From: Lukas Czerner <lczerner@redhat.com>
To: tytso@mit.edu
Cc: linux-ext4@vger.kernel.org
Subject: [PATCH 3/7] e2fsprogs: fix unexpected NULL variable
Date: Fri, 6 Aug 2021 11:58:16 +0200 [thread overview]
Message-ID: <20210806095820.83731-3-lczerner@redhat.com> (raw)
In-Reply-To: <20210806095820.83731-1-lczerner@redhat.com>
The ext2fs_check_mount_point() function can be called with mtpt being
NULL as for example from ext2fs_check_if_mounted(). However in the
is_swap_device condition we use the mtpt in strncpy without checking
whether it is non-null first.
This should not be a problem on linux since the previous attempt to open
the device exclusively would have prevented us from ever reaching the
problematic strncpy. However it's still a bug and can cause problems on
other systems, fix it by conditioning strncpy on mtpt not being null.
Signed-off-by: Lukas Czerner <lczerner@redhat.com>
---
lib/ext2fs/ismounted.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/lib/ext2fs/ismounted.c b/lib/ext2fs/ismounted.c
index c9e6a9d0..aee7d726 100644
--- a/lib/ext2fs/ismounted.c
+++ b/lib/ext2fs/ismounted.c
@@ -393,7 +393,8 @@ errcode_t ext2fs_check_mount_point(const char *device, int *mount_flags,
if (is_swap_device(device)) {
*mount_flags = EXT2_MF_MOUNTED | EXT2_MF_SWAP;
- strncpy(mtpt, "<swap>", mtlen);
+ if (mtpt)
+ strncpy(mtpt, "<swap>", mtlen);
} else {
#ifdef HAVE_SETMNTENT
retval = check_mntent(device, mount_flags, mtpt, mtlen);
--
2.31.1
next prev parent reply other threads:[~2021-08-06 9:58 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-08-06 9:58 [PATCH 1/7] e2fsck: value stored to err is never read Lukas Czerner
2021-08-06 9:58 ` [PATCH 2/7] ext2fs: initialize retval before using it Lukas Czerner
2021-08-10 14:59 ` Theodore Ts'o
2021-08-06 9:58 ` Lukas Czerner [this message]
2021-08-10 15:01 ` [PATCH 3/7] e2fsprogs: fix unexpected NULL variable Theodore Ts'o
2021-08-06 9:58 ` [PATCH 4/7] e2fsprogs: remove augmented rbtree functionality Lukas Czerner
2021-08-10 15:01 ` Theodore Ts'o
2021-08-06 9:58 ` [PATCH 5/7] libss: handle memory allcation failure in ss_help() Lukas Czerner
2021-08-10 15:03 ` Theodore Ts'o
2021-08-06 9:58 ` [PATCH 6/7] libss: Add missing error handling for fdopen() Lukas Czerner
2021-08-10 15:03 ` Theodore Ts'o
2021-08-06 9:58 ` [PATCH 7/7] mkquota: Fix potental NULL pointer dereference Lukas Czerner
2021-08-10 16:15 ` Theodore Ts'o
2021-08-11 17:32 ` Lukas Czerner
2021-08-10 14:58 ` [PATCH 1/7] e2fsck: value stored to err is never read Theodore Ts'o
2021-08-11 17:33 ` Lukas Czerner
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210806095820.83731-3-lczerner@redhat.com \
--to=lczerner@redhat.com \
--cc=linux-ext4@vger.kernel.org \
--cc=tytso@mit.edu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.