diff options
| author | Alex Richardson <arichardson@FreeBSD.org> | 2021-02-10 15:23:23 +0000 |
|---|---|---|
| committer | Alex Richardson <arichardson@FreeBSD.org> | 2021-02-17 09:56:44 +0000 |
| commit | b43fd50269afe141ec657f0e14d742678fe3733c (patch) | |
| tree | 108e817120ea3c64b3e5ff4593be4bcbd6990587 | |
| parent | 7973db046cb057192199dcc72c64789afc160ced (diff) | |
| download | src-b43fd50269afe141ec657f0e14d742678fe3733c.tar.gz src-b43fd50269afe141ec657f0e14d742678fe3733c.zip | |
usr.sbin/makefs: fix use-after-free in read_mtree_keywords()
The st variable is used as a shortcut for &node->inode->st, but in one
branch just before the exit we update node->inode without changing st.
Reported by: AddressSanitizer
Reviewed By: emaste
(cherry picked from commit 12ad8bdb34aa990bcc4f3faa92a6e0557385d2b2)
| -rw-r--r-- | usr.sbin/makefs/mtree.c | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/usr.sbin/makefs/mtree.c b/usr.sbin/makefs/mtree.c index 63b52193b872..266315466900 100644 --- a/usr.sbin/makefs/mtree.c +++ b/usr.sbin/makefs/mtree.c @@ -783,6 +783,8 @@ read_mtree_keywords(FILE *fp, fsnode *node) free(node->inode); node->inode = curino; node->inode->nlink++; + /* Reset st since node->inode has been updated. */ + st = &node->inode->st; } } |