|
 |
4d476f |
autofs-5.0.7 - fix potential null dereference in lookup_mount()
|
|
|
4d476f |
|
|
|
4d476f |
From: Ian Kent <raven@themaw.net>
|
|
|
4d476f |
|
|
|
4d476f |
Updating a negative cache entry should always find an entry but the entry
|
|
|
4d476f |
lookup return isn't checked and probably should be.
|
|
|
4d476f |
|
|
|
4d476f |
Since this code is duplicated in several modules add it as a function to
|
|
|
4d476f |
the cache handling code.
|
|
|
4d476f |
---
|
|
|
4d476f |
include/automount.h | 1 +
|
|
|
4d476f |
lib/cache.c | 20 ++++++++++++++++++++
|
|
|
4d476f |
modules/lookup_file.c | 11 +----------
|
|
|
4d476f |
modules/lookup_ldap.c | 12 +-----------
|
|
|
4d476f |
modules/lookup_sss.c | 12 +-----------
|
|
|
4d476f |
modules/lookup_yp.c | 12 ++----------
|
|
|
4d476f |
6 files changed, 26 insertions(+), 42 deletions(-)
|
|
|
4d476f |
|
|
|
4d476f |
diff --git a/include/automount.h b/include/automount.h
|
|
|
4d476f |
index 6ced842..71787a5 100644
|
|
|
4d476f |
--- a/include/automount.h
|
|
|
4d476f |
+++ b/include/automount.h
|
|
|
4d476f |
@@ -189,6 +189,7 @@ struct mapent *cache_lookup_offset(const char *prefix, const char *offset, int s
|
|
|
4d476f |
struct mapent *cache_partial_match(struct mapent_cache *mc, const char *prefix);
|
|
|
4d476f |
int cache_add(struct mapent_cache *mc, struct map_source *ms, const char *key, const char *mapent, time_t age);
|
|
|
4d476f |
int cache_update_offset(struct mapent_cache *mc, const char *mkey, const char *key, const char *mapent, time_t age);
|
|
|
4d476f |
+void cache_update_negative(struct mapent_cache *mc, struct map_source *ms, const char *key, time_t timeout);
|
|
|
4d476f |
int cache_set_parents(struct mapent *mm);
|
|
|
4d476f |
int cache_update(struct mapent_cache *mc, struct map_source *ms, const char *key, const char *mapent, time_t age);
|
|
|
4d476f |
int cache_delete(struct mapent_cache *mc, const char *key);
|
|
|
4d476f |
diff --git a/lib/cache.c b/lib/cache.c
|
|
|
4d476f |
index ecace4a..be4917b 100644
|
|
|
4d476f |
--- a/lib/cache.c
|
|
|
4d476f |
+++ b/lib/cache.c
|
|
|
4d476f |
@@ -680,6 +680,26 @@ done:
|
|
|
4d476f |
return ret;
|
|
|
4d476f |
}
|
|
|
4d476f |
|
|
|
4d476f |
+void cache_update_negative(struct mapent_cache *mc,
|
|
|
4d476f |
+ struct map_source *ms, const char *key,
|
|
|
4d476f |
+ time_t timeout)
|
|
|
4d476f |
+{
|
|
|
4d476f |
+ time_t now = time(NULL);
|
|
|
4d476f |
+ struct mapent *me;
|
|
|
4d476f |
+ int rv = CHE_OK;
|
|
|
4d476f |
+
|
|
|
4d476f |
+ me = cache_lookup_distinct(mc, key);
|
|
|
4d476f |
+ if (!me)
|
|
|
4d476f |
+ rv = cache_update(mc, ms, key, NULL, now);
|
|
|
4d476f |
+ if (rv != CHE_FAIL) {
|
|
|
4d476f |
+ me = cache_lookup_distinct(mc, key);
|
|
|
4d476f |
+ if (me)
|
|
|
4d476f |
+ me->status = now + timeout;
|
|
|
4d476f |
+ }
|
|
|
4d476f |
+ return;
|
|
|
4d476f |
+}
|
|
|
4d476f |
+
|
|
|
4d476f |
+
|
|
|
4d476f |
static struct mapent *get_parent(const char *key, struct list_head *head, struct list_head **pos)
|
|
|
4d476f |
{
|
|
|
4d476f |
struct list_head *next;
|
|
|
4d476f |
diff --git a/modules/lookup_file.c b/modules/lookup_file.c
|
|
|
4d476f |
index 2836996..4b4ee89 100644
|
|
|
4d476f |
--- a/modules/lookup_file.c
|
|
|
4d476f |
+++ b/modules/lookup_file.c
|
|
|
4d476f |
@@ -1130,17 +1130,8 @@ do_cache_lookup:
|
|
|
4d476f |
ret = ctxt->parse->parse_mount(ap, key, key_len,
|
|
|
4d476f |
mapent, ctxt->parse->context);
|
|
|
4d476f |
if (ret) {
|
|
|
4d476f |
- time_t now = time(NULL);
|
|
|
4d476f |
- int rv = CHE_OK;
|
|
|
4d476f |
-
|
|
|
4d476f |
cache_writelock(mc);
|
|
|
4d476f |
- me = cache_lookup_distinct(mc, key);
|
|
|
4d476f |
- if (!me)
|
|
|
4d476f |
- rv = cache_update(mc, source, key, NULL, now);
|
|
|
4d476f |
- if (rv != CHE_FAIL) {
|
|
|
4d476f |
- me = cache_lookup_distinct(mc, key);
|
|
|
4d476f |
- me->status = now + ap->negative_timeout;
|
|
|
4d476f |
- }
|
|
|
4d476f |
+ cache_update_negative(mc, source, key, ap->negative_timeout);
|
|
|
4d476f |
cache_unlock(mc);
|
|
|
4d476f |
return NSS_STATUS_TRYAGAIN;
|
|
|
4d476f |
}
|
|
|
4d476f |
diff --git a/modules/lookup_ldap.c b/modules/lookup_ldap.c
|
|
|
4d476f |
index a59de92..26481a8 100644
|
|
|
4d476f |
--- a/modules/lookup_ldap.c
|
|
|
4d476f |
+++ b/modules/lookup_ldap.c
|
|
|
4d476f |
@@ -3011,18 +3011,8 @@ int lookup_mount(struct autofs_point *ap, const char *name, int name_len, void *
|
|
|
4d476f |
ret = ctxt->parse->parse_mount(ap, key, key_len,
|
|
|
4d476f |
mapent, ctxt->parse->context);
|
|
|
4d476f |
if (ret) {
|
|
|
4d476f |
- time_t now = time(NULL);
|
|
|
4d476f |
- int rv = CHE_OK;
|
|
|
4d476f |
-
|
|
|
4d476f |
- /* Record the the mount fail in the cache */
|
|
|
4d476f |
cache_writelock(mc);
|
|
|
4d476f |
- me = cache_lookup_distinct(mc, key);
|
|
|
4d476f |
- if (!me)
|
|
|
4d476f |
- rv = cache_update(mc, source, key, NULL, now);
|
|
|
4d476f |
- if (rv != CHE_FAIL) {
|
|
|
4d476f |
- me = cache_lookup_distinct(mc, key);
|
|
|
4d476f |
- me->status = now + ap->negative_timeout;
|
|
|
4d476f |
- }
|
|
|
4d476f |
+ cache_update_negative(mc, source, key, ap->negative_timeout);
|
|
|
4d476f |
cache_unlock(mc);
|
|
|
4d476f |
return NSS_STATUS_TRYAGAIN;
|
|
|
4d476f |
}
|
|
|
4d476f |
diff --git a/modules/lookup_sss.c b/modules/lookup_sss.c
|
|
|
4d476f |
index 5c2ed0a..1fe740b 100644
|
|
|
4d476f |
--- a/modules/lookup_sss.c
|
|
|
4d476f |
+++ b/modules/lookup_sss.c
|
|
|
4d476f |
@@ -672,18 +672,8 @@ int lookup_mount(struct autofs_point *ap, const char *name, int name_len, void *
|
|
|
4d476f |
ret = ctxt->parse->parse_mount(ap, key, key_len,
|
|
|
4d476f |
mapent, ctxt->parse->context);
|
|
|
4d476f |
if (ret) {
|
|
|
4d476f |
- time_t now = time(NULL);
|
|
|
4d476f |
- int rv = CHE_OK;
|
|
|
4d476f |
-
|
|
|
4d476f |
- /* Record the the mount fail in the cache */
|
|
|
4d476f |
cache_writelock(mc);
|
|
|
4d476f |
- me = cache_lookup_distinct(mc, key);
|
|
|
4d476f |
- if (!me)
|
|
|
4d476f |
- rv = cache_update(mc, source, key, NULL, now);
|
|
|
4d476f |
- if (rv != CHE_FAIL) {
|
|
|
4d476f |
- me = cache_lookup_distinct(mc, key);
|
|
|
4d476f |
- me->status = now + ap->negative_timeout;
|
|
|
4d476f |
- }
|
|
|
4d476f |
+ cache_update_negative(mc, source, key, ap->negative_timeout);
|
|
|
4d476f |
cache_unlock(mc);
|
|
|
4d476f |
return NSS_STATUS_TRYAGAIN;
|
|
|
4d476f |
}
|
|
|
4d476f |
diff --git a/modules/lookup_yp.c b/modules/lookup_yp.c
|
|
|
4d476f |
index a716e1f..e99e3c0 100644
|
|
|
4d476f |
--- a/modules/lookup_yp.c
|
|
|
4d476f |
+++ b/modules/lookup_yp.c
|
|
|
4d476f |
@@ -698,18 +698,10 @@ int lookup_mount(struct autofs_point *ap, const char *name, int name_len, void *
|
|
|
4d476f |
ret = ctxt->parse->parse_mount(ap, key, key_len,
|
|
|
4d476f |
mapent, ctxt->parse->context);
|
|
|
4d476f |
if (ret) {
|
|
|
4d476f |
- time_t now = time(NULL);
|
|
|
4d476f |
- int rv = CHE_OK;
|
|
|
4d476f |
-
|
|
|
4d476f |
cache_writelock(mc);
|
|
|
4d476f |
- me = cache_lookup_distinct(mc, key);
|
|
|
4d476f |
- if (!me)
|
|
|
4d476f |
- rv = cache_update(mc, source, key, NULL, now);
|
|
|
4d476f |
- if (rv != CHE_FAIL) {
|
|
|
4d476f |
- me = cache_lookup_distinct(mc, key);
|
|
|
4d476f |
- me->status = now + ap->negative_timeout;
|
|
|
4d476f |
- }
|
|
|
4d476f |
+ cache_update_negative(mc, source, key, ap->negative_timeout);
|
|
|
4d476f |
cache_unlock(mc);
|
|
|
4d476f |
+ return NSS_STATUS_TRYAGAIN;
|
|
|
4d476f |
}
|
|
|
4d476f |
}
|
|
|
4d476f |
|