ext2fs

Fedor Uporov Mon, 04 Mar 2019 03:35:27 -0800

Author: fsu
Date: Mon Mar  4 11:33:49 2019
New Revision: 344757
URL: https://svnweb.freebsd.org/changeset/base/344757


Log:
  Fix double free in case of mount error.
  
  Reported by:    Christopher Krah <k...@protonmail.com>
  Reported as:    FS-9-EXT3-2: Denial Of Service in nmount-5 (vm_fault_hold)
  Reviewed by:    pfg
  MFC after:      1 week
  
  Differential Revision:    https://reviews.freebsd.org/D19385

Modified:
  head/sys/fs/ext2fs/ext2_vfsops.c

Modified: head/sys/fs/ext2fs/ext2_vfsops.c
==============================================================================
--- head/sys/fs/ext2fs/ext2_vfsops.c    Mon Mar  4 11:27:47 2019        
(r344756)
+++ head/sys/fs/ext2fs/ext2_vfsops.c    Mon Mar  4 11:33:49 2019        
(r344757)
@@ -614,8 +614,12 @@ ext2_compute_sb_data(struct vnode *devvp, struct ext2f
                    fsbtodb(fs, ext2_cg_location(fs, i)),
                    fs->e2fs_bsize, NOCRED, &bp);
                if (error) {
-                       free(fs->e2fs_contigdirs, M_EXT2MNT);
-                       free(fs->e2fs_gd, M_EXT2MNT);
+                       /*
+                        * fs->e2fs_gd and fs->e2fs_contigdirs
+                        * will be freed later by the caller,
+                        * because this function could be called from
+                        * MNT_UPDATE path.
+                        */
                        brelse(bp);
                        return (error);
                }
_______________________________________________
svn-src-head@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-head
To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"

svn commit: r344757 - head/sys/fs/ext2fs

Reply via email to