Date: Fri, 02 Dec 2016 03:34:30 +0000 From: bugzilla-noreply@freebsd.org To: freebsd-jail@FreeBSD.org Subject: [Bug 214881] jail with path=/ and sysctl.disablefullpath=1 leads to NULL dereference Message-ID: <bug-214881-9824-QsSS3qv9PV@https.bugs.freebsd.org/bugzilla/> In-Reply-To: <bug-214881-9824@https.bugs.freebsd.org/bugzilla/> References: <bug-214881-9824@https.bugs.freebsd.org/bugzilla/>
next in thread | previous in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D214881 --- Comment #3 from aler@playground.ru --- Things apprear to be even worse. This code will overwrite root and leak old reference if path=3D=3DNULL and root!=3DNULL. 1218 if (path =3D=3D NULL) { 1219 path =3D "/"; 1220 root =3D mypr->pr_root; 1221 vref(root); 1222 } And this exactly happens in case of disablefullpath=3D1 and path=3D"/". path=3D=3DNULL means "nothing done for path" Adding patch to do proper fix for all this. Also i can note that pr->pr_path will be anyway unreliable in case of disablefullpath=3D1 and relative path given as argument (it doesn't event t= ry to be). But i don't think it is important for rarely-used (if even used, don't know) debugging feature. --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-214881-9824-QsSS3qv9PV>