Package: mount
Version: 2.19.1-5
Tags: patch
Hi LaMont,
on my system I get a segfault in mount on each boot. This seems to be
due to unchecked access to mnt_opts, which is NULL in my case. Since
other accesses to that field check it against NULL first, this seems to
be an allowed value.
The offending line in my fstab looks like this:
//pluto/scans /home/torsten/scans cifs
The attached patch fixes this for me. Please consider applying it.
Greetings, Torsten
>From dd5a1c884278dcb007a62148e626fb20e8298432 Mon Sep 17 00:00:00 2001
From: Torsten Landschoff <tors...@debian.org>
Date: Thu, 1 Sep 2011 20:58:47 +0200
Subject: [PATCH] Check mnt_opts against NULL before accessing it.
On my fstab, mount -a failed with a segfault for the following entry:
//pluto/scans /home/torsten/scans cifs
Backtrace was:
(gdb) where
#0 __strstr_sse2 (haystack_start=0x0, needle_start=0x40f6ae "loop=") at ../string/strstr.c:63
#1 0x0000000000407d22 in is_fstab_entry_mounted (verbose=0, mc=0xd9c8c0) at mount.c:2069
#2 do_mount_all (types=0x0, options=0x0, test_opts=0x0) at mount.c:2141
#3 0x0000000000403bf9 in main (argc=<optimized out>, argv=<optimized out>) at mount.c:2623
(gdb) p
$3 = {mnt_fsname = 0xd9c860 "//pluto/scans", mnt_dir = 0xd9c880 "/home/torsten/scans",
mnt_type = 0xd9c8a0 "cifs", mnt_opts = 0x0, mnt_freq = 0, mnt_passno = 0}
---
debian/changelog | 4 ++++
mount/mount.c | 5 +++--
2 files changed, 7 insertions(+), 2 deletions(-)
diff --git a/debian/changelog b/debian/changelog
index 4ba9efc..47c4e1d 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -30,6 +30,10 @@ util-linux (2.17-0) experimental; urgency=low
* po: update fi.po (from translationproject.org) (Lauri Nurmi)
* po: update eu.po (from translationproject.org) (Mikel Olasagasti)
+ [Torsten Landschoff]
+
+ * mount/mount.c: Check mnt_opts against NULL before accessing it.
+
-- LaMont Jones <lam...@debian.org> Mon, 18 Jan 2010 08:01:43 -0700
util-linux (2.17~rc3-1) experimental; urgency=low
diff --git a/mount/mount.c b/mount/mount.c
index 36d1a57..6d481a5 100644
--- a/mount/mount.c
+++ b/mount/mount.c
@@ -1162,7 +1162,7 @@ is_mounted_same_loopfile(const char *node0, const char *loopfile, unsigned long
res = loopfile_used_with((char *) mnt->m.mnt_fsname,
loopfile, offset);
- else if ((p = strstr(mnt->m.mnt_opts, "loop="))) {
+ else if ((mnt->m.mnt_opts && (p = strstr(mnt->m.mnt_opts, "loop=")))) {
char *dev = xstrdup(p+5);
if ((p = strchr(dev, ',')))
*p = '\0';
@@ -2054,7 +2054,7 @@ is_fstab_entry_mounted(struct mntentchn *mc, int verbose)
goto yes;
/* extra care for loop devices */
- if ((strstr(mc->m.mnt_opts, "loop=") ||
+ if (((mc->m.mnt_opts && strstr(mc->m.mnt_opts, "loop=")) ||
(stat(mc->m.mnt_fsname, &st) == 0 && S_ISREG(st.st_mode)))) {
char *p = get_option_value(mc->m.mnt_opts, "offset=");
@@ -2065,6 +2065,7 @@ is_fstab_entry_mounted(struct mntentchn *mc, int verbose)
printf(_("mount: ignore %s "
"(unparsable offset= option)\n"),
mc->m.mnt_fsname);
+ free(p);
return -1;
}
free(p);
--
1.7.1.rc2.dirty
