autofs-5.0.7 - fix use cache entry after free mistake
From: Ian Kent <ikent@redhat.com>
Fix an obvious use after free mistake in lookup_prune_one_cache().
---
CHANGELOG | 1 +
daemon/lookup.c | 7 +++++--
2 files changed, 6 insertions(+), 2 deletions(-)
diff --git a/CHANGELOG b/CHANGELOG
index faf4c80..dc38580 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -1,6 +1,7 @@
??/??/2012 autofs-5.0.8
=======================
- fix nobind sun escaped map entries.
+- fix use cache entry after free in lookup_prune_one_cache().
25/07/2012 autofs-5.0.7
=======================
diff --git a/daemon/lookup.c b/daemon/lookup.c
index 7909536..e3d9536 100644
--- a/daemon/lookup.c
+++ b/daemon/lookup.c
@@ -1103,15 +1103,18 @@ void lookup_prune_one_cache(struct autofs_point *ap, struct mapent_cache *mc, ti
if (valid)
cache_delete(mc, key);
else if (!is_mounted(_PROC_MOUNTS, path, MNTS_AUTOFS)) {
+ dev_t devid = ap->dev;
status = CHE_FAIL;
+ if (ap->type == LKP_DIRECT)
+ devid = this->dev;
if (this->ioctlfd == -1)
status = cache_delete(mc, key);
if (status != CHE_FAIL) {
if (ap->type == LKP_INDIRECT) {
if (ap->flags & MOUNT_FLAG_GHOST)
- rmdir_path(ap, path, ap->dev);
+ rmdir_path(ap, path, devid);
} else
- rmdir_path(ap, path, this->dev);
+ rmdir_path(ap, path, devid);
}
}
cache_unlock(mc);