lib/vfscore: Fix bug where newdp is freed before initialization

When vp->v_type == VDIR we jump to out where newdp is freed
via the drele call but newdp has yet to be initialized. We
solve this by checking the output of namei first.

Signed-off-by: Constantin Raducanu <raducanu.costi@gmail.com>
Reviewed-by: Felipe Huici <felipe.huici@neclab.eu>

diff --git a/lib/vfscore/syscalls.c b/lib/vfscore/syscalls.c
index ce512742a914743e463f4492a40d7a2f0d5ee626..c54819057c3a4fe4f1a777b7d78b4dd85fd08d5b 100644 (file)
--- a/lib/vfscore/syscalls.c
+++ b/lib/vfscore/syscalls.c
@@ -940,17 +940,17 @@ sys_link(char *oldpath, char *newpath)
        vp = olddp->d_vnode;
        vn_lock(vp);
 
-       if (vp->v_type == VDIR) {
-               error = EPERM;
-               goto out;
-       }
-
        /* If newpath exists, it shouldn't be overwritten */
        if (!namei(newpath, &newdp)) {
                error = EEXIST;
                goto out;
        }
 
+       if (vp->v_type == VDIR) {
+               error = EPERM;
+               goto out;
+       }
+
        /* Get pointer to the parent dentry of newpath */
        if ((error = lookup(newpath, &newdirdp, &name)) != 0)
                goto out;