ericonr
/
util-linux
mirror of https://github.com/ericonr/util-linux.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

mount: chain of symlinks to fstab causes use of pointer after free 

Looking at the source in 'mount/realpath.c' we find that when dealing with
the second or later symlink in the chain, a memory block was free()d before
copying its contents to a newly allocated block.
This commit is contained in:
Norbert Buchmuller 2007-09-02 14:08:53 -06:00 committed by Karel Zak
parent 63038035f3
commit a9d6150d12
1 changed files with 5 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
mount/realpath.c
View File

@ -97,6 +97,7 @@ myrealpath(const char *path, char *resolved_path, int maxreslth) {
} else {
#ifdef resolve_symlinks /* Richard Gooch dislikes sl resolution */
int m;
char *newbuf;
/* Note: readlink doesn't add the null byte. */
link_path[n] = '\0';
@ -110,12 +111,12 @@ myrealpath(const char *path, char *resolved_path, int maxreslth) {
/* Insert symlink contents into path. */
m = strlen(path);
newbuf = xmalloc(m + n + 1);
memcpy(newbuf, link_path, n);
memcpy(newbuf + n, path, m + 1);
if (buf)
free(buf);
buf = xmalloc(m + n + 1);
memcpy(buf, link_path, n);
memcpy(buf + n, path, m + 1);
path = buf;
path = buf = newbuf;
#endif
}
*npath++ = '/';