nspawn: fix use-after-free and leak in error paths

author Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>

Sat, 7 Mar 2015 19:19:20 +0000 (14:19 -0500)

committer Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>

Sat, 7 Mar 2015 19:19:20 +0000 (14:19 -0500)
author Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>
Sat, 7 Mar 2015 19:19:20 +0000 (14:19 -0500)
committer Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>
Sat, 7 Mar 2015 19:19:20 +0000 (14:19 -0500)
diff --git a/src/nspawn/nspawn.c b/src/nspawn/nspawn.c

index 8833704..c851fdd 100644 (file)
--- a/src/nspawn/nspawn.c
+++ b/src/nspawn/nspawn.c
@@ -3735,7 +3735,7 @@ int main(int argc, char *argv[]) {
                  }
  
                  if (arg_ephemeral) {
-                        char *np;
+                        _cleanup_free_ char *np = NULL;
  
                          /* If the specified path is a mount point we
                           * generate the new snapshot immediately
@@ -3765,13 +3765,13 @@ int main(int argc, char *argv[]) {
  
                          r = btrfs_subvol_snapshot(arg_directory, np, arg_read_only, true);
                          if (r < 0) {
-                                free(np);
                                  log_error_errno(r, "Failed to create snapshot %s from %s: %m", np, arg_directory);
                                  goto finish;
                          }
  
                          free(arg_directory);
                          arg_directory = np;
+                        np = NULL;
  
                          remove_subvol = true;
author	Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>
	Sat, 7 Mar 2015 19:19:20 +0000 (14:19 -0500)
committer	Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>
	Sat, 7 Mar 2015 19:19:20 +0000 (14:19 -0500)