|
 |
17b0f1 |
From 45f3c8e04093a1ed871eb67aa4c1c28b11d3346c Mon Sep 17 00:00:00 2001
|
|
|
17b0f1 |
From: Jan Synacek <jan.synacek@gmail.com>
|
|
|
17b0f1 |
Date: Tue, 3 Jan 2017 21:34:36 +0100
|
|
|
17b0f1 |
Subject: [PATCH] shared: fix double free in unmask (#5005)
|
|
|
17b0f1 |
|
|
|
17b0f1 |
Easily reproducible:
|
|
|
17b0f1 |
1) systemctl mask foo
|
|
|
17b0f1 |
2) systemctl unmask foo foo
|
|
|
17b0f1 |
|
|
|
17b0f1 |
The problem here is that the *i that is put into todo[] is later freed
|
|
|
17b0f1 |
in strv_uniq(), which is not directly visible from this patch. Somewhere
|
|
|
17b0f1 |
further in the code, the string that *i pointed to is freed again. That
|
|
|
17b0f1 |
happens only when multiple services with the same name/path are specified.
|
|
|
17b0f1 |
|
|
|
17b0f1 |
(cherry picked from commit dc7dd61de610e9330abe7014860acfa733887d5e)
|
|
|
17b0f1 |
Resolves: #1409997
|
|
|
17b0f1 |
---
|
|
|
17b0f1 |
src/shared/install.c | 4 ++--
|
|
|
17b0f1 |
1 file changed, 2 insertions(+), 2 deletions(-)
|
|
|
17b0f1 |
|
|
|
17b0f1 |
diff --git a/src/shared/install.c b/src/shared/install.c
|
|
|
17b0f1 |
index f01a212620..1b59a96b15 100644
|
|
|
17b0f1 |
--- a/src/shared/install.c
|
|
|
17b0f1 |
+++ b/src/shared/install.c
|
|
|
17b0f1 |
@@ -1602,7 +1602,7 @@ int unit_file_unmask(
|
|
|
17b0f1 |
|
|
|
17b0f1 |
_cleanup_set_free_free_ Set *remove_symlinks_to = NULL;
|
|
|
17b0f1 |
_cleanup_free_ char *config_path = NULL;
|
|
|
17b0f1 |
- _cleanup_free_ char **todo = NULL;
|
|
|
17b0f1 |
+ _cleanup_strv_free_ char **todo = NULL;
|
|
|
17b0f1 |
size_t n_todo = 0, n_allocated = 0;
|
|
|
17b0f1 |
char **i;
|
|
|
17b0f1 |
int r, q;
|
|
|
17b0f1 |
@@ -1639,7 +1639,7 @@ int unit_file_unmask(
|
|
|
17b0f1 |
if (!GREEDY_REALLOC0(todo, n_allocated, n_todo + 2))
|
|
|
17b0f1 |
return -ENOMEM;
|
|
|
17b0f1 |
|
|
|
17b0f1 |
- todo[n_todo++] = *i;
|
|
|
17b0f1 |
+ todo[n_todo++] = strdup(*i);
|
|
|
17b0f1 |
}
|
|
|
17b0f1 |
|
|
|
17b0f1 |
strv_uniq(todo);
|