git: 3f5f52216f7e - main - kern_jail_set(): do not double-free opts

Thu, 06 Nov 2025 11:32:39 -0800 

The branch main has been updated by kib:

URL: 
https://cgit.FreeBSD.org/src/commit/?id=3f5f52216f7e583aeb5580b13ba0f87e29d1ee43

commit 3f5f52216f7e583aeb5580b13ba0f87e29d1ee43
Author:     Konstantin Belousov <[email protected]>
AuthorDate: 2025-11-06 05:50:42 +0000
Commit:     Konstantin Belousov <[email protected]>
CommitDate: 2025-11-06 19:32:16 +0000

    kern_jail_set(): do not double-free opts
    
    If vfs_buildopts() failed, vfs_freeopts() must not be called.
    
    Reported and tested by: pho
    Reviewed by:    jamie
    Sponsored by:   The FreeBSD Foundation
    MFC after:      3 days
    Differential revision:  https://reviews.freebsd.org/D53612
---
 sys/kern/kern_jail.c | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/sys/kern/kern_jail.c b/sys/kern/kern_jail.c
index 523b7e314a10..26a994ef0c32 100644
--- a/sys/kern/kern_jail.c
+++ b/sys/kern/kern_jail.c
@@ -1065,8 +1065,10 @@ kern_jail_set(struct thread *td, struct uio *optuio, int 
flags)
         *     than duplicate it under a different name.
         */
        error = vfs_buildopts(optuio, &opts);
-       if (error)
+       if (error) {
+               opts = NULL;
                goto done_free;
+       }
 
        cuflags = flags & (JAIL_CREATE | JAIL_UPDATE);
        if (!cuflags) {
@@ -2331,7 +2333,8 @@ kern_jail_set(struct thread *td, struct uio *optuio, int 
flags)
                (void)kern_close(td, jfd_out);
        if (g_path != NULL)
                free(g_path, M_TEMP);
-       vfs_freeopts(opts);
+       if (opts != NULL)
+               vfs_freeopts(opts);
        prison_free(mypr);
        return (error);
 }

Reply via email to