@mountpointp is initially set to a statically allocated string in
main(), and if we fail to update it in acquire_mountpoint(), make sure
to set it to NULL and avoid freeing it at mount_exit.
This fixes the following crash
$ mount.cifs //srv/share /mnt/foo/bar -o ...
Couldn't chdir to /mnt/foo/bar: No such file or directory
munmap_chunk(): invalid pointer
Aborted
Signed-off-by: Paulo Alcantara (SUSE) <pc@cjr.nz>
Reviewed-by: Aurelien Aptel <aaptel@suse.com>
*/
realuid = getuid();
if (realuid == 0) {
- dacrc = toggle_dac_capability(0, 1);
- if (dacrc)
- return dacrc;
+ rc = toggle_dac_capability(0, 1);
+ if (rc)
+ goto out;
} else {
oldfsuid = setfsuid(realuid);
oldfsgid = setfsgid(getgid());
rc = EX_SYSERR;
}
- *mountpointp = mountpoint;
restore_privs:
if (realuid == 0) {
dacrc = toggle_dac_capability(0, 0);
gid_t __attribute__((unused)) gignore = setfsgid(oldfsgid);
}
- if (rc)
+out:
+ if (rc) {
free(mountpoint);
+ mountpoint = NULL;
+ }
+ *mountpointp = mountpoint;
return rc;
}