libs/rt-thread
libs
/
rt-thread
4
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

fixup: smart: sys_mount: UAF vulnerability 

This patch addresses a use-after-free (UAF) vulnerability in the
sys_mount. The issue occurred due to improper handling of memory
deallocation, which could lead to crashes or undefined behavior on user
request of mounting.

Changes made:
- Moved the `rt_free(copy_source)` function call to occur after the necessary
  operations are completed, preventing premature deallocation of memory.

Signed-off-by: Shell <smokewood@qq.com>
This commit is contained in:
Shell 2024-10-11 14:45:39 +08:00 committed by Rbb666
parent fabee02c38
commit cfe1768815
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
components/lwp/lwp_syscall.c
View File

@ -5810,13 +5810,13 @@ sysret_t sys_mount(char *source, char *target,
if (copy_source && stat(copy_source, &buf) && S_ISBLK(buf.st_mode))
{
char *dev_fullpath = dfs_normalize_path(RT_NULL, copy_source);
rt_free(copy_source);
RT_ASSERT(rt_strncmp(dev_fullpath, "/dev/", sizeof("/dev/") - 1) == 0);
ret = dfs_mount(dev_fullpath + sizeof("/dev/") - 1, copy_target, copy_filesystemtype, 0, tmp);
if (ret < 0)
{
ret = -rt_get_errno();
}
rt_free(copy_source);
rt_free(dev_fullpath);
}
else