[PATCH] Fix double free in mount.c with SELinux enabled

Util-Linux package development
 help / color / mirror / Atom feed

* [PATCH] Fix double free in mount.c with SELinux enabled
@ 2011-07-05 21:50 Kirill Elagin
  2011-07-11 11:05 ` Karel Zak
  0 siblings, 1 reply; 2+ messages in thread
From: Kirill Elagin @ 2011-07-05 21:50 UTC (permalink / raw)
  To: util-linux

append_context reallocates memory, invalidating extra_opts1. As a
result my_free(extra_opts1) crashes.

Signed-off-by: Kirill Elagin <kirelagin@gmail.com>
Signed-off-by: Nikita Ofitserov <himikof@gmail.com>
---
 mount/mount.c |   15 ++++++++-------
 1 files changed, 8 insertions(+), 7 deletions(-)

diff --git a/mount/mount.c b/mount/mount.c
index 00637f5..90d7518 100644
--- a/mount/mount.c
+++ b/mount/mount.c
@@ -1535,7 +1535,7 @@ try_mount_one (const char *spec0, const char
*node0, const char *types0,
   struct stat statbuf;

   /* copies for freeing on exit */
-  const char *opts1, *spec1, *node1, *types1, *extra_opts1;
+  const char *opts1, *spec1, *node1, *types1;

   if (verbose > 2) {
      printf("mount: spec:  \"%s\"\n", spec0);
@@ -1550,8 +1550,7 @@ try_mount_one (const char *spec0, const char
*node0, const char *types0,
   opts = opts1 = xstrdup(opts0);

   parse_opts (opts, &flags, &extra_opts);
-  extra_opts1 = extra_opts;
-  mount_opts = extra_opts;
+  mount_opts = xstrdup(extra_opts);

   /* quietly succeed for fstab entries that don't get mounted automatically */
   if (mount_all && (flags & MS_NOAUTO))
@@ -1592,8 +1591,11 @@ try_mount_one (const char *spec0, const char
*node0, const char *types0,
       /*
        * Linux kernel does not accept any selinux context option on remount
        */
-      if (mount_opts)
+      if (mount_opts) {
+          char *tmp = mount_opts;
           mount_opts = remove_context_options(mount_opts);
+          my_free(tmp);
+      }

   } else if (types && strcmp(types, "tmpfs") == 0 &&
is_selinux_enabled() > 0 &&
       !has_context_option(mount_opts)) {
@@ -1922,9 +1924,8 @@ try_mount_one (const char *spec0, const char
*node0, const char *types0,
   }
 #endif

-  if (extra_opts1 != mount_opts)
-     my_free(mount_opts);
-  my_free(extra_opts1);
+  my_free(mount_opts);
+  my_free(extra_opts);
   my_free(spec1);
   my_free(node1);
   my_free(opts1);
--
1.7.3.4

^ permalink raw reply related	[flat|nested] 2+ messages in thread

* Re: [PATCH] Fix double free in mount.c with SELinux enabled
  2011-07-05 21:50 [PATCH] Fix double free in mount.c with SELinux enabled Kirill Elagin
@ 2011-07-11 11:05 ` Karel Zak
  0 siblings, 0 replies; 2+ messages in thread
From: Karel Zak @ 2011-07-11 11:05 UTC (permalink / raw)
  To: Kirill Elagin; +Cc: util-linux

On Wed, Jul 06, 2011 at 01:50:37AM +0400, Kirill Elagin wrote:
>  mount/mount.c |   15 ++++++++-------
>  1 files changed, 8 insertions(+), 7 deletions(-)

Applied, thanks!

-- 
 Karel Zak  <kzak@redhat.com>
 http://karelzak.blogspot.com

^ permalink raw reply	[flat|nested] 2+ messages in thread

end of thread, other threads:[~2011-07-11 11:05 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2011-07-05 21:50 [PATCH] Fix double free in mount.c with SELinux enabled Kirill Elagin
2011-07-11 11:05 ` Karel Zak

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox