cifs-utils/0009-mount.cifs-fix-crash-when-mount-point-does-not-exist.patch

From 9ad46fc480818e48868ba841a8a1eed9a74e7294 Mon Sep 17 00:00:00 2001
From: Paulo Alcantara <pc@cjr.nz>
Date: Thu, 6 May 2021 16:25:13 -0300
Subject: [PATCH] mount.cifs: fix crash when mount point does not exist

@mountpointp is initially set to a statically allocated string in
main(), and if we fail to update it in acquire_mountpoint(), make sure
to set it to NULL and avoid freeing it at mount_exit.

This fixes the following crash

	$ mount.cifs //srv/share /mnt/foo/bar -o ...
	Couldn't chdir to /mnt/foo/bar: No such file or directory
	munmap_chunk(): invalid pointer
	Aborted

Signed-off-by: Paulo Alcantara (SUSE) <pc@cjr.nz>
Reviewed-by: Aurelien Aptel <aaptel@suse.com>
---
 mount.cifs.c | 13 ++++++++-----
 1 file changed, 8 insertions(+), 5 deletions(-)

diff --git a/mount.cifs.c b/mount.cifs.c
index 7f898bb..84274c9 100644
--- a/mount.cifs.c
+++ b/mount.cifs.c
@@ -1996,9 +1996,9 @@ acquire_mountpoint(char **mountpointp)
 	 */
 	realuid = getuid();
 	if (realuid == 0) {
-		dacrc = toggle_dac_capability(0, 1);
-		if (dacrc)
-			return dacrc;
+		rc = toggle_dac_capability(0, 1);
+		if (rc)
+			goto out;
 	} else {
 		oldfsuid = setfsuid(realuid);
 		oldfsgid = setfsgid(getgid());
@@ -2019,7 +2019,6 @@ acquire_mountpoint(char **mountpointp)
 		rc = EX_SYSERR;
 	}
 
-	*mountpointp = mountpoint;
 restore_privs:
 	if (realuid == 0) {
 		dacrc = toggle_dac_capability(0, 0);
@@ -2030,9 +2029,13 @@ restore_privs:
 		gid_t __attribute__((unused)) gignore = setfsgid(oldfsgid);
 	}
 
-	if (rc)
+out:
+	if (rc) {
 		free(mountpoint);
+		mountpoint = NULL;
+	}
 
+	*mountpointp = mountpoint;
 	return rc;
 }
 
-- 
2.33.0