rpms / autofs

Clone
Source Code
GIT

Blame SOURCES/autofs-5.1.6-fix-quoted-string-length-calc-in-expandsunent.patch

c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-beta c8 c8-beta c8s c9 c9-beta
  1.   c8
  2.   SOURCES
  3.   autofs-5.1.6-fix-quoted-string-length-calc-in-expandsunent.patch
Blob History Raw
3494ea 
autofs-5.1.6 - fix quoted string length calc in expandsunent()
3494ea
3494ea 
From: Ian Kent <raven@themaw.net>
3494ea
3494ea 
The expandsunent() function in modules/parse_sun.c fails to properly
3494ea 
handle the ending " in a quoted string causing the length calculation
3494ea 
to not account for the ending quote and also doesn't properly account
3494ea 
for the remainder of the string being expanded.
3494ea
3494ea 
Also, when called again (after being called to get the length) the
3494ea 
allocated buffer is too small leading to out of bounds accesses.
3494ea
3494ea 
Signed-off-by: Ian Kent <raven@themaw.net>
3494ea 
---
3494ea 
 CHANGELOG           |    1 +
3494ea 
 modules/parse_sun.c |    6 ++++--
3494ea 
 2 files changed, 5 insertions(+), 2 deletions(-)
3494ea
3494ea 
--- autofs-5.1.4.orig/CHANGELOG
3494ea 
+++ autofs-5.1.4/CHANGELOG
3494ea 
@@ -79,6 +79,7 @@ xx/xx/2018 autofs-5.1.5
3494ea 
 - fix a regression with map instance lookup.
3494ea 
 - fix trailing dollar sun entry expansion.
3494ea 
 - initialize struct addrinfo for getaddrinfo() calls.
3494ea 
+- fix quoted string length calc in expandsunent().
3494ea
3494ea 
 19/12/2017 autofs-5.1.4
3494ea 
 - fix spec file url.
3494ea 
--- autofs-5.1.4.orig/modules/parse_sun.c
3494ea 
+++ autofs-5.1.4/modules/parse_sun.c
3494ea 
@@ -213,9 +213,11 @@ int expandsunent(const char *src, char *
3494ea 
 					*dst++ = *src;
3494ea 
 				src++;
3494ea 
 			}
3494ea 
-			if (*src && dst) {
3494ea 
+			if (*src) {
3494ea 
 				len++;
3494ea 
-				*dst++ = *src++;
3494ea 
+				if (dst)
3494ea 
+					*dst++ = *src;
3494ea 
+				src++;
3494ea 
 			}
3494ea 
 			break;
3494ea

Powered by Pagure 5.13.3

SSH Hostkey/Fingerprint | Documentation