rpms / autofs

Clone
Source Code
GIT

Blame SOURCES/autofs-5.1.1-fix-use-after-free-st_queue_handler.patch

c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-beta c8 c8-beta c8s c9 c9-beta
  1.   4d476fe94a407614e0f8ed1703678aa22fa7dbad
  2.   SOURCES
  3.   autofs-5.1.1-fix-use-after-free-st_queue_handler.patch
Blob History Raw
4d476f 
autofs-5.1.1 - fix use-after-free in st_queue_handler()
4d476f
4d476f 
From: Frank Sorenson <sorenson@redhat.com>
4d476f
4d476f 
The task may be referenced after being freed.  Move the
4d476f 
free to after the list_del_init.
4d476f
4d476f 
Signed-off-by: Frank Sorenson <sorenson@redhat.com>
4d476f 
Signed-off-by: Ian Kent <raven@themaw.net>
4d476f 
---
4d476f 
 CHANGELOG      |    1 +
4d476f 
 daemon/state.c |    2 +-
4d476f 
 2 files changed, 2 insertions(+), 1 deletion(-)
4d476f
4d476f 
--- autofs-5.0.7.orig/CHANGELOG
4d476f 
+++ autofs-5.0.7/CHANGELOG
4d476f 
@@ -204,6 +204,7 @@
4d476f 
 - fix use after free in open_lookup().
4d476f 
 - fix typo in autofs_sasl_bind().
4d476f 
 - add configuration option to use fqdn in mounts.
4d476f 
+- fix use-after-free in st_queue_handler().
4d476f
4d476f 
 25/07/2012 autofs-5.0.7
4d476f 
 =======================
4d476f 
--- autofs-5.0.7.orig/daemon/state.c
4d476f 
+++ autofs-5.0.7/daemon/state.c
4d476f 
@@ -1179,9 +1179,9 @@ remove:
4d476f 
 							struct state_queue, pending);
4d476f
4d476f 
 				list_del(&task->list);
4d476f 
+				list_del_init(&next->pending);
4d476f 
 				free(task);
4d476f
4d476f 
-				list_del_init(&next->pending);
4d476f 
 				list_add_tail(&next->list, head);
4d476f 
 				if (p == head)
4d476f 
 					p = head->next;

Powered by Pagure 5.13.3

SSH Hostkey/Fingerprint | Documentation