parent
52a02ebeb9
commit
ccfa199c64
66
util-linux-2.19-mount-doublefree.patch
Normal file
66
util-linux-2.19-mount-doublefree.patch
Normal file
@ -0,0 +1,66 @@
|
||||
From 400459e897045b40eb3711fa4814176f7422a76a Mon Sep 17 00:00:00 2001
|
||||
From: Kirill Elagin <kirelagin@gmail.com>
|
||||
Date: Mon, 11 Jul 2011 12:53:43 +0200
|
||||
Subject: [PATCH] mount: fix double free in mount.c with SELinux enabled
|
||||
|
||||
append_context reallocates memory, invalidating extra_opts1. As a
|
||||
result my_free(extra_opts1) crashes.
|
||||
|
||||
Signed-off-by: Kirill Elagin <kirelagin@gmail.com>
|
||||
Signed-off-by: Nikita Ofitserov <himikof@gmail.com>
|
||||
Signed-off-by: Karel Zak <kzak@redhat.com>
|
||||
---
|
||||
mount/mount.c | 15 ++++++++-------
|
||||
1 files changed, 8 insertions(+), 7 deletions(-)
|
||||
|
||||
diff --git a/mount/mount.c b/mount/mount.c
|
||||
index cb04d9d..ea2c478 100644
|
||||
--- a/mount/mount.c
|
||||
+++ b/mount/mount.c
|
||||
@@ -1535,7 +1535,7 @@ try_mount_one (const char *spec0, const char *node0, const char *types0,
|
||||
struct stat statbuf;
|
||||
|
||||
/* copies for freeing on exit */
|
||||
- const char *opts1, *spec1, *node1, *types1, *extra_opts1;
|
||||
+ const char *opts1, *spec1, *node1, *types1;
|
||||
|
||||
if (verbose > 2) {
|
||||
printf("mount: spec: \"%s\"\n", spec0);
|
||||
@@ -1550,8 +1550,7 @@ try_mount_one (const char *spec0, const char *node0, const char *types0,
|
||||
opts = opts1 = xstrdup(opts0);
|
||||
|
||||
parse_opts (opts, &flags, &extra_opts);
|
||||
- extra_opts1 = extra_opts;
|
||||
- mount_opts = extra_opts;
|
||||
+ mount_opts = xstrdup(extra_opts);
|
||||
|
||||
/* quietly succeed for fstab entries that don't get mounted automatically */
|
||||
if (mount_all && (flags & MS_NOAUTO))
|
||||
@@ -1592,8 +1591,11 @@ try_mount_one (const char *spec0, const char *node0, const char *types0,
|
||||
/*
|
||||
* Linux kernel does not accept any selinux context option on remount
|
||||
*/
|
||||
- if (mount_opts)
|
||||
+ if (mount_opts) {
|
||||
+ char *tmp = mount_opts;
|
||||
mount_opts = remove_context_options(mount_opts);
|
||||
+ my_free(tmp);
|
||||
+ }
|
||||
|
||||
} else if (types && strcmp(types, "tmpfs") == 0 && is_selinux_enabled() > 0 &&
|
||||
!has_context_option(mount_opts)) {
|
||||
@@ -1922,9 +1924,8 @@ try_mount_one (const char *spec0, const char *node0, const char *types0,
|
||||
}
|
||||
#endif
|
||||
|
||||
- if (extra_opts1 != mount_opts)
|
||||
- my_free(mount_opts);
|
||||
- my_free(extra_opts1);
|
||||
+ my_free(mount_opts);
|
||||
+ my_free(extra_opts);
|
||||
my_free(spec1);
|
||||
my_free(node1);
|
||||
my_free(opts1);
|
||||
--
|
||||
1.7.6
|
||||
|
@ -2,7 +2,7 @@
|
||||
Summary: A collection of basic system utilities
|
||||
Name: util-linux
|
||||
Version: 2.19.1
|
||||
Release: 1.3%{?dist}
|
||||
Release: 1.4%{?dist}
|
||||
License: GPLv2 and GPLv2+ and GPLv3+ and LGPLv2+ and BSD with advertising and Public Domain
|
||||
Group: System Environment/Base
|
||||
URL: http://kernel.org/~kzak/util-linux/
|
||||
@ -95,6 +95,8 @@ Patch11: util-linux-2.19-mount-a-bind.patch
|
||||
Patch12: util-linux-2.19-mount-fsname.patch
|
||||
# 716483 - /var/tmp --(BIND-mounted)--> /tmp disrupts/hangs bootup
|
||||
Patch13: util-linux-2.19-mount-mountpoint.patch
|
||||
# 707035 - /bin/mount: double free glibc detected
|
||||
Patch14: util-linux-2.19-mount-doublefree.patch
|
||||
|
||||
%description
|
||||
The util-linux package contains a large variety of low-level system
|
||||
@ -214,7 +216,7 @@ cp %{SOURCE8} %{SOURCE9} .
|
||||
%patch11 -p1
|
||||
%patch12 -p1
|
||||
%patch13 -p1
|
||||
|
||||
%patch14 -p1
|
||||
|
||||
%build
|
||||
unset LINGUAS || :
|
||||
@ -760,6 +762,9 @@ fi
|
||||
|
||||
|
||||
%changelog
|
||||
* Mon Jul 11 2011 Karel Zak <kzak@redhat.com> 2.19.1-1.4
|
||||
- fix #707035 - /bin/mount: double free glibc detected
|
||||
|
||||
* Mon Jul 4 2011 Karel Zak <kzak@redhat.com> 2.19.1-1.3
|
||||
- fix #716483 - /var/tmp --(BIND-mounted)--> /tmp disrupts/hangs bootup
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user