diff options
| author | Lennart Poettering <lennart@poettering.net> | 2015-06-08 19:43:30 +0200 |
|---|---|---|
| committer | Lennart Poettering <lennart@poettering.net> | 2015-06-08 19:43:30 +0200 |
| commit | ca41b679c675eef0f5dde496aa71099c75a30d6b (patch) | |
| tree | 6f1746f1cc448e97f729465ca9ff78b9599891fa | |
| parent | 1472e6579944531908a21f850d2fabc99b8cc65d (diff) | |
| parent | 46be6129d3e52556eb0f2ae4d07818f9f3f7af7a (diff) | |
Merge pull request #96 from haraldh/set_consume
util:bind_remount_recursive() fix "use after free"
| -rw-r--r-- | src/shared/util.c | 17 |
1 files changed, 11 insertions, 6 deletions
diff --git a/src/shared/util.c b/src/shared/util.c index 311acbb349..1442301cd7 100644 --- a/src/shared/util.c +++ b/src/shared/util.c @@ -4931,11 +4931,15 @@ int bind_remount_recursive(const char *prefix, bool ro) { while ((x = set_steal_first(todo))) { - r = set_consume(done, x); - if (r == -EEXIST) + r = set_put(done, x); + if (r == -EEXIST) { + free(x); continue; - if (r < 0) + } + if (r < 0) { + free(x); return r; + } /* Try to reuse the original flag set, but * don't care for errors, in case of @@ -4945,14 +4949,15 @@ int bind_remount_recursive(const char *prefix, bool ro) { orig_flags &= ~MS_RDONLY; if (mount(NULL, x, NULL, orig_flags|MS_BIND|MS_REMOUNT|(ro ? MS_RDONLY : 0), NULL) < 0) { - /* Deal with mount points that are * obstructed by a later mount */ - if (errno != ENOENT) + if (errno != ENOENT) { + free(x); return -errno; + } } - + free(x); } } } |