Date: Wed, 17 Feb 2021 09:57:15 GMT From: Alex Richardson <arichardson@FreeBSD.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org Subject: git: b43fd50269af - stable/13 - usr.sbin/makefs: fix use-after-free in read_mtree_keywords() Message-ID: <202102170957.11H9vF7f016768@gitrepo.freebsd.org>
next in thread | raw e-mail | index | archive | help
The branch stable/13 has been updated by arichardson: URL: https://cgit.FreeBSD.org/src/commit/?id=b43fd50269afe141ec657f0e14d742678fe3733c commit b43fd50269afe141ec657f0e14d742678fe3733c Author: Alex Richardson <arichardson@FreeBSD.org> AuthorDate: 2021-02-10 15:23:23 +0000 Commit: Alex Richardson <arichardson@FreeBSD.org> CommitDate: 2021-02-17 09:56:44 +0000 usr.sbin/makefs: fix use-after-free in read_mtree_keywords() The st variable is used as a shortcut for &node->inode->st, but in one branch just before the exit we update node->inode without changing st. Reported by: AddressSanitizer Reviewed By: emaste (cherry picked from commit 12ad8bdb34aa990bcc4f3faa92a6e0557385d2b2) --- usr.sbin/makefs/mtree.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/usr.sbin/makefs/mtree.c b/usr.sbin/makefs/mtree.c index 63b52193b872..266315466900 100644 --- a/usr.sbin/makefs/mtree.c +++ b/usr.sbin/makefs/mtree.c @@ -783,6 +783,8 @@ read_mtree_keywords(FILE *fp, fsnode *node) free(node->inode); node->inode = curino; node->inode->nlink++; + /* Reset st since node->inode has been updated. */ + st = &node->inode->st; } }
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202102170957.11H9vF7f016768>