mount.cifs: fix crash when mount point does not exist

@mountpointp is initially set to a statically allocated string in
main(), and if we fail to update it in acquire_mountpoint(), make sure
to set it to NULL and avoid freeing it at mount_exit.

This fixes the following crash

	$ mount.cifs //srv/share /mnt/foo/bar -o ...
	Couldn't chdir to /mnt/foo/bar: No such file or directory
	munmap_chunk(): invalid pointer
	Aborted

Signed-off-by: Paulo Alcantara (SUSE) <pc@cjr.nz>
Reviewed-by: Aurelien Aptel <aaptel@suse.com>

diff --git a/mount.cifs.c b/mount.cifs.c
index 7f898bbd215ab97a01a65a1c5a13378245eacce4..84274c98ddf58c9a3d558cf35c65acf981bd1247 100644 (file)
--- a/mount.cifs.c
+++ b/mount.cifs.c
@@ -1996,9 +1996,9 @@ acquire_mountpoint(char **mountpointp)
         */
        realuid = getuid();
        if (realuid == 0) {
-               dacrc = toggle_dac_capability(0, 1);
-               if (dacrc)
-                       return dacrc;
+               rc = toggle_dac_capability(0, 1);
+               if (rc)
+                       goto out;
        } else {
                oldfsuid = setfsuid(realuid);
                oldfsgid = setfsgid(getgid());
@@ -2019,7 +2019,6 @@ acquire_mountpoint(char **mountpointp)
                rc = EX_SYSERR;
        }
 
-       *mountpointp = mountpoint;
 restore_privs:
        if (realuid == 0) {
                dacrc = toggle_dac_capability(0, 0);
@@ -2030,9 +2029,13 @@ restore_privs:
                gid_t __attribute__((unused)) gignore = setfsgid(oldfsgid);
        }
 
-       if (rc)
+out:
+       if (rc) {
                free(mountpoint);
+               mountpoint = NULL;
+       }
 
+       *mountpointp = mountpoint;
        return rc;
 }