[PATCH] erofs-utils: fix use after free in closedir

Gao Xiang hsiangkao at redhat.com
Fri Nov 27 21:46:40 AEDT 2020


Hi Jianan,

On Fri, Nov 27, 2020 at 06:15:11PM +0800, Huang Jianan wrote:
> No need to closedir _dir again since it has been released.
> 
> Signed-off-by: Huang Jianan <huangjianan at oppo.com>
> Signed-off-by: Guo Weichao <guoweichao at oppo.com>
> ---
>  lib/inode.c | 5 +++--
>  1 file changed, 3 insertions(+), 2 deletions(-)
> 
> diff --git a/lib/inode.c b/lib/inode.c
> index eb2e0f2..2397bc7 100644
> --- a/lib/inode.c
> +++ b/lib/inode.c
> @@ -958,11 +958,11 @@ struct erofs_inode *erofs_mkfs_build_tree(struct erofs_inode *dir)
>  
>  	ret = erofs_prepare_dir_file(dir);
>  	if (ret)
> -		goto err_closedir;
> +		goto err;
>  
>  	ret = erofs_prepare_inode_buffer(dir);
>  	if (ret)
> -		goto err_closedir;
> +		goto err;

Thanks for finding this, after looking into the current dev branch,
I think

		if (IS_ERR(d->inode)) {
			ret = PTR_ERR(d->inode);
fail:
			d->inode = NULL;
			d->type = EROFS_FT_UNKNOWN;
			goto err_closedir;
		}

needs to be fixed as well.
You could fix it or I can also send the next version about this
if needed.


Thanks,
Gao Xiang

>  
>  	if (IS_ROOT(dir))
>  		erofs_fixup_meta_blkaddr(dir);
> @@ -1003,6 +1003,7 @@ fail:
>  
>  err_closedir:
>  	closedir(_dir);
> +err:
>  	return ERR_PTR(ret);
>  }
>  
> -- 
> 2.25.1
> 



More information about the Linux-erofs mailing list