|
 |
ab3a3d |
autofs-5.0.7 - fix several off by one errors
|
|
|
ab3a3d |
|
|
|
ab3a3d |
From: Ian Kent <raven@themaw.net>
|
|
|
ab3a3d |
|
|
|
ab3a3d |
Fix several off-by-one array reference errors and a couple of short allocation
|
|
|
ab3a3d |
errors.
|
|
|
ab3a3d |
---
|
|
|
ab3a3d |
daemon/spawn.c | 10 +++++-----
|
|
|
ab3a3d |
lib/defaults.c | 2 +-
|
|
|
ab3a3d |
modules/lookup_ldap.c | 8 ++++----
|
|
|
ab3a3d |
modules/parse_hesiod.c | 2 +-
|
|
|
ab3a3d |
modules/parse_sun.c | 2 +-
|
|
|
ab3a3d |
5 files changed, 12 insertions(+), 12 deletions(-)
|
|
|
ab3a3d |
|
|
|
ab3a3d |
diff --git a/daemon/spawn.c b/daemon/spawn.c
|
|
|
ab3a3d |
index 3b4a009..9b8d5a2 100644
|
|
|
ab3a3d |
--- a/daemon/spawn.c
|
|
|
ab3a3d |
+++ b/daemon/spawn.c
|
|
|
ab3a3d |
@@ -320,7 +320,7 @@ int spawn_mount(unsigned logopt, ...)
|
|
|
ab3a3d |
unsigned int retries = MTAB_LOCK_RETRIES;
|
|
|
ab3a3d |
int update_mtab = 1, ret, printed = 0;
|
|
|
ab3a3d |
unsigned int wait = defaults_get_mount_wait();
|
|
|
ab3a3d |
- char buf[PATH_MAX];
|
|
|
ab3a3d |
+ char buf[PATH_MAX + 1];
|
|
|
ab3a3d |
|
|
|
ab3a3d |
/* If we use mount locking we can't validate the location */
|
|
|
ab3a3d |
#ifdef ENABLE_MOUNT_LOCKING
|
|
|
ab3a3d |
@@ -346,7 +346,7 @@ int spawn_mount(unsigned logopt, ...)
|
|
|
ab3a3d |
}
|
|
|
ab3a3d |
|
|
|
ab3a3d |
/* Alloc 1 extra slot in case we need to use the "-f" option */
|
|
|
ab3a3d |
- if (!(argv = alloca(sizeof(char *) * argc + 2)))
|
|
|
ab3a3d |
+ if (!(argv = alloca(sizeof(char *) * (argc + 2))))
|
|
|
ab3a3d |
return -1;
|
|
|
ab3a3d |
|
|
|
ab3a3d |
argv[0] = arg0;
|
|
|
ab3a3d |
@@ -448,7 +448,7 @@ int spawn_bind_mount(unsigned logopt, ...)
|
|
|
ab3a3d |
unsigned int options;
|
|
|
ab3a3d |
unsigned int retries = MTAB_LOCK_RETRIES;
|
|
|
ab3a3d |
int update_mtab = 1, ret, printed = 0;
|
|
|
ab3a3d |
- char buf[PATH_MAX];
|
|
|
ab3a3d |
+ char buf[PATH_MAX + 1];
|
|
|
ab3a3d |
|
|
|
ab3a3d |
/* If we use mount locking we can't validate the location */
|
|
|
ab3a3d |
#ifdef ENABLE_MOUNT_LOCKING
|
|
|
ab3a3d |
@@ -477,7 +477,7 @@ int spawn_bind_mount(unsigned logopt, ...)
|
|
|
ab3a3d |
}
|
|
|
ab3a3d |
}
|
|
|
ab3a3d |
|
|
|
ab3a3d |
- if (!(argv = alloca(sizeof(char *) * argc + 2)))
|
|
|
ab3a3d |
+ if (!(argv = alloca(sizeof(char *) * (argc + 2))))
|
|
|
ab3a3d |
return -1;
|
|
|
ab3a3d |
|
|
|
ab3a3d |
argv[0] = arg0;
|
|
|
ab3a3d |
@@ -556,7 +556,7 @@ int spawn_umount(unsigned logopt, ...)
|
|
|
ab3a3d |
unsigned int retries = MTAB_LOCK_RETRIES;
|
|
|
ab3a3d |
int update_mtab = 1, ret, printed = 0;
|
|
|
ab3a3d |
unsigned int wait = defaults_get_umount_wait();
|
|
|
ab3a3d |
- char buf[PATH_MAX];
|
|
|
ab3a3d |
+ char buf[PATH_MAX + 1];
|
|
|
ab3a3d |
|
|
|
ab3a3d |
#ifdef ENABLE_MOUNT_LOCKING
|
|
|
ab3a3d |
options = SPAWN_OPT_LOCK;
|
|
|
ab3a3d |
diff --git a/lib/defaults.c b/lib/defaults.c
|
|
|
ab3a3d |
index ae1162f..1e89509 100644
|
|
|
ab3a3d |
--- a/lib/defaults.c
|
|
|
ab3a3d |
+++ b/lib/defaults.c
|
|
|
ab3a3d |
@@ -227,7 +227,7 @@ void defaults_free_uris(struct list_head *list)
|
|
|
ab3a3d |
static unsigned int add_uris(char *value, struct list_head *list)
|
|
|
ab3a3d |
{
|
|
|
ab3a3d |
char *str, *tok, *ptr = NULL;
|
|
|
ab3a3d |
- size_t len = strlen(value);
|
|
|
ab3a3d |
+ size_t len = strlen(value) + 1;
|
|
|
ab3a3d |
|
|
|
ab3a3d |
str = alloca(len);
|
|
|
ab3a3d |
if (!str)
|
|
|
ab3a3d |
diff --git a/modules/lookup_ldap.c b/modules/lookup_ldap.c
|
|
|
ab3a3d |
index 83e3215..17cbe9a 100644
|
|
|
ab3a3d |
--- a/modules/lookup_ldap.c
|
|
|
ab3a3d |
+++ b/modules/lookup_ldap.c
|
|
|
ab3a3d |
@@ -2234,8 +2234,8 @@ static int do_get_entries(struct ldap_search_params *sp, struct map_source *sour
|
|
|
ab3a3d |
mapent = new_me;
|
|
|
ab3a3d |
strcat(mapent, " ");
|
|
|
ab3a3d |
strncat(mapent, v_val, v_len);
|
|
|
ab3a3d |
- mapent[new_size] = '\0';
|
|
|
ab3a3d |
- mapent_len = new_size;
|
|
|
ab3a3d |
+ mapent[new_size - 1] = '\0';
|
|
|
ab3a3d |
+ mapent_len = new_size - 1;
|
|
|
ab3a3d |
} else {
|
|
|
ab3a3d |
char *estr;
|
|
|
ab3a3d |
estr = strerror_r(errno, buf, sizeof(buf));
|
|
|
ab3a3d |
@@ -2723,8 +2723,8 @@ static int lookup_one(struct autofs_point *ap,
|
|
|
ab3a3d |
mapent = new_me;
|
|
|
ab3a3d |
strcat(mapent, " ");
|
|
|
ab3a3d |
strncat(mapent, v_val, v_len);
|
|
|
ab3a3d |
- mapent[new_size] = '\0';
|
|
|
ab3a3d |
- mapent_len = new_size;
|
|
|
ab3a3d |
+ mapent[new_size - 1] = '\0';
|
|
|
ab3a3d |
+ mapent_len = new_size - 1;
|
|
|
ab3a3d |
} else {
|
|
|
ab3a3d |
char *estr;
|
|
|
ab3a3d |
estr = strerror_r(errno, buf, sizeof(buf));
|
|
|
ab3a3d |
diff --git a/modules/parse_hesiod.c b/modules/parse_hesiod.c
|
|
|
ab3a3d |
index 7a6a57d..237fd50 100644
|
|
|
ab3a3d |
--- a/modules/parse_hesiod.c
|
|
|
ab3a3d |
+++ b/modules/parse_hesiod.c
|
|
|
ab3a3d |
@@ -117,7 +117,7 @@ static int parse_nfs(struct autofs_point *ap,
|
|
|
ab3a3d |
p++;
|
|
|
ab3a3d |
|
|
|
ab3a3d |
/* Isolate the remote mountpoint for this NFS fs. */
|
|
|
ab3a3d |
- for (i = 0; (!isspace(p[i]) && i < (int) sizeof(mount)); i++) {
|
|
|
ab3a3d |
+ for (i = 0; (!isspace(p[i]) && i < ((int) sizeof(mount) - 1)); i++) {
|
|
|
ab3a3d |
if (!p[i]) {
|
|
|
ab3a3d |
error(ap->logopt, MODPREFIX
|
|
|
ab3a3d |
"unexpeced end of input looking for NFS "
|
|
|
ab3a3d |
diff --git a/modules/parse_sun.c b/modules/parse_sun.c
|
|
|
ab3a3d |
index ae1caf7..c1fc528 100644
|
|
|
ab3a3d |
--- a/modules/parse_sun.c
|
|
|
ab3a3d |
+++ b/modules/parse_sun.c
|
|
|
ab3a3d |
@@ -1135,7 +1135,7 @@ static int mount_subtree(struct autofs_point *ap, struct mapent *me,
|
|
|
ab3a3d |
}
|
|
|
ab3a3d |
ro_len = strlen(ro_loc);
|
|
|
ab3a3d |
|
|
|
ab3a3d |
- tmp = alloca(mnt_root_len + 1);
|
|
|
ab3a3d |
+ tmp = alloca(mnt_root_len + 2);
|
|
|
ab3a3d |
strcpy(tmp, mnt_root);
|
|
|
ab3a3d |
tmp[mnt_root_len] = '/';
|
|
|
ab3a3d |
tmp[mnt_root_len + 1] = '\0';
|