From: Phil Sutter <phil@nwl.cc>
Date: Mon, 21 Aug 2017 14:46:51 +0000 (+0200)
Subject: lib/bpf: Don't leak fp in bpf_find_mntpt()
X-Git-Tag: v4.13.0~37
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=c3724e4bc3a6c40dc846f0c3b02934d711bf81fb;p=thirdparty%2Fiproute2.git

lib/bpf: Don't leak fp in bpf_find_mntpt()

If fopen() succeeded but len != PATH_MAX, the function leaks the open
FILE pointer. Fix this by checking len value before calling fopen().

Signed-off-by: Phil Sutter <phil@nwl.cc>
Acked-by: Daniel Borkmann <daniel@iogearbox.net>
---

diff --git a/lib/bpf.c b/lib/bpf.c
index 4f52ad4a8..1dcb261dc 100644
--- a/lib/bpf.c
+++ b/lib/bpf.c
@@ -537,8 +537,11 @@ static const char *bpf_find_mntpt(const char *fstype, unsigned long magic,
 		}
 	}
 
+	if (len != PATH_MAX)
+		return NULL;
+
 	fp = fopen("/proc/mounts", "r");
-	if (fp == NULL || len != PATH_MAX)
+	if (fp == NULL)
 		return NULL;
 
 	while (fscanf(fp, "%*s %" textify(PATH_MAX) "s %99s %*s %*d %*d\n",