[util-linux/f15] 2.19.1-1.4: fix #707035
kzak
kzak at fedoraproject.org
Mon Jul 11 11:28:33 UTC 2011
commit ccfa199c64911e3eee517e4c2db24ed1db91a91e
Author: Karel Zak <kzak at redhat.com>
Date: Mon Jul 11 13:27:49 2011 +0200
2.19.1-1.4: fix #707035
Signed-off-by: Karel Zak <kzak at redhat.com>
util-linux-2.19-mount-doublefree.patch | 66 ++++++++++++++++++++++++++++++++
util-linux.spec | 9 +++-
2 files changed, 73 insertions(+), 2 deletions(-)
---
diff --git a/util-linux-2.19-mount-doublefree.patch b/util-linux-2.19-mount-doublefree.patch
new file mode 100644
index 0000000..db8d0d4
--- /dev/null
+++ b/util-linux-2.19-mount-doublefree.patch
@@ -0,0 +1,66 @@
+From 400459e897045b40eb3711fa4814176f7422a76a Mon Sep 17 00:00:00 2001
+From: Kirill Elagin <kirelagin at gmail.com>
+Date: Mon, 11 Jul 2011 12:53:43 +0200
+Subject: [PATCH] mount: fix double free in mount.c with SELinux enabled
+
+append_context reallocates memory, invalidating extra_opts1. As a
+result my_free(extra_opts1) crashes.
+
+Signed-off-by: Kirill Elagin <kirelagin at gmail.com>
+Signed-off-by: Nikita Ofitserov <himikof at gmail.com>
+Signed-off-by: Karel Zak <kzak at redhat.com>
+---
+ mount/mount.c | 15 ++++++++-------
+ 1 files changed, 8 insertions(+), 7 deletions(-)
+
+diff --git a/mount/mount.c b/mount/mount.c
+index cb04d9d..ea2c478 100644
+--- a/mount/mount.c
++++ b/mount/mount.c
+@@ -1535,7 +1535,7 @@ try_mount_one (const char *spec0, const char *node0, const char *types0,
+ struct stat statbuf;
+
+ /* copies for freeing on exit */
+- const char *opts1, *spec1, *node1, *types1, *extra_opts1;
++ const char *opts1, *spec1, *node1, *types1;
+
+ if (verbose > 2) {
+ printf("mount: spec: \"%s\"\n", spec0);
+@@ -1550,8 +1550,7 @@ try_mount_one (const char *spec0, const char *node0, const char *types0,
+ opts = opts1 = xstrdup(opts0);
+
+ parse_opts (opts, &flags, &extra_opts);
+- extra_opts1 = extra_opts;
+- mount_opts = extra_opts;
++ mount_opts = xstrdup(extra_opts);
+
+ /* quietly succeed for fstab entries that don't get mounted automatically */
+ if (mount_all && (flags & MS_NOAUTO))
+@@ -1592,8 +1591,11 @@ try_mount_one (const char *spec0, const char *node0, const char *types0,
+ /*
+ * Linux kernel does not accept any selinux context option on remount
+ */
+- if (mount_opts)
++ if (mount_opts) {
++ char *tmp = mount_opts;
+ mount_opts = remove_context_options(mount_opts);
++ my_free(tmp);
++ }
+
+ } else if (types && strcmp(types, "tmpfs") == 0 && is_selinux_enabled() > 0 &&
+ !has_context_option(mount_opts)) {
+@@ -1922,9 +1924,8 @@ try_mount_one (const char *spec0, const char *node0, const char *types0,
+ }
+ #endif
+
+- if (extra_opts1 != mount_opts)
+- my_free(mount_opts);
+- my_free(extra_opts1);
++ my_free(mount_opts);
++ my_free(extra_opts);
+ my_free(spec1);
+ my_free(node1);
+ my_free(opts1);
+--
+1.7.6
+
diff --git a/util-linux.spec b/util-linux.spec
index 01175fb..4a76f45 100644
--- a/util-linux.spec
+++ b/util-linux.spec
@@ -2,7 +2,7 @@
Summary: A collection of basic system utilities
Name: util-linux
Version: 2.19.1
-Release: 1.3%{?dist}
+Release: 1.4%{?dist}
License: GPLv2 and GPLv2+ and GPLv3+ and LGPLv2+ and BSD with advertising and Public Domain
Group: System Environment/Base
URL: http://kernel.org/~kzak/util-linux/
@@ -95,6 +95,8 @@ Patch11: util-linux-2.19-mount-a-bind.patch
Patch12: util-linux-2.19-mount-fsname.patch
# 716483 - /var/tmp --(BIND-mounted)--> /tmp disrupts/hangs bootup
Patch13: util-linux-2.19-mount-mountpoint.patch
+# 707035 - /bin/mount: double free glibc detected
+Patch14: util-linux-2.19-mount-doublefree.patch
%description
The util-linux package contains a large variety of low-level system
@@ -214,7 +216,7 @@ cp %{SOURCE8} %{SOURCE9} .
%patch11 -p1
%patch12 -p1
%patch13 -p1
-
+%patch14 -p1
%build
unset LINGUAS || :
@@ -760,6 +762,9 @@ fi
%changelog
+* Mon Jul 11 2011 Karel Zak <kzak at redhat.com> 2.19.1-1.4
+- fix #707035 - /bin/mount: double free glibc detected
+
* Mon Jul 4 2011 Karel Zak <kzak at redhat.com> 2.19.1-1.3
- fix #716483 - /var/tmp --(BIND-mounted)--> /tmp disrupts/hangs bootup
More information about the scm-commits
mailing list