Package: mount Version: 2.19.1-5 Tags: patch Hi LaMont,
on my system I get a segfault in mount on each boot. This seems to be due to unchecked access to mnt_opts, which is NULL in my case. Since other accesses to that field check it against NULL first, this seems to be an allowed value.
The offending line in my fstab looks like this: //pluto/scans /home/torsten/scans cifs The attached patch fixes this for me. Please consider applying it. Greetings, Torsten
>From dd5a1c884278dcb007a62148e626fb20e8298432 Mon Sep 17 00:00:00 2001 From: Torsten Landschoff <tors...@debian.org> Date: Thu, 1 Sep 2011 20:58:47 +0200 Subject: [PATCH] Check mnt_opts against NULL before accessing it. On my fstab, mount -a failed with a segfault for the following entry: //pluto/scans /home/torsten/scans cifs Backtrace was: (gdb) where #0 __strstr_sse2 (haystack_start=0x0, needle_start=0x40f6ae "loop=") at ../string/strstr.c:63 #1 0x0000000000407d22 in is_fstab_entry_mounted (verbose=0, mc=0xd9c8c0) at mount.c:2069 #2 do_mount_all (types=0x0, options=0x0, test_opts=0x0) at mount.c:2141 #3 0x0000000000403bf9 in main (argc=<optimized out>, argv=<optimized out>) at mount.c:2623 (gdb) p $3 = {mnt_fsname = 0xd9c860 "//pluto/scans", mnt_dir = 0xd9c880 "/home/torsten/scans", mnt_type = 0xd9c8a0 "cifs", mnt_opts = 0x0, mnt_freq = 0, mnt_passno = 0} --- debian/changelog | 4 ++++ mount/mount.c | 5 +++-- 2 files changed, 7 insertions(+), 2 deletions(-) diff --git a/debian/changelog b/debian/changelog index 4ba9efc..47c4e1d 100644 --- a/debian/changelog +++ b/debian/changelog @@ -30,6 +30,10 @@ util-linux (2.17-0) experimental; urgency=low * po: update fi.po (from translationproject.org) (Lauri Nurmi) * po: update eu.po (from translationproject.org) (Mikel Olasagasti) + [Torsten Landschoff] + + * mount/mount.c: Check mnt_opts against NULL before accessing it. + -- LaMont Jones <lam...@debian.org> Mon, 18 Jan 2010 08:01:43 -0700 util-linux (2.17~rc3-1) experimental; urgency=low diff --git a/mount/mount.c b/mount/mount.c index 36d1a57..6d481a5 100644 --- a/mount/mount.c +++ b/mount/mount.c @@ -1162,7 +1162,7 @@ is_mounted_same_loopfile(const char *node0, const char *loopfile, unsigned long res = loopfile_used_with((char *) mnt->m.mnt_fsname, loopfile, offset); - else if ((p = strstr(mnt->m.mnt_opts, "loop="))) { + else if ((mnt->m.mnt_opts && (p = strstr(mnt->m.mnt_opts, "loop=")))) { char *dev = xstrdup(p+5); if ((p = strchr(dev, ','))) *p = '\0'; @@ -2054,7 +2054,7 @@ is_fstab_entry_mounted(struct mntentchn *mc, int verbose) goto yes; /* extra care for loop devices */ - if ((strstr(mc->m.mnt_opts, "loop=") || + if (((mc->m.mnt_opts && strstr(mc->m.mnt_opts, "loop=")) || (stat(mc->m.mnt_fsname, &st) == 0 && S_ISREG(st.st_mode)))) { char *p = get_option_value(mc->m.mnt_opts, "offset="); @@ -2065,6 +2065,7 @@ is_fstab_entry_mounted(struct mntentchn *mc, int verbose) printf(_("mount: ignore %s " "(unparsable offset= option)\n"), mc->m.mnt_fsname); + free(p); return -1; } free(p); -- 1.7.1.rc2.dirty