mschorm / rpms / util-linux

Forked from rpms/util-linux 2 years ago
Clone
Source Code
GIT

Files

f15 f16 f17 f18 f19 f20 f21 f22 f23 f24 f25 f26 f27 f28 f29 f30 f31 f32 f33 f34 f35 f36 f7 f9 main private-util-linux-2-13-0-20-nfsmount_fsc private-util-linux-2-13-0-24-nfsmount_fsc private-util-linux-2_13-pre6-nfsmount_fsc rawhide release-var-log-lastlog util-linux-2_12p-9_2_nfsmount_fsc
  1.   f15
  2.   util-linux-2.19-mount-doublefree.patch
Blob Blame History Raw 
From 400459e897045b40eb3711fa4814176f7422a76a Mon Sep 17 00:00:00 2001
From: Kirill Elagin <kirelagin@gmail.com>
Date: Mon, 11 Jul 2011 12:53:43 +0200
Subject: [PATCH] mount: fix double free in mount.c with SELinux enabled

append_context reallocates memory, invalidating extra_opts1. As a
result my_free(extra_opts1) crashes.

Signed-off-by: Kirill Elagin <kirelagin@gmail.com>
Signed-off-by: Nikita Ofitserov <himikof@gmail.com>
Signed-off-by: Karel Zak <kzak@redhat.com>
---
 mount/mount.c |   15 ++++++++-------
 1 files changed, 8 insertions(+), 7 deletions(-)

diff --git a/mount/mount.c b/mount/mount.c
index cb04d9d..ea2c478 100644
--- a/mount/mount.c
+++ b/mount/mount.c
@@ -1535,7 +1535,7 @@ try_mount_one (const char *spec0, const char *node0, const char *types0,
   struct stat statbuf;
 
   /* copies for freeing on exit */
-  const char *opts1, *spec1, *node1, *types1, *extra_opts1;
+  const char *opts1, *spec1, *node1, *types1;
 
   if (verbose > 2) {
 	  printf("mount: spec:  \"%s\"\n", spec0);
@@ -1550,8 +1550,7 @@ try_mount_one (const char *spec0, const char *node0, const char *types0,
   opts = opts1 = xstrdup(opts0);
 
   parse_opts (opts, &flags, &extra_opts);
-  extra_opts1 = extra_opts;
-  mount_opts = extra_opts;
+  mount_opts = xstrdup(extra_opts);
 
   /* quietly succeed for fstab entries that don't get mounted automatically */
   if (mount_all && (flags & MS_NOAUTO))
@@ -1592,8 +1591,11 @@ try_mount_one (const char *spec0, const char *node0, const char *types0,
       /*
        * Linux kernel does not accept any selinux context option on remount
        */
-      if (mount_opts)
+      if (mount_opts) {
+          char *tmp = mount_opts;
           mount_opts = remove_context_options(mount_opts);
+          my_free(tmp);
+      }
 
   } else if (types && strcmp(types, "tmpfs") == 0 && is_selinux_enabled() > 0 &&
 	   !has_context_option(mount_opts)) {
@@ -1922,9 +1924,8 @@ try_mount_one (const char *spec0, const char *node0, const char *types0,
   }
 #endif
 
-  if (extra_opts1 != mount_opts)
-	  my_free(mount_opts);
-  my_free(extra_opts1);
+  my_free(mount_opts);
+  my_free(extra_opts);
   my_free(spec1);
   my_free(node1);
   my_free(opts1);
-- 
1.7.6
Powered by Pagure 5.14.1
DocumentationFile an IssueAbout this InstanceSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.