diff options
Diffstat (limited to 'meta/recipes-core/systemd/systemd/0002-core-Fix-use-after-free-case-in-load_from_path.patch')
-rw-r--r-- | meta/recipes-core/systemd/systemd/0002-core-Fix-use-after-free-case-in-load_from_path.patch | 43 |
1 files changed, 43 insertions, 0 deletions
diff --git a/meta/recipes-core/systemd/systemd/0002-core-Fix-use-after-free-case-in-load_from_path.patch b/meta/recipes-core/systemd/systemd/0002-core-Fix-use-after-free-case-in-load_from_path.patch new file mode 100644 index 0000000000..4da96e2920 --- /dev/null +++ b/meta/recipes-core/systemd/systemd/0002-core-Fix-use-after-free-case-in-load_from_path.patch | |||
@@ -0,0 +1,43 @@ | |||
1 | From cb67aebd63d9f0077cbf3e769f0b223c5bba20ac Mon Sep 17 00:00:00 2001 | ||
2 | From: Khem Raj <raj.khem@gmail.com> | ||
3 | Date: Sun, 16 Dec 2018 20:58:35 -0800 | ||
4 | Subject: [PATCH 2/2] core: Fix use after free case in load_from_path() | ||
5 | |||
6 | ensure that mfree() on filename is called after the logging function | ||
7 | which uses the string pointed by filename | ||
8 | |||
9 | Signed-off-by: Khem Raj <raj.khem@gmail.com> | ||
10 | --- | ||
11 | Upstream-Status: Submitted [https://github.com/systemd/systemd/pull/11179] | ||
12 | src/core/load-fragment.c | 6 ++++-- | ||
13 | 1 file changed, 4 insertions(+), 2 deletions(-) | ||
14 | |||
15 | diff --git a/src/core/load-fragment.c b/src/core/load-fragment.c | ||
16 | index fc5644f48..da585786e 100644 | ||
17 | --- a/src/core/load-fragment.c | ||
18 | +++ b/src/core/load-fragment.c | ||
19 | @@ -4531,7 +4531,6 @@ static int load_from_path(Unit *u, const char *path) { | ||
20 | r = open_follow(&filename, &f, symlink_names, &id); | ||
21 | if (r >= 0) | ||
22 | break; | ||
23 | - filename = mfree(filename); | ||
24 | |||
25 | /* ENOENT means that the file is missing or is a dangling symlink. | ||
26 | * ENOTDIR means that one of paths we expect to be is a directory | ||
27 | @@ -4540,9 +4539,12 @@ static int load_from_path(Unit *u, const char *path) { | ||
28 | */ | ||
29 | if (r == -EACCES) | ||
30 | log_debug_errno(r, "Cannot access \"%s\": %m", filename); | ||
31 | - else if (!IN_SET(r, -ENOENT, -ENOTDIR)) | ||
32 | + else if (!IN_SET(r, -ENOENT, -ENOTDIR)) { | ||
33 | + filename = mfree(filename); | ||
34 | return r; | ||
35 | + } | ||
36 | |||
37 | + filename = mfree(filename); | ||
38 | /* Empty the symlink names for the next run */ | ||
39 | set_clear_free(symlink_names); | ||
40 | } | ||
41 | -- | ||
42 | 2.20.1 | ||
43 | |||