diff options
| author | landley <landley@69ca8d6d-28ef-0310-b511-8ec308f3f277> | 2006-01-10 05:30:28 +0000 |
|---|---|---|
| committer | landley <landley@69ca8d6d-28ef-0310-b511-8ec308f3f277> | 2006-01-10 05:30:28 +0000 |
| commit | c88fd61e3485bf10c844d512718a862894d912f9 (patch) | |
| tree | 4d41c541701c87ea8ee8dcf962bfa1a6ef297a98 | |
| parent | a6a68ce2f8273ab76a4b40beb52dfd824bd5a06c (diff) | |
| download | busybox-w32-c88fd61e3485bf10c844d512718a862894d912f9.tar.gz busybox-w32-c88fd61e3485bf10c844d512718a862894d912f9.tar.bz2 busybox-w32-c88fd61e3485bf10c844d512718a862894d912f9.zip | |
With -a, the jump to mount_it_now can skip the initialization of f, and
if we don't zero it after closing it we re-close a filehandle that isn't
open, and since this is a file _pointer_ it segfaults on a double free.
Yeah, subtle bug. I need to break this out into separate functions if I can
figure out how to avoid making the code larger while doing so. Part of
the general -a and -o remount work I need to do, but that's after 1.1.0...
git-svn-id: svn://busybox.net/trunk/busybox@13216 69ca8d6d-28ef-0310-b511-8ec308f3f277
| -rw-r--r-- | util-linux/mount.c | 7 |
1 files changed, 5 insertions, 2 deletions
diff --git a/util-linux/mount.c b/util-linux/mount.c index e0a2e2930..4777e470b 100644 --- a/util-linux/mount.c +++ b/util-linux/mount.c | |||
| @@ -327,8 +327,11 @@ mount_it_now: | |||
| 327 | } | 327 | } |
| 328 | if(!rc || !f) break; | 328 | if(!rc || !f) break; |
| 329 | } | 329 | } |
| 330 | if(f) fclose(f); | 330 | if(!f) break; |
| 331 | if(!f || !rc) break; | 331 | fclose(f); |
| 332 | // goto mount_it_now with -a can jump past the initialization | ||
| 333 | f=0; | ||
| 334 | if(!rc) break; | ||
| 332 | } | 335 | } |
| 333 | 336 | ||
| 334 | /* If the mount was successful, and we're maintaining an old-style | 337 | /* If the mount was successful, and we're maintaining an old-style |