rpms / autofs

Clone
Source Code
GIT

Blame SOURCES/autofs-5.1.7-add-length-check-in-umount_subtree_mounts.patch

c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-beta c8 c8-beta c8s c9 c9-beta
  1.   c9-beta
  2.   SOURCES
  3.   autofs-5.1.7-add-length-check-in-umount_subtree_mounts.patch
Blob History Raw
29d2b9 
autofs-5.1.7 - add length check in umount_subtree_mounts()
29d2b9
29d2b9 
From: Ian Kent <raven@themaw.net>
29d2b9
29d2b9 
Coverity: fixed_size_dest: You might overrun the 4097-character
29d2b9 
	  fixed-size string "key" by copying "me->key" without
29d2b9 
	  checking the length.
29d2b9
29d2b9 
Signed-off-by: Ian Kent <raven@themaw.net>
29d2b9 
---
29d2b9 
 CHANGELOG          |    1 +
29d2b9 
 daemon/automount.c |    5 +++++
29d2b9 
 2 files changed, 6 insertions(+)
29d2b9
29d2b9 
diff --git a/CHANGELOG b/CHANGELOG
29d2b9 
index 224f58d6..9e385ba9 100644
29d2b9 
--- a/CHANGELOG
29d2b9 
+++ b/CHANGELOG
29d2b9 
@@ -55,6 +55,7 @@
29d2b9 
 - fix possible memory leak in master_parse().
29d2b9 
 - fix possible memory leak in mnts_add_amdmount().
29d2b9 
 - fix double unlock in parse_mount().
29d2b9 
+- add length check in umount_subtree_mounts().
29d2b9
29d2b9 
 25/01/2021 autofs-5.1.7
29d2b9 
 - make bind mounts propagation slave by default.
29d2b9 
diff --git a/daemon/automount.c b/daemon/automount.c
29d2b9 
index 48472d5f..70506d83 100644
29d2b9 
--- a/daemon/automount.c
29d2b9 
+++ b/daemon/automount.c
29d2b9 
@@ -562,6 +562,11 @@ static int umount_subtree_mounts(struct autofs_point *ap, const char *path, unsi
29d2b9 
 			left++;
29d2b9 
 		}
29d2b9
29d2b9 
+		if (me->len > PATH_MAX) {
29d2b9 
+			crit(ap->logopt, "me->key too long for buffer");
29d2b9 
+			return 1;
29d2b9 
+		}
29d2b9 
+
29d2b9 
 		strcpy(key, me->key);
29d2b9
29d2b9 
 		cache_unlock(mc);

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation