umount segfaults with inconsistent entry in /etc/fstab

Bug #726283 reported by Greg Brockman on 2011-02-27
12
This bug affects 2 people
Affects Status Importance Assigned to Milestone
util-linux (Ubuntu)
Undecided
Unassigned

Bug Description

Binary package hint: util-linux

Reproduced on Maverick using util-linux version 2.17.2-0ubuntu1.

If /etc/fstab has an incorrect mount directory for an already mounted device, 'umount <device>' will segfault when run as an unprivileged user.

Steps to reproduce:
cd /tmp
# Create and mount a loopback file
dd if=/dev/zero of=file bs=1024 count=300; mkdir fs
sudo losetup /dev/loop0 file; sudo mkfs /dev/loop0
sudo mount /dev/loop0 fs/
# Add entry to /etc/fstab with incorrect/missing mount directory
echo /tmp/fs | sudo tee -a /etc/fstab
# Try umounting as an unprivileged user
umount /tmp/fs
# Segfault!

Applying the attached patch fixes the segfault. The semantics of this patch are likely wrong, but at least this demonstrates the codepath taken (fs escapes from the revelant block being NULL, only to be dereferenced on the next line).

Greg Brockman (thegdb) wrote :
tags: added: patch
Karel Zak (kzak) wrote :

Fixed by upstream commit 6c7f688b1f46c6fb31aa8a4a27d493c90e9ded37.

Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in util-linux (Ubuntu):
status: New → Confirmed
Jon Brase (jonathan-brase) wrote :

I can reproduce this bug in Lucid.

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers