From: Yu Watanabe <watanabe.yu+github@gmail.com>
Date: Sun, 18 Jan 2026 07:06:06 +0000 (+0900)
Subject: mountfsd: fix potential memleak on malicious json message
X-Git-Tag: v260-rc1~372
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=fe7692227d6912d2e7fc5179b19481d4f5209aff;p=thirdparty%2Fsystemd.git

mountfsd: fix potential memleak on malicious json message

This also makes json_log_oom() used on OOM.

Follow-up for 78b40aea611256228e898fc6a6dab414a1798889.
---

diff --git a/src/mountfsd/mountwork.c b/src/mountfsd/mountwork.c
index d1ed6909398..bd5d7a197fc 100644
--- a/src/mountfsd/mountwork.c
+++ b/src/mountfsd/mountwork.c
@@ -65,6 +65,7 @@ static const ImagePolicy image_policy_untrusted = {
 static int json_dispatch_image_options(const char *name, sd_json_variant *variant, sd_json_dispatch_flags_t flags, void *userdata) {
         _cleanup_(mount_options_free_allp) MountOptions *options = NULL;
         MountOptions **p = ASSERT_PTR(userdata);
+        int r;
 
         if (sd_json_variant_is_null(variant)) {
                 *p = mount_options_free_all(*p);
@@ -87,12 +88,12 @@ static int json_dispatch_image_options(const char *name, sd_json_variant *varian
                 if (!options) {
                         options = new0(MountOptions, 1);
                         if (!options)
-                                return -ENOMEM;
+                                return json_log_oom(variant, flags);
                 }
 
-                options->options[pd] = strdup(sd_json_variant_string(e));
-                if (!options->options[pd])
-                        return -ENOMEM;
+                r = free_and_strdup(&options->options[pd], sd_json_variant_string(e));
+                if (r < 0)
+                        return json_log_oom(variant, flags);
         }
 
         mount_options_free_all(*p);