Blame SOURCES/autofs-5.1.0-add-a-prefix-to-program-map-stdvars.patch

306fa1
autofs-5.1.0 - add a prefix to program map stdvars
306fa1
306fa1
From: Ian Kent <ikent@redhat.com>
306fa1
306fa1
When a program map uses an interpreted languages like python it's
306fa1
possible to load and execute arbitray code from a user home directory.
306fa1
This is because the standard environment variables are used to locate
306fa1
and load modules when using these languages.
306fa1
306fa1
To avoid that we need to add a prefix to these environment names so
306fa1
they aren't used for this purpose. The prefix used is "AUTOFS_" and
306fa1
is not configurable.
306fa1
---
306fa1
 CHANGELOG                |    1 
306fa1
 include/mounts.h         |    4 +-
306fa1
 lib/mounts.c             |   84 +++++++++++++++++++++++++++++++++++++++--------
306fa1
 modules/lookup_program.c |    2 -
306fa1
 modules/parse_sun.c      |    8 ++--
306fa1
 5 files changed, 78 insertions(+), 21 deletions(-)
306fa1
306fa1
--- autofs-5.0.7.orig/CHANGELOG
306fa1
+++ autofs-5.0.7/CHANGELOG
306fa1
@@ -162,6 +162,7 @@
306fa1
 - make negative cache update consistent for all lookup modules.
306fa1
 - ensure negative cache isn't updated on remount.
306fa1
 - dont add wildcard to negative cache.
306fa1
+- add a prefix to program map stdvars.
306fa1
 
306fa1
 25/07/2012 autofs-5.0.7
306fa1
 =======================
306fa1
--- autofs-5.0.7.orig/include/mounts.h
306fa1
+++ autofs-5.0.7/include/mounts.h
306fa1
@@ -87,8 +87,8 @@ extern unsigned int nfs_mount_uses_strin
306fa1
 
306fa1
 struct amd_entry;
306fa1
 
306fa1
-struct substvar *addstdenv(struct substvar *sv);
306fa1
-struct substvar *removestdenv(struct substvar *sv);
306fa1
+struct substvar *addstdenv(struct substvar *sv, const char *prefix);
306fa1
+struct substvar *removestdenv(struct substvar *sv, const char *prefix);
306fa1
 void add_std_amd_vars(struct substvar *sv);
306fa1
 void remove_std_amd_vars(void);
306fa1
 struct amd_entry *new_amd_entry(const struct substvar *sv);
306fa1
--- autofs-5.0.7.orig/lib/mounts.c
306fa1
+++ autofs-5.0.7/lib/mounts.c
306fa1
@@ -32,6 +32,7 @@
306fa1
 
306fa1
 #define MAX_OPTIONS_LEN		80
306fa1
 #define MAX_MNT_NAME_LEN	30
306fa1
+#define MAX_ENV_NAME		15
306fa1
 
306fa1
 #define EBUFSIZ 1024
306fa1
 
306fa1
@@ -328,7 +329,61 @@ int check_nfs_mount_version(struct nfs_m
306fa1
 }
306fa1
 #endif
306fa1
 
306fa1
-struct substvar *addstdenv(struct substvar *sv)
306fa1
+static char *set_env_name(const char *prefix, const char *name, char *buf)
306fa1
+{
306fa1
+	size_t len;
306fa1
+
306fa1
+	len = strlen(name);
306fa1
+	if (prefix)
306fa1
+		len += strlen(prefix);
306fa1
+	len++;
306fa1
+
306fa1
+	if (len > MAX_ENV_NAME)
306fa1
+		return NULL;
306fa1
+
306fa1
+	if (!prefix)
306fa1
+		strcpy(buf, name);
306fa1
+	else {
306fa1
+		strcpy(buf, prefix);
306fa1
+		strcat(buf, name);
306fa1
+	}
306fa1
+	return buf;
306fa1
+}
306fa1
+
306fa1
+static struct substvar *do_macro_addvar(struct substvar *list,
306fa1
+					const char *prefix,
306fa1
+					const char *name,
306fa1
+					const char *val)
306fa1
+{
306fa1
+	char buf[MAX_ENV_NAME + 1];
306fa1
+	char *new;
306fa1
+	size_t len;
306fa1
+
306fa1
+	new = set_env_name(prefix, name, buf);
306fa1
+	if (new) {
306fa1
+		len = strlen(new);
306fa1
+		list = macro_addvar(list, new, len, val);
306fa1
+	}
306fa1
+	return list;
306fa1
+}
306fa1
+
306fa1
+static struct substvar *do_macro_removevar(struct substvar *list,
306fa1
+					   const char *prefix,
306fa1
+					   const char *name)
306fa1
+{
306fa1
+	char buf[MAX_ENV_NAME + 1];
306fa1
+	char *new;
306fa1
+	size_t len;
306fa1
+
306fa1
+	new = set_env_name(prefix, name, buf);
306fa1
+	if (new) {
306fa1
+		len = strlen(new);
306fa1
+		list = macro_removevar(list, new, len);
306fa1
+	}
306fa1
+	return list;
306fa1
+}
306fa1
+
306fa1
+struct substvar *addstdenv(struct substvar *sv, const char *prefix)
306fa1
 {
306fa1
 	struct substvar *list = sv;
306fa1
 	struct thread_stdenv_vars *tsv;
306fa1
@@ -343,14 +398,14 @@ struct substvar *addstdenv(struct substv
306fa1
 		num = (long) tsv->uid;
306fa1
 		ret = sprintf(numbuf, "%ld", num);
306fa1
 		if (ret > 0)
306fa1
-			list = macro_addvar(list, "UID", 3, numbuf);
306fa1
+			list = do_macro_addvar(list, prefix, "UID", numbuf);
306fa1
 		num = (long) tsv->gid;
306fa1
 		ret = sprintf(numbuf, "%ld", num);
306fa1
 		if (ret > 0)
306fa1
-			list = macro_addvar(list, "GID", 3, numbuf);
306fa1
-		list = macro_addvar(list, "USER", 4, tsv->user);
306fa1
-		list = macro_addvar(list, "GROUP", 5, tsv->group);
306fa1
-		list = macro_addvar(list, "HOME", 4, tsv->home);
306fa1
+			list = do_macro_addvar(list, prefix, "GID", numbuf);
306fa1
+		list = do_macro_addvar(list, prefix, "USER", tsv->user);
306fa1
+		list = do_macro_addvar(list, prefix, "GROUP", tsv->group);
306fa1
+		list = do_macro_addvar(list, prefix, "HOME", tsv->home);
306fa1
 		mv = macro_findvar(list, "HOST", 4);
306fa1
 		if (mv) {
306fa1
 			char *shost = strdup(mv->val);
306fa1
@@ -358,7 +413,8 @@ struct substvar *addstdenv(struct substv
306fa1
 				char *dot = strchr(shost, '.');
306fa1
 				if (dot)
306fa1
 					*dot = '\0';
306fa1
-				list = macro_addvar(list, "SHOST", 5, shost);
306fa1
+				list = do_macro_addvar(list,
306fa1
+						       prefix, "SHOST", shost);
306fa1
 				free(shost);
306fa1
 			}
306fa1
 		}
306fa1
@@ -366,16 +422,16 @@ struct substvar *addstdenv(struct substv
306fa1
 	return list;
306fa1
 }
306fa1
 
306fa1
-struct substvar *removestdenv(struct substvar *sv)
306fa1
+struct substvar *removestdenv(struct substvar *sv, const char *prefix)
306fa1
 {
306fa1
 	struct substvar *list = sv;
306fa1
 
306fa1
-	list = macro_removevar(list, "UID", 3);
306fa1
-	list = macro_removevar(list, "USER", 4);
306fa1
-	list = macro_removevar(list, "HOME", 4);
306fa1
-	list = macro_removevar(list, "GID", 3);
306fa1
-	list = macro_removevar(list, "GROUP", 5);
306fa1
-	list = macro_removevar(list, "SHOST", 5);
306fa1
+	list = do_macro_removevar(list, prefix, "UID");
306fa1
+	list = do_macro_removevar(list, prefix, "USER");
306fa1
+	list = do_macro_removevar(list, prefix, "HOME");
306fa1
+	list = do_macro_removevar(list, prefix, "GID");
306fa1
+	list = do_macro_removevar(list, prefix, "GROUP");
306fa1
+	list = do_macro_removevar(list, prefix, "SHOST");
306fa1
 	return list;
306fa1
 }
306fa1
 
306fa1
--- autofs-5.0.7.orig/modules/lookup_program.c
306fa1
+++ autofs-5.0.7/modules/lookup_program.c
306fa1
@@ -181,7 +181,7 @@ static char *lookup_one(struct autofs_po
306fa1
 		if (ctxt->mapfmt && strcmp(ctxt->mapfmt, "MAPFMT_DEFAULT")) {
306fa1
 			struct parse_context *pctxt = (struct parse_context *) ctxt->parse->context;
306fa1
 			/* Add standard environment as seen by sun map parser */
306fa1
-			pctxt->subst = addstdenv(pctxt->subst);
306fa1
+			pctxt->subst = addstdenv(pctxt->subst, "AUTOFS_");
306fa1
 			macro_setenv(pctxt->subst);
306fa1
 		}
306fa1
 		execl(ctxt->mapname, ctxt->mapname, name, NULL);
306fa1
--- autofs-5.0.7.orig/modules/parse_sun.c
306fa1
+++ autofs-5.0.7/modules/parse_sun.c
306fa1
@@ -1214,12 +1214,12 @@ int parse_mount(struct autofs_point *ap,
306fa1
 	pthread_setcancelstate(PTHREAD_CANCEL_DISABLE, &cur_state);
306fa1
 	macro_lock();
306fa1
 
306fa1
-	ctxt->subst = addstdenv(ctxt->subst);
306fa1
+	ctxt->subst = addstdenv(ctxt->subst, NULL);
306fa1
 
306fa1
 	mapent_len = expandsunent(mapent, NULL, name, ctxt->subst, slashify);
306fa1
 	if (mapent_len == 0) {
306fa1
 		error(ap->logopt, MODPREFIX "failed to expand map entry");
306fa1
-		ctxt->subst = removestdenv(ctxt->subst);
306fa1
+		ctxt->subst = removestdenv(ctxt->subst, NULL);
306fa1
 		macro_unlock();
306fa1
 		pthread_setcancelstate(cur_state, NULL);
306fa1
 		return 1;
306fa1
@@ -1229,7 +1229,7 @@ int parse_mount(struct autofs_point *ap,
306fa1
 	if (!pmapent) {	
306fa1
 		char *estr = strerror_r(errno, buf, MAX_ERR_BUF);
306fa1
 		logerr(MODPREFIX "alloca: %s", estr);
306fa1
-		ctxt->subst = removestdenv(ctxt->subst);
306fa1
+		ctxt->subst = removestdenv(ctxt->subst, NULL);
306fa1
 		macro_unlock();
306fa1
 		pthread_setcancelstate(cur_state, NULL);
306fa1
 		return 1;
306fa1
@@ -1237,7 +1237,7 @@ int parse_mount(struct autofs_point *ap,
306fa1
 	pmapent[mapent_len] = '\0';
306fa1
 
306fa1
 	expandsunent(mapent, pmapent, name, ctxt->subst, slashify);
306fa1
-	ctxt->subst = removestdenv(ctxt->subst);
306fa1
+	ctxt->subst = removestdenv(ctxt->subst, NULL);
306fa1
 
306fa1
 	macro_unlock();
306fa1
 	pthread_setcancelstate(cur_state, NULL);