YAEGASHI Takeshi writes:

Hi,

With the following /etc/fstab (any two or more lines of nfs), mount -a
-t nfs causes a segmentation faults.

server:/exports/aaa /mnt/aaa nfs defaults 0 0
server:/exprots/bbb /mnt/bbb nfs defaults 0 0

In util-linux/nfsmount.c, it overwrites malloc'ed pointer *mount_opts
with a static pointer.  With this patch it does proper memory realloc
and data copy instead.

1 files changed, 5 insertions, 3 deletions

diff --git a/util-linux/nfsmount.c b/util-linux/nfsmount.c
index 34f23f5aa..0ebab80f6 100644
--- a/util-linux/nfsmount.c
+++ b/util-linux/nfsmount.c
@@ -315,7 +315,7 @@ int nfsmount(const char *spec, const char *node, int *flags,
         char new_opts[1024];
         struct timeval total_timeout;
         enum clnt_stat clnt_stat;
-        static struct nfs_mount_data data;
+        struct nfs_mount_data data;
         char *opt, *opteq;
         int val;
         struct hostent *hp;
@@ -602,10 +602,9 @@ int nfsmount(const char *spec, const char *node, int *flags,
 #endif
 
         data.version = nfs_mount_version;
-        *mount_opts = (char *) &data;
 
         if (*flags & MS_REMOUNT)
-                return 0;
+                goto copy_data_and_return;
 
         /*
          * If the previous mount operation on the same host was
@@ -857,6 +856,9 @@ int nfsmount(const char *spec, const char *node, int *flags,
         auth_destroy(mclient->cl_auth);
         clnt_destroy(mclient);
         close(msock);
+copy_data_and_return:
+        *mount_opts = xrealloc(*mount_opts, sizeof(data));
+        memcpy(*mount_opts, &data, sizeof(data));
         return 0;
 
         /* abort */