|
 |
306fa1 |
autofs-5.1.0 - fix buffer size checks in get_network_proximity()
|
|
|
306fa1 |
|
|
|
306fa1 |
From: Ian Kent <raven@themaw.net>
|
|
|
306fa1 |
|
|
|
306fa1 |
Add several buffer size checks in get_network_proximity().
|
|
|
306fa1 |
---
|
|
|
306fa1 |
CHANGELOG | 1 +
|
|
|
306fa1 |
lib/parse_subs.c | 8 +++++---
|
|
|
306fa1 |
2 files changed, 6 insertions(+), 3 deletions(-)
|
|
|
306fa1 |
|
|
|
306fa1 |
--- autofs-5.0.7.orig/CHANGELOG
|
|
|
306fa1 |
+++ autofs-5.0.7/CHANGELOG
|
|
|
306fa1 |
@@ -135,6 +135,7 @@
|
|
|
306fa1 |
- fix FILE pointer check in defaults_read_config().
|
|
|
306fa1 |
- fix memory leak in conf_amd_get_log_options().
|
|
|
306fa1 |
- fix signed comparison in inet_fill_net().
|
|
|
306fa1 |
+- fix buffer size checks in get_network_proximity().
|
|
|
306fa1 |
|
|
|
306fa1 |
25/07/2012 autofs-5.0.7
|
|
|
306fa1 |
=======================
|
|
|
306fa1 |
--- autofs-5.0.7.orig/lib/parse_subs.c
|
|
|
306fa1 |
+++ autofs-5.0.7/lib/parse_subs.c
|
|
|
306fa1 |
@@ -437,7 +437,7 @@ unsigned int get_network_proximity(const
|
|
|
306fa1 |
{
|
|
|
306fa1 |
struct addrinfo hints;
|
|
|
306fa1 |
struct addrinfo *ni, *this;
|
|
|
306fa1 |
- char name_or_num[NI_MAXHOST];
|
|
|
306fa1 |
+ char name_or_num[NI_MAXHOST + 1];
|
|
|
306fa1 |
unsigned int proximity;
|
|
|
306fa1 |
char *net;
|
|
|
306fa1 |
int ret;
|
|
|
306fa1 |
@@ -449,16 +449,18 @@ unsigned int get_network_proximity(const
|
|
|
306fa1 |
if (net)
|
|
|
306fa1 |
strcpy(name_or_num, net);
|
|
|
306fa1 |
else {
|
|
|
306fa1 |
- char this[NI_MAXHOST];
|
|
|
306fa1 |
+ char this[NI_MAXHOST + 1];
|
|
|
306fa1 |
char *mask;
|
|
|
306fa1 |
|
|
|
306fa1 |
+ if (strlen(name) > NI_MAXHOST)
|
|
|
306fa1 |
+ return PROXIMITY_ERROR;
|
|
|
306fa1 |
strcpy(this, name);
|
|
|
306fa1 |
if ((mask = strchr(this, '/')))
|
|
|
306fa1 |
*mask++ = '\0';
|
|
|
306fa1 |
if (!strchr(this, '.'))
|
|
|
306fa1 |
strcpy(name_or_num, this);
|
|
|
306fa1 |
else {
|
|
|
306fa1 |
- char buf[NI_MAXHOST], *new;
|
|
|
306fa1 |
+ char buf[NI_MAXHOST + 1], *new;
|
|
|
306fa1 |
new = inet_fill_net(this, buf);
|
|
|
306fa1 |
if (!new)
|
|
|
306fa1 |
return PROXIMITY_ERROR;
|