|
 |
ab3a3d |
autofs-5.0.7 - fix use cache entry after free mistake
|
|
|
ab3a3d |
|
|
|
ab3a3d |
From: Ian Kent <ikent@redhat.com>
|
|
|
ab3a3d |
|
|
|
ab3a3d |
Fix an obvious use after free mistake in lookup_prune_one_cache().
|
|
|
ab3a3d |
---
|
|
|
ab3a3d |
|
|
|
ab3a3d |
CHANGELOG | 1 +
|
|
|
ab3a3d |
daemon/lookup.c | 7 +++++--
|
|
|
ab3a3d |
2 files changed, 6 insertions(+), 2 deletions(-)
|
|
|
ab3a3d |
|
|
|
ab3a3d |
|
|
|
ab3a3d |
diff --git a/CHANGELOG b/CHANGELOG
|
|
|
ab3a3d |
index faf4c80..dc38580 100644
|
|
|
ab3a3d |
--- a/CHANGELOG
|
|
|
ab3a3d |
+++ b/CHANGELOG
|
|
|
ab3a3d |
@@ -1,6 +1,7 @@
|
|
|
ab3a3d |
??/??/2012 autofs-5.0.8
|
|
|
ab3a3d |
=======================
|
|
|
ab3a3d |
- fix nobind sun escaped map entries.
|
|
|
ab3a3d |
+- fix use cache entry after free in lookup_prune_one_cache().
|
|
|
ab3a3d |
|
|
|
ab3a3d |
25/07/2012 autofs-5.0.7
|
|
|
ab3a3d |
=======================
|
|
|
ab3a3d |
diff --git a/daemon/lookup.c b/daemon/lookup.c
|
|
|
ab3a3d |
index 7909536..e3d9536 100644
|
|
|
ab3a3d |
--- a/daemon/lookup.c
|
|
|
ab3a3d |
+++ b/daemon/lookup.c
|
|
|
ab3a3d |
@@ -1103,15 +1103,18 @@ void lookup_prune_one_cache(struct autofs_point *ap, struct mapent_cache *mc, ti
|
|
|
ab3a3d |
if (valid)
|
|
|
ab3a3d |
cache_delete(mc, key);
|
|
|
ab3a3d |
else if (!is_mounted(_PROC_MOUNTS, path, MNTS_AUTOFS)) {
|
|
|
ab3a3d |
+ dev_t devid = ap->dev;
|
|
|
ab3a3d |
status = CHE_FAIL;
|
|
|
ab3a3d |
+ if (ap->type == LKP_DIRECT)
|
|
|
ab3a3d |
+ devid = this->dev;
|
|
|
ab3a3d |
if (this->ioctlfd == -1)
|
|
|
ab3a3d |
status = cache_delete(mc, key);
|
|
|
ab3a3d |
if (status != CHE_FAIL) {
|
|
|
ab3a3d |
if (ap->type == LKP_INDIRECT) {
|
|
|
ab3a3d |
if (ap->flags & MOUNT_FLAG_GHOST)
|
|
|
ab3a3d |
- rmdir_path(ap, path, ap->dev);
|
|
|
ab3a3d |
+ rmdir_path(ap, path, devid);
|
|
|
ab3a3d |
} else
|
|
|
ab3a3d |
- rmdir_path(ap, path, this->dev);
|
|
|
ab3a3d |
+ rmdir_path(ap, path, devid);
|
|
|
ab3a3d |
}
|
|
|
ab3a3d |
}
|
|
|
ab3a3d |
cache_unlock(mc);
|