shaba/systemd-stable
1
1
Fork 0
mirror of https://github.com/systemd/systemd-stable.git synced 2024-10-27 10:25:06 +03:00
Code

util:bind_remount_recursive() fix "use after free"

Browse Source 
set_consume(done, x) consumes x with free(x)
but
mount(…, x, …) uses it afterwards.

coverity CID 1299006
This commit is contained in:
Harald Hoyer 2015-06-08 15:14:26 +02:00
parent 1472e65799
commit 46be6129d3
1 changed files with 11 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
src/shared/util.c
View File

@ -4931,11 +4931,15 @@ int bind_remount_recursive(const char *prefix, bool ro) {
while ((x = set_steal_first(todo))) {
r = set_consume(done, x);
if (r == -EEXIST)
r = set_put(done, x);
if (r == -EEXIST) {
free(x);
continue;
if (r < 0)
}
if (r < 0) {
free(x);
return r;
}
/* Try to reuse the original flag set, but
* don't care for errors, in case of
@ -4945,14 +4949,15 @@ int bind_remount_recursive(const char *prefix, bool ro) {
orig_flags &= ~MS_RDONLY;
if (mount(NULL, x, NULL, orig_flags|MS_BIND|MS_REMOUNT|(ro ? MS_RDONLY : 0), NULL) < 0) {
/* Deal with mount points that are
* obstructed by a later mount */
if (errno != ENOENT)
if (errno != ENOENT) {
free(x);
return -errno;
}
}
free(x);
}
}
}