Blob Blame History Raw
autofs-5.0.9 - fix race accessing qdn in get_query_dn()

From: Ian Kent <raven@themaw.net>

Fix a couple of obvious problems in get_query_dn().

First, check dn is not NULL before attempting to duplicate it.
And also protect the update of qdn in the context by a mutex.
---
 CHANGELOG             |    1 +
 modules/lookup_ldap.c |    9 ++++++---
 2 files changed, 7 insertions(+), 3 deletions(-)

--- autofs-5.0.7.orig/CHANGELOG
+++ autofs-5.0.7/CHANGELOG
@@ -129,6 +129,7 @@
 - add serialization to sasl init.
 - dont allocate dev_ctl_ops too early.
 - fix incorrect round robin host detection.
+- fix race accessing qdn in get_query_dn().
 
 25/07/2012 autofs-5.0.7
 =======================
--- autofs-5.0.7.orig/modules/lookup_ldap.c
+++ autofs-5.0.7/modules/lookup_ldap.c
@@ -461,16 +461,19 @@ static int get_query_dn(unsigned logopt,
 	}
 
 	free(query);
-	qdn = strdup(dn);
-	ldap_memfree(dn);
+	if (dn) {
+		qdn = strdup(dn);
+		ldap_memfree(dn);
+	}
 	ldap_msgfree(result);
 	if (!qdn)
 		return 0;
 
+	uris_mutex_lock(ctxt);
 	if (ctxt->qdn)
 		free(ctxt->qdn);
-
 	ctxt->qdn = qdn;
+	uris_mutex_unlock(ctxt);
 
 	return 1;
 }