mount: Fix UAF in option string handling

Signed-off-by: Kent Overstreet <kent.overstreet@linux.dev>
author: Kent Overstreet <kent.overstreet@linux.dev> 2024-07-22 11:22:34 -0400
committer: Kent Overstreet <kent.overstreet@linux.dev> 2024-07-22 11:22:34 -0400
commit: 57cd58db1e7945c65ff03035fc54f69b5b3bd565 (patch)
tree: 021e18d05a1445e99de3c957e18ad7388524e09a
parent: dfc39d36c4a7e3ab0a9503a7aa3a252480a2be12 (diff)
1 files changed, 5 insertions, 2 deletions
diff --git a/src/commands/mount.rs b/src/commands/mount.rs
index 3a524c5c..65f62299 100644
--- a/src/commands/mount.rs
+++ b/src/commands/mount.rs
@@ -35,7 +35,7 @@ fn mount_inner(
     // convert to pointers for ffi
     let src = src.as_ptr();
     let target = target.as_ptr();
-    let data = data.map_or(ptr::null(), |data| data.as_ptr().cast());
+    let data_ptr = data.as_ref().map_or(ptr::null(), |data| data.as_ptr().cast());
     let fstype = fstype.as_ptr();
 
     let mut ret;
@@ -43,7 +43,7 @@ fn mount_inner(
         ret = {
             info!("mounting filesystem");
             // REQUIRES: CAP_SYS_ADMIN
-            unsafe { libc::mount(src, target, fstype, mountflags, data) }
+            unsafe { libc::mount(src, target, fstype, mountflags, data_ptr) }
         };
 
         let err = errno::errno().0;
@@ -58,6 +58,9 @@ fn mount_inner(
         println!("mount: device write-protected, mounting read-only");
         mountflags |= libc::MS_RDONLY;
     }
+
+    drop(data);
+
     match ret {
         0 => Ok(()),
         _ => Err(crate::ErrnoError(errno::errno()).into()),
author	Kent Overstreet <kent.overstreet@linux.dev>	2024-07-22 11:22:34 -0400
committer	Kent Overstreet <kent.overstreet@linux.dev>	2024-07-22 11:22:34 -0400
commit	57cd58db1e7945c65ff03035fc54f69b5b3bd565 (patch)
tree	021e18d05a1445e99de3c957e18ad7388524e09a
parent	dfc39d36c4a7e3ab0a9503a7aa3a252480a2be12 (diff)