rpms / autofs

Clone
Source Code
GIT

Blame SOURCES/autofs-5.1.0-fix-buffer-size-checks-in-get_network_proximity.patch

c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-beta c8 c8-beta c8s c9 c9-beta
  1.   7f6688db94327b3a7f2e00e3af57abfb579e6ac4
  2.   SOURCES
  3.   autofs-5.1.0-fix-buffer-size-checks-in-get_network_proximity.patch
Blob History Raw
4d476f 
autofs-5.1.0 - fix buffer size checks in get_network_proximity()
4d476f
4d476f 
From: Ian Kent <raven@themaw.net>
4d476f
4d476f 
Add several buffer size checks in get_network_proximity().
4d476f 
---
4d476f 
 CHANGELOG        |    1 +
4d476f 
 lib/parse_subs.c |    8 +++++---
4d476f 
 2 files changed, 6 insertions(+), 3 deletions(-)
4d476f
4d476f 
--- autofs-5.0.7.orig/CHANGELOG
4d476f 
+++ autofs-5.0.7/CHANGELOG
4d476f 
@@ -135,6 +135,7 @@
4d476f 
 - fix FILE pointer check in defaults_read_config().
4d476f 
 - fix memory leak in conf_amd_get_log_options().
4d476f 
 - fix signed comparison in inet_fill_net().
4d476f 
+- fix buffer size checks in get_network_proximity().
4d476f
4d476f 
 25/07/2012 autofs-5.0.7
4d476f 
 =======================
4d476f 
--- autofs-5.0.7.orig/lib/parse_subs.c
4d476f 
+++ autofs-5.0.7/lib/parse_subs.c
4d476f 
@@ -437,7 +437,7 @@ unsigned int get_network_proximity(const
4d476f 
 {
4d476f 
 	struct addrinfo hints;
4d476f 
 	struct addrinfo *ni, *this;
4d476f 
-	char name_or_num[NI_MAXHOST];
4d476f 
+	char name_or_num[NI_MAXHOST + 1];
4d476f 
 	unsigned int proximity;
4d476f 
 	char *net;
4d476f 
 	int ret;
4d476f 
@@ -449,16 +449,18 @@ unsigned int get_network_proximity(const
4d476f 
 	if (net)
4d476f 
 		strcpy(name_or_num, net);
4d476f 
 	else {
4d476f 
-		char this[NI_MAXHOST];
4d476f 
+		char this[NI_MAXHOST + 1];
4d476f 
 		char *mask;
4d476f
4d476f 
+		if (strlen(name) > NI_MAXHOST)
4d476f 
+			return PROXIMITY_ERROR;
4d476f 
 		strcpy(this, name);
4d476f 
 		if ((mask = strchr(this, '/')))
4d476f 
 			*mask++ = '\0';
4d476f 
 		if (!strchr(this, '.'))
4d476f 
 			strcpy(name_or_num, this);
4d476f 
 		else {
4d476f 
-			char buf[NI_MAXHOST], *new;
4d476f 
+			char buf[NI_MAXHOST + 1], *new;
4d476f 
 			new = inet_fill_net(this, buf);
4d476f 
 			if (!new)
4d476f 
 				return PROXIMITY_ERROR;

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation