Date: Sat, 29 Aug 2020 22:09:36 +0000 (UTC) From: Jamie Gritton <jamie@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-12@freebsd.org Subject: svn commit: r364969 - stable/12/sys/kern Message-ID: <202008292209.07TM9a48065429@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: jamie Date: Sat Aug 29 22:09:36 2020 New Revision: 364969 URL: https://svnweb.freebsd.org/changeset/base/364969 Log: Fix a null dereference when debug.disablefullpath=1 and jail created with path=/. PR: 214881 Submitted by: aler (at) playground.ru Reported by: aler (at) playground.ru Modified: stable/12/sys/kern/kern_jail.c Modified: stable/12/sys/kern/kern_jail.c ============================================================================== --- stable/12/sys/kern/kern_jail.c Sat Aug 29 21:47:49 2020 (r364968) +++ stable/12/sys/kern/kern_jail.c Sat Aug 29 22:09:36 2020 (r364969) @@ -943,40 +943,45 @@ kern_jail_set(struct thread *td, struct uio *optuio, i error = EINVAL; goto done_free; } - NDINIT(&nd, LOOKUP, FOLLOW | LOCKLEAF, UIO_SYSSPACE, - path, td); - error = namei(&nd); - if (error) - goto done_free; - root = nd.ni_vp; - NDFREE(&nd, NDF_ONLY_PNBUF); - g_path = malloc(MAXPATHLEN, M_TEMP, M_WAITOK); - strlcpy(g_path, path, MAXPATHLEN); - error = vn_path_to_global_path(td, root, g_path, MAXPATHLEN); - if (error == 0) - path = g_path; - else if (error == ENODEV) { - /* proceed if sysctl debug.disablefullpath == 1 */ - fullpath_disabled = 1; - if (len < 2 || (len == 2 && path[0] == '/')) - path = NULL; - } else { - /* exit on other errors */ - goto done_free; - } - if (root->v_type != VDIR) { - error = ENOTDIR; - vput(root); - goto done_free; - } - VOP_UNLOCK(root, 0); - if (fullpath_disabled) { - /* Leave room for a real-root full pathname. */ - if (len + (path[0] == '/' && strcmp(mypr->pr_path, "/") - ? strlen(mypr->pr_path) : 0) > MAXPATHLEN) { - error = ENAMETOOLONG; - vrele(root); + if (len < 2 || (len == 2 && path[0] == '/')) + path = NULL; + else + { + NDINIT(&nd, LOOKUP, FOLLOW | LOCKLEAF, UIO_SYSSPACE, + path, td); + error = namei(&nd); + if (error) goto done_free; + root = nd.ni_vp; + NDFREE(&nd, NDF_ONLY_PNBUF); + g_path = malloc(MAXPATHLEN, M_TEMP, M_WAITOK); + strlcpy(g_path, path, MAXPATHLEN); + error = vn_path_to_global_path(td, root, g_path, + MAXPATHLEN); + if (error == 0) + path = g_path; + else if (error == ENODEV) { + /* means sysctl debug.disablefullpath == 1 */ + fullpath_disabled = 1; + } else { + /* exit on other errors */ + goto done_free; + } + if (root->v_type != VDIR) { + error = ENOTDIR; + vput(root); + goto done_free; + } + VOP_UNLOCK(root, 0); + if (fullpath_disabled) { + /* Leave room for a real-root full pathname. */ + if (len + (path[0] == '/' && + strcmp(mypr->pr_path, "/") + ? strlen(mypr->pr_path) : 0) > MAXPATHLEN) { + error = ENAMETOOLONG; + vrele(root); + goto done_free; + } } } }
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202008292209.07TM9a48065429>