Page MenuHomeFreeBSD
Differential D28570

usr.sbin/makefs: fix use-after-free in read_mtree_keywords()
ClosedPublic
Actions

Authored by arichardson on Feb 10 2021, 12:07 PM.
Tags
None
Referenced Files
Unknown Object (File)
Mon, Dec 8, 6:34 AM
Unknown Object (File)
Fri, Dec 5, 12:19 AM
Unknown Object (File)
Sat, Nov 29, 2:51 PM
Unknown Object (File)
Wed, Nov 26, 10:39 PM
Unknown Object (File)
Nov 25 2025, 11:15 AM
Unknown Object (File)
Nov 22 2025, 12:59 PM
Unknown Object (File)
Nov 20 2025, 7:38 AM
Unknown Object (File)
Nov 19 2025, 12:27 AM
View All Files
Subscribers
imp

Details

Reviewers
emaste
Commits
rG12ad8bdb34aa: usr.sbin/makefs: fix use-after-free in read_mtree_keywords()
Summary

The st variable is used as a shortcut for &node->inode->st, but in one
branch just before the exit we update node->inode without changing st.

Not sure which of the two approaches is preferable

Reported by: AddressSanitizer

Test Plan

ASan no longer complains.

Diff Detail

Repository
rS FreeBSD src repository - subversion
Lint
Lint Passed
Unit
No Test Coverage
Build Status
Buildable 36860
Build 33749: arc lint + arc unit

Event Timeline

arichardson created this revision.Feb 10 2021, 12:07 PM
Herald added a subscriber: imp. · View Herald TranscriptFeb 10 2021, 12:07 PM
arichardson requested review of this revision.Feb 10 2021, 12:07 PM
Harbormaster completed remote builds in B36858: Diff 83635.Feb 10 2021, 12:07 PM
emaste added inline comments.Feb 10 2021, 2:59 PM
usr.sbin/makefs/mtree.c
786–787

I think I like this one slightly better

emaste accepted this revision.Feb 10 2021, 3:07 PM

LGTM. I'd probably not use "avoid UAF" in the comment though, we are resetting st because it has been invalidated by freeing node->inode

This revision is now accepted and ready to land.Feb 10 2021, 3:07 PM
arichardson updated this revision to Diff 83638.Feb 10 2021, 3:12 PM

Update comment and use first approach

This revision now requires review to proceed.Feb 10 2021, 3:12 PM
Harbormaster completed remote builds in B36860: Diff 83638.Feb 10 2021, 3:12 PM
arichardson marked an inline comment as done.Feb 10 2021, 3:12 PM
emaste accepted this revision.Feb 10 2021, 3:13 PM
This revision is now accepted and ready to land.Feb 10 2021, 3:13 PM
Closed by commit rG12ad8bdb34aa: usr.sbin/makefs: fix use-after-free in read_mtree_keywords() (authored by arichardson). · Explain WhyFeb 10 2021, 3:25 PM
This revision was automatically updated to reflect the committed changes.
arichardson added a commit: rG12ad8bdb34aa: usr.sbin/makefs: fix use-after-free in read_mtree_keywords().

Revision Contents
Changeset List

PathSize
usr.sbin/
makefs/
2 lines

Diff 83638

View Options

usr.sbin/makefs/mtree.c

Loading...