The branch main has been updated by arichardson:
URL:
https://cgit.FreeBSD.org/src/commit/?id=12ad8bdb34aa990bcc4f3faa92a6e0557385d2b2
commit 12ad8bdb34aa990bcc4f3faa92a6e0557385d2b2
Author: Alex Richardson <arichard...@freebsd.org>
AuthorDate: 2021-02-10 15:23:23 +0000
Commit: Alex Richardson <arichard...@freebsd.org>
CommitDate: 2021-02-10 15:24:25 +0000
usr.sbin/makefs: fix use-after-free in read_mtree_keywords()
The st variable is used as a shortcut for &node->inode->st, but in one
branch just before the exit we update node->inode without changing st.
Reported by: AddressSanitizer
Reviewed By: emaste
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D28570
---
usr.sbin/makefs/mtree.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/usr.sbin/makefs/mtree.c b/usr.sbin/makefs/mtree.c
index 63b52193b872..266315466900 100644
--- a/usr.sbin/makefs/mtree.c
+++ b/usr.sbin/makefs/mtree.c
@@ -783,6 +783,8 @@ read_mtree_keywords(FILE *fp, fsnode *node)
free(node->inode);
node->inode = curino;
node->inode->nlink++;
+ /* Reset st since node->inode has been updated. */
+ st = &node->inode->st;
}
}
_______________________________________________
dev-commits-src-main@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/dev-commits-src-main
To unsubscribe, send any mail to "dev-commits-src-main-unsubscr...@freebsd.org"
