rpms / autofs

Clone
Source Code
GIT

Blame SOURCES/autofs-5.1.7-add-length-check-in-umount_subtree_mounts.patch

c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-beta c8 c8-beta c8s c9 c9-beta
  1.   c9
  2.   SOURCES
  3.   autofs-5.1.7-add-length-check-in-umount_subtree_mounts.patch
Blob History Raw
96dc52 
autofs-5.1.7 - add length check in umount_subtree_mounts()
96dc52
96dc52 
From: Ian Kent <raven@themaw.net>
96dc52
96dc52 
Coverity: fixed_size_dest: You might overrun the 4097-character
96dc52 
	  fixed-size string "key" by copying "me->key" without
96dc52 
	  checking the length.
96dc52
96dc52 
Signed-off-by: Ian Kent <raven@themaw.net>
96dc52 
---
96dc52 
 CHANGELOG          |    1 +
96dc52 
 daemon/automount.c |    5 +++++
96dc52 
 2 files changed, 6 insertions(+)
96dc52
96dc52 
diff --git a/CHANGELOG b/CHANGELOG
96dc52 
index 224f58d6..9e385ba9 100644
96dc52 
--- a/CHANGELOG
96dc52 
+++ b/CHANGELOG
96dc52 
@@ -55,6 +55,7 @@
96dc52 
 - fix possible memory leak in master_parse().
96dc52 
 - fix possible memory leak in mnts_add_amdmount().
96dc52 
 - fix double unlock in parse_mount().
96dc52 
+- add length check in umount_subtree_mounts().
96dc52
96dc52 
 25/01/2021 autofs-5.1.7
96dc52 
 - make bind mounts propagation slave by default.
96dc52 
diff --git a/daemon/automount.c b/daemon/automount.c
96dc52 
index 48472d5f..70506d83 100644
96dc52 
--- a/daemon/automount.c
96dc52 
+++ b/daemon/automount.c
96dc52 
@@ -562,6 +562,11 @@ static int umount_subtree_mounts(struct autofs_point *ap, const char *path, unsi
96dc52 
 			left++;
96dc52 
 		}
96dc52
96dc52 
+		if (me->len > PATH_MAX) {
96dc52 
+			crit(ap->logopt, "me->key too long for buffer");
96dc52 
+			return 1;
96dc52 
+		}
96dc52 
+
96dc52 
 		strcpy(key, me->key);
96dc52
96dc52 
 		cache_unlock(mc);

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation