diff mbox series

mount.cifs: fix crash when mount point does not exist

Message ID 20210506192513.2935-1-pc@cjr.nz (mailing list archive)
State New, archived
Headers show
Series mount.cifs: fix crash when mount point does not exist | expand

Commit Message

Paulo Alcantara May 6, 2021, 7:25 p.m. UTC
@mountpointp is initially set to a statically allocated string in
main(), and if we fail to update it in acquire_mountpoint(), make sure
to set it to NULL and avoid freeing it at mount_exit.

This fixes the following crash

	$ mount.cifs //srv/share /mnt/foo/bar -o ...
	Couldn't chdir to /mnt/foo/bar: No such file or directory
	munmap_chunk(): invalid pointer
	Aborted

Signed-off-by: Paulo Alcantara (SUSE) <pc@cjr.nz>
---
 mount.cifs.c | 13 ++++++++-----
 1 file changed, 8 insertions(+), 5 deletions(-)

Comments

Aurélien Aptel May 7, 2021, 10:42 a.m. UTC | #1
Paulo Alcantara <pc@cjr.nz> writes:
> @mountpointp is initially set to a statically allocated string in
> main(), and if we fail to update it in acquire_mountpoint(), make sure
> to set it to NULL and avoid freeing it at mount_exit.
>
> This fixes the following crash
>
> 	$ mount.cifs //srv/share /mnt/foo/bar -o ...
> 	Couldn't chdir to /mnt/foo/bar: No such file or directory
> 	munmap_chunk(): invalid pointer
> 	Aborted

LGTM

Reviewed-by: Aurelien Aptel <aaptel@suse.com>

Cheers,
diff mbox series

Patch

diff --git a/mount.cifs.c b/mount.cifs.c
index 7f898bbd215a..84274c98ddf5 100644
--- a/mount.cifs.c
+++ b/mount.cifs.c
@@ -1996,9 +1996,9 @@  acquire_mountpoint(char **mountpointp)
 	 */
 	realuid = getuid();
 	if (realuid == 0) {
-		dacrc = toggle_dac_capability(0, 1);
-		if (dacrc)
-			return dacrc;
+		rc = toggle_dac_capability(0, 1);
+		if (rc)
+			goto out;
 	} else {
 		oldfsuid = setfsuid(realuid);
 		oldfsgid = setfsgid(getgid());
@@ -2019,7 +2019,6 @@  acquire_mountpoint(char **mountpointp)
 		rc = EX_SYSERR;
 	}
 
-	*mountpointp = mountpoint;
 restore_privs:
 	if (realuid == 0) {
 		dacrc = toggle_dac_capability(0, 0);
@@ -2030,9 +2029,13 @@  restore_privs:
 		gid_t __attribute__((unused)) gignore = setfsgid(oldfsgid);
 	}
 
-	if (rc)
+out:
+	if (rc) {
 		free(mountpoint);
+		mountpoint = NULL;
+	}
 
+	*mountpointp = mountpoint;
 	return rc;
 }