rpms / autofs

Clone
Source Code
GIT

Blame SOURCES/autofs-5.1.7-add-length-check-in-umount_subtree_mounts.patch

c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-beta c8 c8-beta c8s c9 c9-beta
  1.   cd87116416d55b89f7a26fcf1e978187eab51244
  2.   SOURCES
  3.   autofs-5.1.7-add-length-check-in-umount_subtree_mounts.patch
Blob History Raw
9a499a 
autofs-5.1.7 - add length check in umount_subtree_mounts()
9a499a
9a499a 
From: Ian Kent <raven@themaw.net>
9a499a
9a499a 
Coverity: fixed_size_dest: You might overrun the 4097-character
9a499a 
	  fixed-size string "key" by copying "me->key" without
9a499a 
	  checking the length.
9a499a
9a499a 
Signed-off-by: Ian Kent <raven@themaw.net>
9a499a 
---
9a499a 
 CHANGELOG          |    1 +
9a499a 
 daemon/automount.c |    5 +++++
9a499a 
 2 files changed, 6 insertions(+)
9a499a
9a499a 
--- autofs-5.1.4.orig/CHANGELOG
9a499a 
+++ autofs-5.1.4/CHANGELOG
9a499a 
@@ -55,6 +55,7 @@
9a499a 
 - fix possible memory leak in master_parse().
9a499a 
 - fix possible memory leak in mnts_add_amdmount().
9a499a 
 - fix double unlock in parse_mount().
9a499a 
+- add length check in umount_subtree_mounts().
9a499a
9a499a 
 xx/xx/2018 autofs-5.1.5
9a499a 
 - fix flag file permission.
9a499a 
--- autofs-5.1.4.orig/daemon/automount.c
9a499a 
+++ autofs-5.1.4/daemon/automount.c
9a499a 
@@ -562,6 +562,11 @@ static int umount_subtree_mounts(struct
9a499a 
 			left++;
9a499a 
 		}
9a499a
9a499a 
+		if (me->len > PATH_MAX) {
9a499a 
+			crit(ap->logopt, "me->key too long for buffer");
9a499a 
+			return 1;
9a499a 
+		}
9a499a 
+
9a499a 
 		strcpy(key, me->key);
9a499a
9a499a 
 		cache_unlock(mc);

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation