[PATCH] Fix possible NULL dereference in get_btrfs_fs

Util-Linux package development
 help / color / mirror / Atom feed

* [PATCH] Fix possible NULL dereference in get_btrfs_fs_root()
@ 2016-03-30 20:49 Stanislav Brabec
  2016-03-31  9:54 ` Karel Zak
  0 siblings, 1 reply; 3+ messages in thread
From: Stanislav Brabec @ 2016-03-30 20:49 UTC (permalink / raw)
  To: util-linux

Be on safe side and always initialize mountinfo in set_fs_root().

I got a crash report in get_btrfs_fs_root() caused by tb being zero while
referring tb->cache in

target = mnt_resolve_target(mnt_fs_get_target(fs), tb->cache);

Triggered by command:

mount -t btrfs -o user /dev/sdh1 /media/sdh1

However I was not able to reproduce the crash, the reason was apparent.

NULL tb was passed to mnt_table_get_fs_root() from set_fs_root().

set_fs_root() got it as upd->mountinfo being NULL from utab_new_entry(). That
got it from mnt_update_set_fs(), that from mnt_context_prepare_update() (where
it is cxt->update->mountinfo).

At least the constructor mnt_new_update() can create context with cxt->update
being not NULL and cxt->update->mountinfo being NULL.

It is also possible to pass to mnt_context_prepare_update() with cxt->update not
being NULL but cxt->update->mountinfo being NULL created by mnt_new_context(),
e. g. from mnt_context_mount().

Signed-off-by: Stanislav Brabec <sbrabec@suse.cz>
---
 libmount/src/tab_update.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/libmount/src/tab_update.c b/libmount/src/tab_update.c
index 40adba9..9e775df 100644
--- a/libmount/src/tab_update.c
+++ b/libmount/src/tab_update.c
@@ -366,9 +366,10 @@ static int set_fs_root(struct libmnt_update *upd, struct libmnt_fs *fs,
 	assert(upd->fs);
 	assert(fs);
 
+	if (!upd->mountinfo)
+		upd->mountinfo = mnt_new_table_from_file(_PATH_PROC_MOUNTINFO);
+
 	if (mountflags & MS_BIND) {
-		if (!upd->mountinfo)
-			upd->mountinfo = mnt_new_table_from_file(_PATH_PROC_MOUNTINFO);
 
 		src = mnt_fs_get_srcpath(fs);
 		if (src) {
-- 
2.7.3

-- 
Best Regards / S pozdravem,

Stanislav Brabec
software developer
---------------------------------------------------------------------
SUSE LINUX, s. r. o.                         e-mail: sbrabec@suse.com
Lihovarská 1060/12                            tel: +49 911 7405384547
190 00 Praha 9                                 fax:  +420 284 084 001
Czech Republic                                    http://www.suse.cz/
PGP: 830B 40D5 9E05 35D8 5E27 6FA3 717C 209F A04F CD76

^ permalink raw reply related	[flat|nested] 3+ messages in thread

* Re: [PATCH] Fix possible NULL dereference in get_btrfs_fs_root()
  2016-03-30 20:49 [PATCH] Fix possible NULL dereference in get_btrfs_fs_root() Stanislav Brabec
@ 2016-03-31  9:54 ` Karel Zak
  2016-04-01 13:59   ` Stanislav Brabec
  0 siblings, 1 reply; 3+ messages in thread
From: Karel Zak @ 2016-03-31  9:54 UTC (permalink / raw)
  To: Stanislav Brabec; +Cc: util-linux

On Wed, Mar 30, 2016 at 10:49:43PM +0200, Stanislav Brabec wrote:
> set_fs_root() got it as upd->mountinfo being NULL from utab_new_entry(). That
> got it from mnt_update_set_fs(), that from mnt_context_prepare_update() (where
> it is cxt->update->mountinfo).
> 
> At least the constructor mnt_new_update() can create context with cxt->update
> being not NULL and cxt->update->mountinfo being NULL.
> 
> It is also possible to pass to mnt_context_prepare_update() with cxt->update not
> being NULL but cxt->update->mountinfo being NULL created by mnt_new_context(),
> e. g. from mnt_context_mount().

It's seems better to read mountinfo when really necessary than always.
I have applied something else:

https://github.com/karelzak/util-linux/commit/e9cd2e2bd9ec91a0b1050c4aa79555d142985924

Thanks!
    Karel

-- 
 Karel Zak  <kzak@redhat.com>
 http://karelzak.blogspot.com

^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: [PATCH] Fix possible NULL dereference in get_btrfs_fs_root()
  2016-03-31  9:54 ` Karel Zak
@ 2016-04-01 13:59   ` Stanislav Brabec
  0 siblings, 0 replies; 3+ messages in thread
From: Stanislav Brabec @ 2016-04-01 13:59 UTC (permalink / raw)
  To: Karel Zak; +Cc: util-linux

On Mar 31, 2016 at 11:54 Karel Zak wrote:
> On Wed, Mar 30, 2016 at 10:49:43PM +0200, Stanislav Brabec wrote:
>> set_fs_root() got it as upd->mountinfo being NULL from utab_new_entry(). That
>> got it from mnt_update_set_fs(), that from mnt_context_prepare_update() (where
>> it is cxt->update->mountinfo).
>>
>> At least the constructor mnt_new_update() can create context with cxt->update
>> being not NULL and cxt->update->mountinfo being NULL.
>>
>> It is also possible to pass to mnt_context_prepare_update() with cxt->update not
>> being NULL but cxt->update->mountinfo being NULL created by mnt_new_context(),
>> e. g. from mnt_context_mount().
>
> It's seems better to read mountinfo when really necessary than always.
> I have applied something else:
>
> https://github.com/karelzak/util-linux/commit/e9cd2e2bd9ec91a0b1050c4aa79555d142985924

I just got a positive feedback. My original patch as well as your patch
fix the crash.

Thanks.

-- 
Best Regards / S pozdravem,

Stanislav Brabec
software developer
---------------------------------------------------------------------
SUSE LINUX, s. r. o.                         e-mail: sbrabec@suse.com
Lihovarská 1060/12                            tel: +49 911 7405384547
190 00 Praha 9                                 fax:  +420 284 084 001
Czech Republic                                    http://www.suse.cz/
PGP: 830B 40D5 9E05 35D8 5E27 6FA3 717C 209F A04F CD76

^ permalink raw reply	[flat|nested] 3+ messages in thread

end of thread, other threads:[~2016-04-01 13:59 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2016-03-30 20:49 [PATCH] Fix possible NULL dereference in get_btrfs_fs_root() Stanislav Brabec
2016-03-31  9:54 ` Karel Zak
2016-04-01 13:59   ` Stanislav Brabec

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox