umount segfaults with inconsistent entry in /etc/fstab
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
util-linux (Ubuntu) |
Confirmed
|
Undecided
|
Unassigned |
Bug Description
Binary package hint: util-linux
Reproduced on Maverick using util-linux version 2.17.2-0ubuntu1.
If /etc/fstab has an incorrect mount directory for an already mounted device, 'umount <device>' will segfault when run as an unprivileged user.
Steps to reproduce:
cd /tmp
# Create and mount a loopback file
dd if=/dev/zero of=file bs=1024 count=300; mkdir fs
sudo losetup /dev/loop0 file; sudo mkfs /dev/loop0
sudo mount /dev/loop0 fs/
# Add entry to /etc/fstab with incorrect/missing mount directory
echo /tmp/fs | sudo tee -a /etc/fstab
# Try umounting as an unprivileged user
umount /tmp/fs
# Segfault!
Applying the attached patch fixes the segfault. The semantics of this patch are likely wrong, but at least this demonstrates the codepath taken (fs escapes from the revelant block being NULL, only to be dereferenced on the next line).
tags: | added: patch |
Fixed by upstream commit 6c7f688b1f46c6f b31aa8a4a27d493 c90e9ded37.