autofs-5.1.6 - fix quoted string length calc in expandsunent()

From: Ian Kent <raven@themaw.net>

The expandsunent() function in modules/parse_sun.c fails to properly
handle the ending " in a quoted string causing the length calculation
to not account for the ending quote and also doesn't properly account
for the remainder of the string being expanded.

Also, when called again (after being called to get the length) the
allocated buffer is too small leading to out of bounds accesses.

Signed-off-by: Ian Kent <raven@themaw.net>
---
 CHANGELOG           |    1 +
 modules/parse_sun.c |    6 ++++--
 2 files changed, 5 insertions(+), 2 deletions(-)

--- autofs-5.1.4.orig/CHANGELOG
+++ autofs-5.1.4/CHANGELOG
@@ -79,6 +79,7 @@ xx/xx/2018 autofs-5.1.5
 - fix a regression with map instance lookup.
 - fix trailing dollar sun entry expansion.
 - initialize struct addrinfo for getaddrinfo() calls.
+- fix quoted string length calc in expandsunent().
 
 19/12/2017 autofs-5.1.4
 - fix spec file url.
--- autofs-5.1.4.orig/modules/parse_sun.c
+++ autofs-5.1.4/modules/parse_sun.c
@@ -213,9 +213,11 @@ int expandsunent(const char *src, char *
 					*dst++ = *src;
 				src++;
 			}
-			if (*src && dst) {
+			if (*src) {
 				len++;
-				*dst++ = *src++;
+				if (dst)
+					*dst++ = *src;
+				src++;
 			}
 			break;