fixup: smart: sys_mount: UAF vulnerability
This patch addresses a use-after-free (UAF) vulnerability in the sys_mount. The issue occurred due to improper handling of memory deallocation, which could lead to crashes or undefined behavior on user request of mounting. Changes made: - Moved the `rt_free(copy_source)` function call to occur after the necessary operations are completed, preventing premature deallocation of memory. Signed-off-by: Shell <smokewood@qq.com>
This commit is contained in:
parent
fabee02c38
commit
cfe1768815
|
@ -5810,13 +5810,13 @@ sysret_t sys_mount(char *source, char *target,
|
|||
if (copy_source && stat(copy_source, &buf) && S_ISBLK(buf.st_mode))
|
||||
{
|
||||
char *dev_fullpath = dfs_normalize_path(RT_NULL, copy_source);
|
||||
rt_free(copy_source);
|
||||
RT_ASSERT(rt_strncmp(dev_fullpath, "/dev/", sizeof("/dev/") - 1) == 0);
|
||||
ret = dfs_mount(dev_fullpath + sizeof("/dev/") - 1, copy_target, copy_filesystemtype, 0, tmp);
|
||||
if (ret < 0)
|
||||
{
|
||||
ret = -rt_get_errno();
|
||||
}
|
||||
rt_free(copy_source);
|
||||
rt_free(dev_fullpath);
|
||||
}
|
||||
else
|
||||
|
|
Loading…
Reference in New Issue