3
0
forked from pool/util-linux
util-linux/util-linux-libmount-umount-a-segfault.patch

35 lines
1.0 KiB
Diff

From f958101d2ea55174f8cd584efe41d4cefa9578c6 Mon Sep 17 00:00:00 2001
From: Richard Fuchs <rfuchs@sipwise.com>
Date: Tue, 17 Apr 2018 09:40:20 -0400
Subject: [PATCH] bugfix: fix possible segfault during umount -a
mnt_context_get_mtab() doesn't set its return **tb argument on error,
and so in mnt_context_next_umount() mtab will remain uninitialized on
error, later resulting in cxt->mtab containing garbage, possibly
resulting in segfault on exit.
---
libmount/src/context_umount.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/libmount/src/context_umount.c b/libmount/src/context_umount.c
index 45651b58e..240ec3be6 100644
--- a/libmount/src/context_umount.c
+++ b/libmount/src/context_umount.c
@@ -1003,11 +1003,12 @@ int mnt_context_next_umount(struct libmnt_context *cxt,
rc = mnt_context_get_mtab(cxt, &mtab);
cxt->mtab = NULL; /* do not reset mtab */
mnt_reset_context(cxt);
- cxt->mtab = mtab;
if (rc)
return rc;
+ cxt->mtab = mtab;
+
do {
rc = mnt_table_next_fs(mtab, itr, fs);
if (rc != 0)
--
2.16.3