_prot.c
+++ b/sys/kern/kern_prot.c
@@ -36,7 +36,7 @@
  * SUCH DAMAGE.
  *
  *	@(#)kern_prot.c	8.6 (Berkeley) 1/21/94
- * $Id: kern_prot.c,v 1.39 1997/12/20 03:05:46 sef Exp $
+ * $Id: kern_prot.c,v 1.40 1998/06/10 10:28:29 dfr Exp $
  */
 
 /*
@@ -151,7 +151,7 @@ getsid(p, uap)
 	if ((p == pfind(uap->pid)) == 0)
 		return ESRCH;
 found:
-	p->p_retval[0] = p->p_pgrp->pg_session->s_leader->p_pid;
+	p->p_retval[0] = p->p_session->s_sid;
 	return 0;
 }
 
diff --git a/sys/sys/proc.h b/sys/sys/proc.h
index 2a7a7a39f5b2..635832291d02 100644
--- a/sys/sys/proc.h
+++ b/sys/sys/proc.h
@@ -36,7 +36,7 @@
  * SUCH DAMAGE.
  *
  *	@(#)proc.h	8.15 (Berkeley) 5/19/95
- * $Id: proc.h,v 1.57 1998/04/04 13:26:14 phk Exp $
+ * $Id: proc.h,v 1.58 1998/05/28 09:30:26 phk Exp $
  */
 
 #ifndef _SYS_PROC_H_
@@ -61,6 +61,7 @@ struct	session {
 	struct	proc *s_leader;		/* Session leader. */
 	struct	vnode *s_ttyvp;		/* Vnode of controlling terminal. */
 	struct	tty *s_ttyp;		/* Controlling terminal. */
+	pid_t	s_sid;			/* Session ID */
 	char	s_login[roundup(MAXLOGNAME, sizeof(long))];	/* Setlogin() name. */
 };