diff options
| author | alfred <alfred@FreeBSD.org> | 2004-09-05 22:24:28 +0000 |
|---|---|---|
| committer | alfred <alfred@FreeBSD.org> | 2004-09-05 22:24:28 +0000 |
| commit | a91f58745724ed827c6e2ffbdf0be7b20c1ef29f (patch) | |
| tree | 4bfa55cad48108d95d2fa94e4101de9d93c183f5 | |
| parent | 4adf97c04d8b13231f16ad83651af84a422d145e (diff) | |
| download | FreeBSD-src-a91f58745724ed827c6e2ffbdf0be7b20c1ef29f.zip FreeBSD-src-a91f58745724ed827c6e2ffbdf0be7b20c1ef29f.tar.gz | |
It's too easy to panic the machine when INVARIANTS are turned on
and you botch a call to nmount(2).
This is because there is an INVARIANTS check that asserts that
opt->len must be zero if opt->val is not NULL. The problem is that
the code does not actually follow this invariant if there is an
error while processing mount options.
Fix the code to honor the INVARIANT.
Silence on: fs@
| -rw-r--r-- | sys/kern/vfs_mount.c | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/sys/kern/vfs_mount.c b/sys/kern/vfs_mount.c index 9f995f4..8e547b0 100644 --- a/sys/kern/vfs_mount.c +++ b/sys/kern/vfs_mount.c @@ -274,7 +274,7 @@ vfs_buildopts(struct uio *auio, struct vfsoptlist **options) optlen = auio->uio_iov[i + 1].iov_len; opt->name = malloc(namelen, M_MOUNT, M_WAITOK); opt->value = NULL; - opt->len = optlen; + opt->len = 0; /* * Do this early, so jumps to "bad" will free the current @@ -308,6 +308,7 @@ vfs_buildopts(struct uio *auio, struct vfsoptlist **options) goto bad; } if (optlen != 0) { + opt->len = optlen; opt->value = malloc(optlen, M_MOUNT, M_WAITOK); if (auio->uio_segflg == UIO_SYSSPACE) { bcopy(auio->uio_iov[i + 1].iov_base, opt->value, |
