From 579a0ca72b996d11a50ddf6ddb4f67e59995072d Mon Sep 17 00:00:00 2001
From: Geoff Norton <grompf@sublimeintervention.com>
Date: Tue, 5 Oct 2010 13:00:42 -0400
Subject: [PATCH] Its possible that we're calling Process_free_internal on a
 pseudo-handle.

When we are not using SHM we use psuedo handles to return processes from pids,
however we dont guard against pseudo-handles in CloseProcess, which could lead to
calling unref on a fake handle.
---
 mono/io-layer/processes.c | 17 +++++++++++++----
 mono/io-layer/processes.h |  1 +
 mono/metadata/process.c   |  2 +-
 3 files changed, 15 insertions(+), 5 deletions(-)

diff --git a/mono/io-layer/processes.c b/mono/io-layer/processes.c
index b2777006bd6d8..02748592992b8 100644
--- a/mono/io-layer/processes.c
+++ b/mono/io-layer/processes.c
@@ -1690,6 +1690,16 @@ static gboolean process_open_compare (gpointer handle, gpointer user_data)
 	}
 }
 
+gboolean CloseProcess(gpointer handle)
+{
+	if ((GPOINTER_TO_UINT (handle) & _WAPI_PROCESS_UNHANDLED) == _WAPI_PROCESS_UNHANDLED) {
+		/* This is a pseudo handle */
+		return(TRUE);
+	}
+
+	return CloseHandle (handle);
+}
+
 gpointer OpenProcess (guint32 req_access G_GNUC_UNUSED, gboolean inherit G_GNUC_UNUSED, guint32 pid)
 {
 	/* Find the process handle that corresponds to pid */
@@ -1701,10 +1711,9 @@ gpointer OpenProcess (guint32 req_access G_GNUC_UNUSED, gboolean inherit G_GNUC_
 	g_message ("%s: looking for process %d", __func__, pid);
 #endif
 
-	if (_wapi_shm_enabled ())
-		handle = _wapi_search_handle (WAPI_HANDLE_PROCESS,
-					      process_open_compare,
-					      GUINT_TO_POINTER (pid), NULL, TRUE);
+	handle = _wapi_search_handle (WAPI_HANDLE_PROCESS,
+				      process_open_compare,
+				      GUINT_TO_POINTER (pid), NULL, TRUE);
 	if (handle == 0) {
 #if defined(PLATFORM_MACOSX) || defined(__OpenBSD__)
 		if ((kill(pid, 0) == 0) || (errno == EPERM)) {
diff --git a/mono/io-layer/processes.h b/mono/io-layer/processes.h
index 35122c424ee0e..486d0005c3c0b 100644
--- a/mono/io-layer/processes.h
+++ b/mono/io-layer/processes.h
@@ -190,6 +190,7 @@ extern gpointer GetCurrentProcess (void);
 extern guint32 GetProcessId (gpointer handle);
 extern guint32 GetCurrentProcessId (void);
 extern gboolean EnumProcesses (guint32 *pids, guint32 len, guint32 *needed);
+extern gboolean CloseProcess (gpointer handle);
 extern gpointer OpenProcess (guint32 access, gboolean inherit, guint32 pid);
 extern gboolean GetExitCodeProcess (gpointer process, guint32 *code);
 extern gboolean GetProcessTimes (gpointer process, WapiFileTime *create_time,
diff --git a/mono/metadata/process.c b/mono/metadata/process.c
index 48f9db9872af7..c59bee3f470ff 100644
--- a/mono/metadata/process.c
+++ b/mono/metadata/process.c
@@ -65,7 +65,7 @@ void ves_icall_System_Diagnostics_Process_Process_free_internal (MonoObject *thi
 	g_message ("%s: Closing process %p, handle %p", __func__, this, process);
 #endif
 
-	CloseHandle (process);
+	CloseProcess (process);
 }
 
 #define STASH_SYS_ASS(this) \