From: Richard Fuchs <rfuchs@sipwise.com>
Date: Tue, 17 Apr 2018 13:40:20 +0000 (-0400)
Subject: bugfix: fix possible segfault during umount -a
X-Git-Tag: v2.33-rc1~306
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=f958101d2ea55174f8cd584efe41d4cefa9578c6;p=thirdparty%2Futil-linux.git

bugfix: fix possible segfault during umount -a

mnt_context_get_mtab() doesn't set its return **tb argument on error,
and so in mnt_context_next_umount() mtab will remain uninitialized on
error, later resulting in cxt->mtab containing garbage, possibly
resulting in segfault on exit.
---

diff --git a/libmount/src/context_umount.c b/libmount/src/context_umount.c
index 45651b58e3..240ec3be69 100644
--- a/libmount/src/context_umount.c
+++ b/libmount/src/context_umount.c
@@ -1003,11 +1003,12 @@ int mnt_context_next_umount(struct libmnt_context *cxt,
 	rc = mnt_context_get_mtab(cxt, &mtab);
 	cxt->mtab = NULL;		/* do not reset mtab */
 	mnt_reset_context(cxt);
-	cxt->mtab = mtab;
 
 	if (rc)
 		return rc;
 
+	cxt->mtab = mtab;
+
 	do {
 		rc = mnt_table_next_fs(mtab, itr, fs);
 		if (rc != 0)