| Message ID | 20210506192513.2935-1-pc@cjr.nz (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | mount.cifs: fix crash when mount point does not exist | expand |
Paulo Alcantara <pc@cjr.nz> writes: > @mountpointp is initially set to a statically allocated string in > main(), and if we fail to update it in acquire_mountpoint(), make sure > to set it to NULL and avoid freeing it at mount_exit. > > This fixes the following crash > > $ mount.cifs //srv/share /mnt/foo/bar -o ... > Couldn't chdir to /mnt/foo/bar: No such file or directory > munmap_chunk(): invalid pointer > Aborted LGTM Reviewed-by: Aurelien Aptel <aaptel@suse.com> Cheers,
пт, 7 мая 2021 г. в 03:42, Aurélien Aptel <aaptel@suse.com>: > > Paulo Alcantara <pc@cjr.nz> writes: > > @mountpointp is initially set to a statically allocated string in > > main(), and if we fail to update it in acquire_mountpoint(), make sure > > to set it to NULL and avoid freeing it at mount_exit. > > > > This fixes the following crash > > > > $ mount.cifs //srv/share /mnt/foo/bar -o ... > > Couldn't chdir to /mnt/foo/bar: No such file or directory > > munmap_chunk(): invalid pointer > > Aborted > > LGTM > > Reviewed-by: Aurelien Aptel <aaptel@suse.com> > > Cheers, > -- > Aurélien Aptel / SUSE Labs Samba Team > GPG: 1839 CB5F 9F5B FB9B AA97 8C99 03C8 A49B 521B D5D3 > SUSE Software Solutions Germany GmbH, Maxfeldstr. 5, 90409 Nürnberg, DE > GF: Felix Imendörffer, Mary Higgins, Sri Rasiah HRB 247165 (AG München) > Merged. Thanks! -- Best regards, Pavel Shilovsky
diff --git a/mount.cifs.c b/mount.cifs.c index 7f898bbd215a..84274c98ddf5 100644 --- a/mount.cifs.c +++ b/mount.cifs.c @@ -1996,9 +1996,9 @@ acquire_mountpoint(char **mountpointp) */ realuid = getuid(); if (realuid == 0) { - dacrc = toggle_dac_capability(0, 1); - if (dacrc) - return dacrc; + rc = toggle_dac_capability(0, 1); + if (rc) + goto out; } else { oldfsuid = setfsuid(realuid); oldfsgid = setfsgid(getgid()); @@ -2019,7 +2019,6 @@ acquire_mountpoint(char **mountpointp) rc = EX_SYSERR; } - *mountpointp = mountpoint; restore_privs: if (realuid == 0) { dacrc = toggle_dac_capability(0, 0); @@ -2030,9 +2029,13 @@ restore_privs: gid_t __attribute__((unused)) gignore = setfsgid(oldfsgid); } - if (rc) +out: + if (rc) { free(mountpoint); + mountpoint = NULL; + } + *mountpointp = mountpoint; return rc; }
@mountpointp is initially set to a statically allocated string in main(), and if we fail to update it in acquire_mountpoint(), make sure to set it to NULL and avoid freeing it at mount_exit. This fixes the following crash $ mount.cifs //srv/share /mnt/foo/bar -o ... Couldn't chdir to /mnt/foo/bar: No such file or directory munmap_chunk(): invalid pointer Aborted Signed-off-by: Paulo Alcantara (SUSE) <pc@cjr.nz> --- mount.cifs.c | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-)