Blob Blame History Raw
autofs-5.1.7 - fix double free in parse_mapent()

From: Ian Kent <raven@themaw.net>

Coverity:
in parse_mapent(): double_free: Calling "free" frees pointer "newopt"
		   which has already been freed.

Signed-off-by: Ian Kent <raven@themaw.net>
---
 CHANGELOG           |    1 +
 modules/parse_sun.c |    2 --
 2 files changed, 1 insertion(+), 2 deletions(-)

--- autofs-5.1.4.orig/CHANGELOG
+++ autofs-5.1.4/CHANGELOG
@@ -62,6 +62,7 @@
 - fix dead code in mnts_add_mount().
 - fix arg not used in error print.
 - fix missing lock release in mount_subtree().
+- fix double free in parse_mapent().
 
 xx/xx/2018 autofs-5.1.5
 - fix flag file permission.
--- autofs-5.1.4.orig/modules/parse_sun.c
+++ autofs-5.1.4/modules/parse_sun.c
@@ -976,8 +976,6 @@ static int parse_mapent(const char *ent,
 					estr = strerror_r(errno, buf, MAX_ERR_BUF);
 					error(logopt, MODPREFIX
 					      "concat_options: %s", estr);
-					if (newopt)
-						free(newopt);
 					free(myoptions);
 					return 0;
 				}