autofs-5.1.6 - fix autofs mount options construction

From: Ian Kent <raven@themaw.net>

There's an off by one length error in the autofs mount options

construction.

Consolidate the options construction into make_options_string() and

use snprintf() to verify the options length calculation is correct.

Signed-off-by: Ian Kent <raven@themaw.net>

---

 CHANGELOG         |    1 

 daemon/direct.c   |   46 ++-----------------------

 daemon/indirect.c |   23 +-----------

 include/mounts.h  |    3 +

 lib/mounts.c      |   98 +++++++++++++++++++++++++++++++++++++++++++++---------

 5 files changed, 92 insertions(+), 79 deletions(-)

--- autofs-5.1.4.orig/CHANGELOG

+++ autofs-5.1.4/CHANGELOG

@@ -80,6 +80,7 @@ xx/xx/2018 autofs-5.1.5

 - fix trailing dollar sun entry expansion.

 - initialize struct addrinfo for getaddrinfo() calls.

 - fix quoted string length calc in expandsunent().

+- fix autofs mount options construction.

 19/12/2017 autofs-5.1.4

 - fix spec file url.

--- autofs-5.1.4.orig/daemon/direct.c

+++ autofs-5.1.4/daemon/direct.c

@@ -348,29 +348,10 @@ int do_mount_autofs_direct(struct autofs

 	}

 	if (!mp->options) {

-		mp->options = make_options_string(ap->path, ap->kpipefd, str_direct);

+		mp->options = make_options_string(ap->path,

+				ap->kpipefd, str_direct, ap->flags);

 		if (!mp->options)

 			return 0;

-

-		if ((ap->flags & MOUNT_FLAG_STRICTEXPIRE) &&

-		    ((get_kver_major() == 5 && get_kver_minor() > 3) ||

-		     (get_kver_major() > 5))) {

-			char *tmp = realloc(mp->options, strlen(mp->options) + 12);

-			if (tmp) {

-				strcat(tmp, ",strictexpire");

-				mp->options = tmp;

-			}

-		}

-

-		if ((ap->flags & MOUNT_FLAG_IGNORE) &&

-		    ((get_kver_major() == 5 && get_kver_minor() > 4) ||

-		     (get_kver_major() > 5))) {

-			char *tmp = realloc(mp->options, strlen(mp->options) + 7);

-			if (tmp) {

-				strcat(tmp, ",ignore");

-				mp->options = tmp;

-			}

-		}

 	}

 	/* In case the directory doesn't exist, try to mkdir it */

@@ -676,29 +657,10 @@ int mount_autofs_offset(struct autofs_po

 	}

 	if (!mp->options) {

-		mp->options = make_options_string(ap->path, ap->kpipefd, str_offset);

+		mp->options = make_options_string(ap->path,

+				ap->kpipefd, str_offset, ap->flags);

 		if (!mp->options)

 			return MOUNT_OFFSET_OK;

-

-		if ((ap->flags & MOUNT_FLAG_STRICTEXPIRE) &&

-		    ((get_kver_major() == 5 && get_kver_minor() > 3) ||

-		     (get_kver_major() > 5))) {

-			char *tmp = realloc(mp->options, strlen(mp->options) + 12);

-			if (tmp) {

-				strcat(tmp, ",strictexpire");

-				mp->options = tmp;

-			}

-		}

-

-		if ((ap->flags & MOUNT_FLAG_IGNORE) &&

-		    ((get_kver_major() == 5 && get_kver_minor() > 4) ||

-		     (get_kver_major() > 5))) {

-			char *tmp = realloc(mp->options, strlen(mp->options) + 7);

-			if (tmp) {

-				strcat(tmp, ",ignore");

-				mp->options = tmp;

-			}

-		}

 	}

 	strcpy(mountpoint, root);

--- autofs-5.1.4.orig/daemon/indirect.c

+++ autofs-5.1.4/daemon/indirect.c

@@ -78,32 +78,13 @@ static int do_mount_autofs_indirect(stru

 		}

 	}

-	options = make_options_string(ap->path, ap->kpipefd, str_indirect);

+	options = make_options_string(ap->path,

+				ap->kpipefd, str_indirect, ap->flags);

 	if (!options) {

 		error(ap->logopt, "options string error");

 		goto out_err;

 	}

-	if ((ap->flags & MOUNT_FLAG_STRICTEXPIRE) &&

-	    ((get_kver_major() == 5 && get_kver_minor() > 3) ||

-	     (get_kver_major() > 5))) {

-		char *tmp = realloc(options, strlen(options) + 12);

-		if (tmp) {

-			strcat(tmp, ",strictexpire");

-			options = tmp;

-		}

-	}

-

-	if ((ap->flags & MOUNT_FLAG_IGNORE) &&

-	    ((get_kver_major() == 5 && get_kver_minor() > 4) ||

-	     (get_kver_major() > 5))) {

-		char *tmp = realloc(options, strlen(options) + 7);

-		if (tmp) {

-			strcat(tmp, ",ignore");

-			options = tmp;

-		}

-	}

-

 	/* In case the directory doesn't exist, try to mkdir it */

 	if (mkdir_path(root, mp_mode) < 0) {

 		if (errno != EEXIST && errno != EROFS) {

--- autofs-5.1.4.orig/include/mounts.h

+++ autofs-5.1.4/include/mounts.h

@@ -94,7 +94,8 @@ void free_amd_entry_list(struct list_hea

 unsigned int query_kproto_ver(void);

 unsigned int get_kver_major(void);

 unsigned int get_kver_minor(void);

-char *make_options_string(char *path, int kernel_pipefd, const char *extra);

+char *make_options_string(char *path, int pipefd,

+			  const char *type, unsigned int flags);

 char *make_mnt_name_string(char *path);

 int ext_mount_add(struct list_head *, const char *, unsigned int);

 int ext_mount_remove(struct list_head *, const char *);

--- autofs-5.1.4.orig/lib/mounts.c

+++ autofs-5.1.4/lib/mounts.c

@@ -599,43 +599,111 @@ void free_amd_entry_list(struct list_hea

 	}

 }

+static int cacl_max_options_len(unsigned int flags)

+{

+	unsigned int kver_major = get_kver_major();

+	unsigned int kver_minor = get_kver_minor();

+	int max_len;

+

+	/* %d and %u are maximum lenght of 10 and mount type is maximum

+	 * length of 9 (e. ",indirect").

+	 * The base temaplate is "fd=%d,pgrp=%u,minproto=5,maxproto=%d"

+	 * plus the length of mount type plus 1 for the NULL.

+	 */

+	max_len = 79 + 1;

+

+	if (kver_major < 5 || (kver_major == 5 && kver_minor < 4))

+		goto out;

+

+	/* maybe add ",strictexpire" */

+	if (flags & MOUNT_FLAG_STRICTEXPIRE)

+		max_len += 13;

+

+	if (kver_major == 5 && kver_minor < 5)

+		goto out;

+

+	/* maybe add ",ignore" */

+	if (flags & MOUNT_FLAG_IGNORE)

+		max_len += 7;

+out:

+	return max_len;

+}

+

 /*

  * Make common autofs mount options string

  */

-char *make_options_string(char *path, int pipefd, const char *extra)

+char *make_options_string(char *path, int pipefd,

+			  const char *type, unsigned int flags)

 {

+	unsigned int kver_major = get_kver_major();

+	unsigned int kver_minor = get_kver_minor();

 	char *options;

-	int len;

+	int max_len, len, new;

-	options = malloc(MAX_OPTIONS_LEN + 1);

+	max_len = cacl_max_options_len(flags);

+

+	options = malloc(max_len);

 	if (!options) {

 		logerr("can't malloc options string");

 		return NULL;

 	}

-	if (extra) 

-		len = snprintf(options, MAX_OPTIONS_LEN,

+	if (type)

+		len = snprintf(options, max_len,

 				options_template_extra,

 				pipefd, (unsigned) getpgrp(),

-				AUTOFS_MAX_PROTO_VERSION, extra);

+				AUTOFS_MAX_PROTO_VERSION, type);

 	else

-		len = snprintf(options, MAX_OPTIONS_LEN, options_template,

+		len = snprintf(options, max_len, options_template,

 			pipefd, (unsigned) getpgrp(),

 			AUTOFS_MAX_PROTO_VERSION);

-	if (len >= MAX_OPTIONS_LEN) {

-		logerr("buffer to small for options - truncated");

-		len = MAX_OPTIONS_LEN - 1;

+	if (len < 0)

+		goto error_out;

+

+	if (len >= max_len)

+		goto truncated;

+

+	if (kver_major < 5 || (kver_major == 5 && kver_minor < 4))

+		goto out;

+

+	/* maybe add ",strictexpire" */

+	if (flags & MOUNT_FLAG_STRICTEXPIRE) {

+		new = snprintf(options + len,

+			       max_len, "%s", ",strictexpire");

+		if (new < 0)

+		       goto error_out;

+		len += new;

+		if (len >= max_len)

+			goto truncated;

 	}

-	if (len < 0) {

-		logerr("failed to malloc autofs mount options for %s", path);

-		free(options);

-		return NULL;

+	if (kver_major == 5 && kver_minor < 5)

+		goto out;

+

+	/* maybe add ",ignore" */

+	if (flags & MOUNT_FLAG_IGNORE) {

+		new = snprintf(options + len,

+			       max_len, "%s", ",ignore");

+		if (new < 0)

+		       goto error_out;

+		len += new;

+		if (len >= max_len)

+			goto truncated;

 	}

+out:

 	options[len] = '\0';

-

 	return options;

+

+truncated:

+	logerr("buffer to small for options - truncated");

+	len = max_len -1;

+	goto out;

+

+error_out:

+	logerr("error constructing mount options string for %s", path);

+	free(options);

+	return NULL;

 }

 char *make_mnt_name_string(char *path)