rpms / autofs

Clone
Source Code
GIT

Blame SOURCES/autofs-5.1.6-fix-quoted-string-length-calc-in-expandsunent.patch

c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-beta c8 c8-beta c8s c9 c9-beta
  1.   c8s
  2.   SOURCES
  3.   autofs-5.1.6-fix-quoted-string-length-calc-in-expandsunent.patch
Blob History Raw
81b4ce 
autofs-5.1.6 - fix quoted string length calc in expandsunent()
81b4ce
81b4ce 
From: Ian Kent <raven@themaw.net>
81b4ce
81b4ce 
The expandsunent() function in modules/parse_sun.c fails to properly
81b4ce 
handle the ending " in a quoted string causing the length calculation
81b4ce 
to not account for the ending quote and also doesn't properly account
81b4ce 
for the remainder of the string being expanded.
81b4ce
81b4ce 
Also, when called again (after being called to get the length) the
81b4ce 
allocated buffer is too small leading to out of bounds accesses.
81b4ce
81b4ce 
Signed-off-by: Ian Kent <raven@themaw.net>
81b4ce 
---
81b4ce 
 CHANGELOG           |    1 +
81b4ce 
 modules/parse_sun.c |    6 ++++--
81b4ce 
 2 files changed, 5 insertions(+), 2 deletions(-)
81b4ce
81b4ce 
--- autofs-5.1.4.orig/CHANGELOG
81b4ce 
+++ autofs-5.1.4/CHANGELOG
81b4ce 
@@ -79,6 +79,7 @@ xx/xx/2018 autofs-5.1.5
81b4ce 
 - fix a regression with map instance lookup.
81b4ce 
 - fix trailing dollar sun entry expansion.
81b4ce 
 - initialize struct addrinfo for getaddrinfo() calls.
81b4ce 
+- fix quoted string length calc in expandsunent().
81b4ce
81b4ce 
 19/12/2017 autofs-5.1.4
81b4ce 
 - fix spec file url.
81b4ce 
--- autofs-5.1.4.orig/modules/parse_sun.c
81b4ce 
+++ autofs-5.1.4/modules/parse_sun.c
81b4ce 
@@ -213,9 +213,11 @@ int expandsunent(const char *src, char *
81b4ce 
 					*dst++ = *src;
81b4ce 
 				src++;
81b4ce 
 			}
81b4ce 
-			if (*src && dst) {
81b4ce 
+			if (*src) {
81b4ce 
 				len++;
81b4ce 
-				*dst++ = *src++;
81b4ce 
+				if (dst)
81b4ce 
+					*dst++ = *src;
81b4ce 
+				src++;
81b4ce 
 			}
81b4ce 
 			break;
81b4ce

Powered by Pagure 5.13.3

SSH Hostkey/Fingerprint | Documentation