autofs-5.1.0 - fix buffer size checks in get_network_proximity()

From: Ian Kent <raven@themaw.net>

Add several buffer size checks in get_network_proximity().

---

 CHANGELOG        |    1 +

 lib/parse_subs.c |    8 +++++---

 2 files changed, 6 insertions(+), 3 deletions(-)

--- autofs-5.0.7.orig/CHANGELOG

+++ autofs-5.0.7/CHANGELOG

@@ -135,6 +135,7 @@

 - fix FILE pointer check in defaults_read_config().

 - fix memory leak in conf_amd_get_log_options().

 - fix signed comparison in inet_fill_net().

+- fix buffer size checks in get_network_proximity().

 25/07/2012 autofs-5.0.7

 =======================

--- autofs-5.0.7.orig/lib/parse_subs.c

+++ autofs-5.0.7/lib/parse_subs.c

@@ -437,7 +437,7 @@ unsigned int get_network_proximity(const

 {

 	struct addrinfo hints;

 	struct addrinfo *ni, *this;

-	char name_or_num[NI_MAXHOST];

+	char name_or_num[NI_MAXHOST + 1];

 	unsigned int proximity;

 	char *net;

 	int ret;

@@ -449,16 +449,18 @@ unsigned int get_network_proximity(const

 	if (net)

 		strcpy(name_or_num, net);

 	else {

-		char this[NI_MAXHOST];

+		char this[NI_MAXHOST + 1];

 		char *mask;

+		if (strlen(name) > NI_MAXHOST)

+			return PROXIMITY_ERROR;

 		strcpy(this, name);

 		if ((mask = strchr(this, '/')))

 			*mask++ = '\0';

 		if (!strchr(this, '.'))

 			strcpy(name_or_num, this);

 		else {

-			char buf[NI_MAXHOST], *new;

+			char buf[NI_MAXHOST + 1], *new;

 			new = inet_fill_net(this, buf);

 			if (!new)

 				return PROXIMITY_ERROR;