diff options
| author | Paulo Alcantara (SUSE) <pc@cjr.nz> | 2019-09-19 09:12:26 -0300 |
|---|---|---|
| committer | Pavel Shilovsky <pshilov@microsoft.com> | 2019-10-03 17:21:02 -0700 |
| commit | d563a0e4e70395b7ef020016fc809a514db6da0b (patch) | |
| tree | 476253f90ce93d12fc4d0acae762d3c0eec5d748 | |
| parent | d7d78d7298b335e5c42567ae87b3f366e6c7f899 (diff) | |
| download | cifs-utils-d563a0e4e70395b7ef020016fc809a514db6da0b.tar.gz cifs-utils-d563a0e4e70395b7ef020016fc809a514db6da0b.tar.bz2 cifs-utils-d563a0e4e70395b7ef020016fc809a514db6da0b.zip | |
mount.cifs: Fix invalid free
When attemping to chdir into non-existing directories, mount.cifs
crashes.
This patch fixes the following ASAN report:
$ ./mount.cifs //localhost/foo /mnt/invalid-dir -o ...
/mnt/bar -o username=foo,password=foo,vers=1.0
Couldn't chdir to /mnt/bar: No such file or directory
=================================================================
==11846==ERROR: AddressSanitizer: attempting free on address which was
not malloc()-ed: 0x7ffd86332e97 in thread T0
#0 0x7f0860ca01e7 in
__interceptor_free (/usr/lib64/libasan.so.5+0x10a1e7)
#1 0x557edece9ccb in
acquire_mountpoint (/home/paulo/src/cifs-utils/mount.cifs+0xeccb)
#2 0x557edecea63d in
main (/home/paulo/src/cifs-utils/mount.cifs+0xf63d)
#3 0x7f08609f0bca in __libc_start_main (/lib64/libc.so.6+0x26bca)
#4 0x557edece27d9 in
_start (/home/paulo/src/cifs-utils/mount.cifs+0x77d9)
Address 0x7ffd86332e97 is located in stack of thread T0 at offset 8951
in frame
#0 0x557edece9ce0 in
main (/home/paulo/src/cifs-utils/mount.cifs+0xece0)
This frame has 2 object(s):
[48, 52) 'rc' (line 1959)
[64, 72) 'mountpoint' (line 1955) <== Memory access at offset 8951
overflows this variable
HINT: this may be a false positive if your program uses some custom
stack unwind mechanism, swapcontext or vfork
(longjmp and C++ exceptions *are* supported)
SUMMARY: AddressSanitizer: bad-free (/usr/lib64/libasan.so.5+0x10a1e7)
in __interceptor_free
==11846==ABORTING
Fixes: bf7f48f4c7dc ("mount.cifs.c: fix memory leaks in main func")
Signed-off-by: Paulo Alcantara (SUSE) <pc@cjr.nz>
Reviewed-by: David Mulder <dmulder@suse.com>
| -rw-r--r-- | mount.cifs.c | 8 |
1 files changed, 4 insertions, 4 deletions
diff --git a/mount.cifs.c b/mount.cifs.c index 2116fc8..6935fe1 100644 --- a/mount.cifs.c +++ b/mount.cifs.c @@ -1895,7 +1895,7 @@ acquire_mountpoint(char **mountpointp) int rc, dacrc; uid_t realuid, oldfsuid; gid_t oldfsgid; - char *mountpoint; + char *mountpoint = NULL; /* * Acquire the necessary privileges to chdir to the mountpoint. If @@ -1944,9 +1944,9 @@ restore_privs: gid_t __attribute__((unused)) gignore = setfsgid(oldfsgid); } - if (rc) { - free(*mountpointp); - } + if (rc) + free(mountpoint); + return rc; } |