From: Karel Zak Date: Tue, 18 Feb 2025 09:39:05 +0000 (+0100) Subject: libmount: fix use-after free, etc. [coverity scan] X-Git-Tag: v2.42-start~42 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=8ab1890df4481ddabfa34a8c7fbed09fdd818eba;p=thirdparty%2Futil-linux.git libmount: fix use-after free, etc. [coverity scan] * remove dead code in mnt_fs_fetch_statmount() * fix use-after-free in table_init_listmount() * return from lsmnt_to_table() if list not defined Signed-off-by: Karel Zak --- diff --git a/libmount/src/fs_statmount.c b/libmount/src/fs_statmount.c index c44e82299..b7570e032 100644 --- a/libmount/src/fs_statmount.c +++ b/libmount/src/fs_statmount.c @@ -349,8 +349,6 @@ int mnt_fs_fetch_statmount(struct libmnt_fs *fs, uint64_t mask) if (!fs->ns_id) mask |= STATMOUNT_MNT_NS_ID; } - if (!mask) - goto done; if (fs->ns_id) ns = fs->ns_id; diff --git a/libmount/src/tab_listmount.c b/libmount/src/tab_listmount.c index e55786f27..1ccdf2e77 100644 --- a/libmount/src/tab_listmount.c +++ b/libmount/src/tab_listmount.c @@ -123,16 +123,16 @@ static int table_init_listmount(struct libmnt_table *tb, size_t stepsiz) } /* reuse old setting */ - if (tb->lsmnt) { + if (tb->lsmnt && ls != tb->lsmnt) { ls->id = tb->lsmnt->id; ls->ns = tb->lsmnt->ns; ls->last = tb->lsmnt->last; ls->enabled = tb->lsmnt->enabled; ls->reverse = tb->lsmnt->reverse; free(tb->lsmnt); - } - tb->lsmnt = ls; + tb->lsmnt = ls; + } DBG(TAB, ul_debugobj(tb, "listmount: init [step=%zu]", ls->stepsiz)); return 0; @@ -259,6 +259,8 @@ static int lsmnt_to_table( size_t i; struct libmnt_fs *prev = NULL; + if (!ls) + return -EINVAL; if (reverse) mnt_table_first_fs(tb, &prev); else @@ -279,7 +281,7 @@ static int lsmnt_to_table( if (fs) { fs->flags |= MNT_FS_KERNEL; mnt_fs_set_uniq_id(fs, id); - if (ls && ls->ns) + if (ls->ns) mnt_fs_set_ns(fs, ls->ns); rc = mnt_table_insert_fs(tb, reverse, prev, fs);