Blame SOURCES/autofs-5.1.0-fix-FILE-pointer-check-in-defaults_read_config.patch

4d476f
autofs-5.1.0 - fix FILE pointer check in defaults_read_config()
4d476f
4d476f
From: Ian Kent <raven@themaw.net>
4d476f
4d476f
Fix possible use after free usage of FILE pointer in defaults_read_config().
4d476f
---
4d476f
 CHANGELOG      |    1 +
4d476f
 lib/defaults.c |   15 +++++++--------
4d476f
 2 files changed, 8 insertions(+), 8 deletions(-)
4d476f
4d476f
--- autofs-5.0.7.orig/CHANGELOG
4d476f
+++ autofs-5.0.7/CHANGELOG
4d476f
@@ -132,6 +132,7 @@
4d476f
 - fix race accessing qdn in get_query_dn().
4d476f
 - fix leak in cache_push_mapent().
4d476f
 - fix config entry read buffer not checked.
4d476f
+- fix FILE pointer check in defaults_read_config().
4d476f
 
4d476f
 25/07/2012 autofs-5.0.7
4d476f
 =======================
4d476f
--- autofs-5.0.7.orig/lib/defaults.c
4d476f
+++ autofs-5.0.7/lib/defaults.c
4d476f
@@ -1055,6 +1055,8 @@ unsigned int defaults_read_config(unsign
4d476f
 
4d476f
 	ret = 1;
4d476f
 
4d476f
+	conf = oldconf = NULL;
4d476f
+
4d476f
 	pthread_mutex_lock(&conf_mutex);
4d476f
 	if (!config) {
4d476f
 		if (conf_init()) {
4d476f
@@ -1081,15 +1083,11 @@ unsigned int defaults_read_config(unsign
4d476f
 	    stb.st_mtime <= config->modified &&
4d476f
 	    (oldstat = fstat(fileno(oldconf), &oldstb) == -1) &&
4d476f
 	    oldstb.st_mtime <= config->modified) {
4d476f
-		fclose(conf);
4d476f
-		fclose(oldconf);
4d476f
 		goto out;
4d476f
 	}
4d476f
 
4d476f
 	if (conf || oldconf) {
4d476f
 		if (!reset_defaults(to_syslog)) {
4d476f
-			fclose(conf);
4d476f
-			fclose(oldconf);
4d476f
 			ret = 0;
4d476f
 			goto out;
4d476f
 		}
4d476f
@@ -1107,10 +1105,8 @@ unsigned int defaults_read_config(unsign
4d476f
 		}
4d476f
 	}
4d476f
 
4d476f
-	if (conf) {
4d476f
+	if (conf)
4d476f
 		read_config(to_syslog, conf, DEFAULT_CONFIG_FILE);
4d476f
-		fclose(conf);
4d476f
-	}
4d476f
 
4d476f
 	/*
4d476f
 	 * Read the old config file and override the installed
4d476f
@@ -1131,7 +1127,6 @@ unsigned int defaults_read_config(unsign
4d476f
 			clean_ldap_multi_option(NAME_LDAP_URI);
4d476f
 
4d476f
 		read_config(to_syslog, oldconf, OLD_CONFIG_FILE);
4d476f
-		fclose(oldconf);
4d476f
 
4d476f
 		if (ldap_search_base) {
4d476f
 			co = conf_lookup(sec, NAME_SEARCH_BASE);
4d476f
@@ -1150,6 +1145,10 @@ unsigned int defaults_read_config(unsign
4d476f
 		}
4d476f
 	}
4d476f
 out:
4d476f
+	if (conf)
4d476f
+		fclose(conf);
4d476f
+	if (oldconf)
4d476f
+		fclose(oldconf);
4d476f
 	pthread_mutex_unlock(&conf_mutex);
4d476f
 	return ret;
4d476f
 }