xfs
[Top] [All Lists]

Re: [PATCH] xfsprogs/quota: fix NULL pointer dereference in report_f

To: Jeff Liu <jeff.liu@xxxxxxxxxx>, "xfs@xxxxxxxxxxx" <xfs@xxxxxxxxxxx>
Subject: Re: [PATCH] xfsprogs/quota: fix NULL pointer dereference in report_f
From: Eric Sandeen <sandeen@xxxxxxxxxxx>
Date: Fri, 11 Jul 2014 20:39:45 -0500
Delivered-to: xfs@xxxxxxxxxxx
In-reply-to: <52849CC5.10109@xxxxxxxxxx>
References: <52849CC5.10109@xxxxxxxxxx>
On 11/14/13, 3:49 AM, Jeff Liu wrote:
> From: Jie Liu <jeff.liu@xxxxxxxxxx>
> 
> Run xfs_quota report against an invalid XFS path without desired quota
> limitation is enabled will hit SEGSEGV as fs_path is uninitialized, e.g.
> 
> # xfs_quota -xc 'report -up' /invalid_path
> xfs_quota: cannot setup path for mount /invalid_path: No such file or 
> directory
> Segmentation fault (core dumped)
> 
> (gdb) r -xc 'report -up' /invalid_path
> xfs_quota: cannot setup path for mount /invalid_path: No such file or 
> directory
> 
> Program received signal SIGSEGV, Segmentation fault.
> 0x0000000000408b4d in report_f (argc=2, argv=0x105ea70) at report.c:627
> 627                   else if (fs_path->fs_flags & FS_MOUNT_POINT)
> 
> This patch fix report_f() to only do report if the fs_path is initialized.
> 
> Signed-off-by: Jie Liu <jeff.liu@xxxxxxxxxx>

Reviewed-by: Eric Sandeen <sandeen@xxxxxxxxxx>

I know hch had grand plans to make this all nicer, but based on Jeff's
followup emails, it looks like this is the only spot needed to simply
resolve the problems w/ nonexistent paths in quota, and is a small,
contained change we can easily make before the next point release.

Thanks,
-Eric

> ---
>  quota/report.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/quota/report.c b/quota/report.c
> index 70894a2..8e3316e 100644
> --- a/quota/report.c
> +++ b/quota/report.c
> @@ -624,7 +624,7 @@ report_f(
>               if (flags & ALL_MOUNTS_FLAG)
>                       report_any_type(fp, form, type, NULL,
>                                       lower, upper, flags);
> -             else if (fs_path->fs_flags & FS_MOUNT_POINT)
> +             else if (fs_path && (fs_path->fs_flags & FS_MOUNT_POINT))
>                       report_any_type(fp, form, type, fs_path->fs_dir,
>                                       lower, upper, flags);
>       } else while (argc > optind) {
> 

<Prev in Thread] Current Thread [Next in Thread>