D28570.id83635.diff
No OneTemporary
Actions

Size

515 B

Referenced Files

None

Subscribers

None

D28570.id83635.diff
View Options

	Index: usr.sbin/makefs/mtree.c
	===================================================================
	--- usr.sbin/makefs/mtree.c
	+++ usr.sbin/makefs/mtree.c
	@@ -783,12 +783,14 @@
	free(node->inode);
	node->inode = curino;
	node->inode->nlink++;
	+ /* Reset st to avoid UAF when updating size below. */
	+ st = &node->inode->st;
	}
	}

	free(node->contents);
	node->contents = name;
	- st->st_size = sb.st_size;
	+ st->st_size = sb.st_size; /* XXX: or node->inode->st to avoid UAF */
	return (0);
	}