alex/bcachefs-tools
1
0
Fork 0
mirror of https://github.com/koverstreet/bcachefs-tools.git synced 2025-02-09 00:00:04 +03:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

mount: Fix UAF in option string handling

Browse Source 
Signed-off-by: Kent Overstreet <kent.overstreet@linux.dev>
This commit is contained in:
Kent Overstreet 2024-07-22 11:22:34 -04:00
parent dfc39d36c4
commit 57cd58db1e
1 changed files with 5 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
src/commands/mount.rs
View File

@ -35,7 +35,7 @@ fn mount_inner(
// convert to pointers for ffi // convert to pointers for ffi
let src = src.as_ptr(); let src = src.as_ptr();
let target = target.as_ptr(); let target = target.as_ptr();
let data = data.map_or(ptr::null(), |data| data.as_ptr().cast()); let data_ptr = data.as_ref().map_or(ptr::null(), |data| data.as_ptr().cast());
let fstype = fstype.as_ptr(); let fstype = fstype.as_ptr();
let mut ret; let mut ret;
@ -43,7 +43,7 @@ fn mount_inner(
ret = { ret = {
info!("mounting filesystem"); info!("mounting filesystem");
// REQUIRES: CAP_SYS_ADMIN // REQUIRES: CAP_SYS_ADMIN
unsafe { libc::mount(src, target, fstype, mountflags, data) } unsafe { libc::mount(src, target, fstype, mountflags, data_ptr) }
}; };
let err = errno::errno().0; let err = errno::errno().0;
@ -58,6 +58,9 @@ fn mount_inner(
println!("mount: device write-protected, mounting read-only"); println!("mount: device write-protected, mounting read-only");
mountflags |= libc::MS_RDONLY; mountflags |= libc::MS_RDONLY;
} }
drop(data);
match ret { match ret {
0 => Ok(()), 0 => Ok(()),
_ => Err(crate::ErrnoError(errno::errno()).into()), _ => Err(crate::ErrnoError(errno::errno()).into()),