diff options
| author | Paulo Alcantara <pc@cjr.nz> | 2021-05-06 16:25:13 -0300 |
|---|---|---|
| committer | Pavel Shilovsky <pshilovsky@samba.org> | 2021-07-08 16:11:30 -0700 |
| commit | 9ad46fc480818e48868ba841a8a1eed9a74e7294 (patch) | |
| tree | d0f609d519c060ad437f2daf2b390c561d0bc4d4 /mount.cifs.c | |
| parent | 7f9711dd902a239c499682015d708f73ec884af2 (diff) | |
| download | cifs-utils-9ad46fc480818e48868ba841a8a1eed9a74e7294.tar.gz cifs-utils-9ad46fc480818e48868ba841a8a1eed9a74e7294.tar.bz2 cifs-utils-9ad46fc480818e48868ba841a8a1eed9a74e7294.zip | |
mount.cifs: fix crash when mount point does not exist
@mountpointp is initially set to a statically allocated string in
main(), and if we fail to update it in acquire_mountpoint(), make sure
to set it to NULL and avoid freeing it at mount_exit.
This fixes the following crash
$ mount.cifs //srv/share /mnt/foo/bar -o ...
Couldn't chdir to /mnt/foo/bar: No such file or directory
munmap_chunk(): invalid pointer
Aborted
Signed-off-by: Paulo Alcantara (SUSE) <pc@cjr.nz>
Reviewed-by: Aurelien Aptel <aaptel@suse.com>
Diffstat (limited to 'mount.cifs.c')
| -rw-r--r-- | mount.cifs.c | 13 |
1 files changed, 8 insertions, 5 deletions
diff --git a/mount.cifs.c b/mount.cifs.c index 7f898bb..84274c9 100644 --- a/mount.cifs.c +++ b/mount.cifs.c @@ -1996,9 +1996,9 @@ acquire_mountpoint(char **mountpointp) */ realuid = getuid(); if (realuid == 0) { - dacrc = toggle_dac_capability(0, 1); - if (dacrc) - return dacrc; + rc = toggle_dac_capability(0, 1); + if (rc) + goto out; } else { oldfsuid = setfsuid(realuid); oldfsgid = setfsgid(getgid()); @@ -2019,7 +2019,6 @@ acquire_mountpoint(char **mountpointp) rc = EX_SYSERR; } - *mountpointp = mountpoint; restore_privs: if (realuid == 0) { dacrc = toggle_dac_capability(0, 0); @@ -2030,9 +2029,13 @@ restore_privs: gid_t __attribute__((unused)) gignore = setfsgid(oldfsgid); } - if (rc) +out: + if (rc) { free(mountpoint); + mountpoint = NULL; + } + *mountpointp = mountpoint; return rc; } |