Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fixup: smart: sys_mount: UAF vulnerability #9523

Merged
merged 1 commit into from
Oct 21, 2024

Conversation

polarvid
Copy link
Contributor

@polarvid polarvid commented Oct 11, 2024

拉取/合并请求描述:(PR description)

[

为什么提交这份PR (why to submit this PR)

This patch addresses a use-after-free (UAF) vulnerability in the sys_mount. The issue occurred due to improper handling of memory deallocation, which could lead to crashes or undefined behavior on user request of mounting.

你的解决方案是什么 (what is your solution)

Changes:

  • Moved the rt_free(copy_source) function call to occur after the necessary operations are completed, preventing premature deallocation of memory.

请提供验证的bsp和config (provide the config and bsp)

  • BSP:
  • .config:
  • action:

]

当前拉取/合并请求的状态 Intent for your PR

必须选择一项 Choose one (Mandatory):

  • 本拉取/合并请求是一个草稿版本 This PR is for a code-review and is intended to get feedback
  • 本拉取/合并请求是一个成熟版本 This PR is mature, and ready to be integrated into the repo

代码质量 Code Quality:

我在这个拉取/合并请求中已经考虑了 As part of this pull request, I've considered the following:

  • 已经仔细查看过代码改动的对比 Already check the difference between PR and old code
  • 代码风格正确,包括缩进空格,命名及其他风格 Style guide is adhered to, including spacing, naming and other styles
  • 没有垃圾代码,代码尽量精简,不包含#if 0代码,不包含已经被注释了的代码 All redundant code is removed and cleaned up
  • 所有变更均有原因及合理的,并且不会影响到其他软件组件代码或BSP All modifications are justified and not affect other components or BSP
  • 对难懂代码均提供对应的注释 I've commented appropriately where code is tricky
  • 代码是高质量的 Code in this PR is of high quality
  • 已经使用formatting 等源码格式化工具确保格式符合RT-Thread代码规范 This PR complies with RT-Thread code specification

This patch addresses a use-after-free (UAF) vulnerability in the
sys_mount. The issue occurred due to improper handling of memory
deallocation, which could lead to crashes or undefined behavior on user
request of mounting.

Changes made:
- Moved the `rt_free(copy_source)` function call to occur after the necessary
  operations are completed, preventing premature deallocation of memory.

Signed-off-by: Shell <[email protected]>
@github-actions github-actions bot added RT-Smart RT-Thread Smart related PR or issues component: lwp Component labels Oct 11, 2024
@polarvid polarvid marked this pull request as ready for review October 11, 2024 07:19
@mysterywolf mysterywolf reopened this Oct 11, 2024
@Rbb666 Rbb666 merged commit cfe1768 into RT-Thread:master Oct 21, 2024
86 of 87 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
component: lwp Component RT-Smart RT-Thread Smart related PR or issues
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants