diff options
| author | Rob Landley <rob@landley.net> | 2006-01-10 05:30:28 +0000 |
|---|---|---|
| committer | Rob Landley <rob@landley.net> | 2006-01-10 05:30:28 +0000 |
| commit | 71d6ccd801446c3551192e1080232c19c62cad44 (patch) | |
| tree | 4d41c541701c87ea8ee8dcf962bfa1a6ef297a98 /util-linux/mount.c | |
| parent | 8b0efdb1a1d0b67875518c0f77e1c1b2a814c048 (diff) | |
| download | busybox-w32-71d6ccd801446c3551192e1080232c19c62cad44.tar.gz busybox-w32-71d6ccd801446c3551192e1080232c19c62cad44.tar.bz2 busybox-w32-71d6ccd801446c3551192e1080232c19c62cad44.zip | |
With -a, the jump to mount_it_now can skip the initialization of f, and
if we don't zero it after closing it we re-close a filehandle that isn't
open, and since this is a file _pointer_ it segfaults on a double free.
Yeah, subtle bug. I need to break this out into separate functions if I can
figure out how to avoid making the code larger while doing so. Part of
the general -a and -o remount work I need to do, but that's after 1.1.0...
Diffstat (limited to 'util-linux/mount.c')
| -rw-r--r-- | util-linux/mount.c | 7 |
1 files changed, 5 insertions, 2 deletions
diff --git a/util-linux/mount.c b/util-linux/mount.c index e0a2e2930..4777e470b 100644 --- a/util-linux/mount.c +++ b/util-linux/mount.c | |||
| @@ -327,8 +327,11 @@ mount_it_now: | |||
| 327 | } | 327 | } |
| 328 | if(!rc || !f) break; | 328 | if(!rc || !f) break; |
| 329 | } | 329 | } |
| 330 | if(f) fclose(f); | 330 | if(!f) break; |
| 331 | if(!f || !rc) break; | 331 | fclose(f); |
| 332 | // goto mount_it_now with -a can jump past the initialization | ||
| 333 | f=0; | ||
| 334 | if(!rc) break; | ||
| 332 | } | 335 | } |
| 333 | 336 | ||
| 334 | /* If the mount was successful, and we're maintaining an old-style | 337 | /* If the mount was successful, and we're maintaining an old-style |