c3f1f8
autofs-5.1.5 - use malloc(3) in spawn.c
c3f1f8
c3f1f8
From: Ian Kent <raven@themaw.net>
c3f1f8
c3f1f8
Use malloc(3) in spawn.c functions instead of alloca(3) as a failure
c3f1f8
return for this function is undefined.
c3f1f8
c3f1f8
Signed-off-by: Ian Kent <raven@themaw.net>
c3f1f8
---
c3f1f8
 CHANGELOG      |    1 +
c3f1f8
 daemon/spawn.c |   50 ++++++++++++++++++++++++++++++++++++++++++++------
c3f1f8
 2 files changed, 45 insertions(+), 6 deletions(-)
c3f1f8
c3f1f8
--- autofs-5.1.4.orig/CHANGELOG
c3f1f8
+++ autofs-5.1.4/CHANGELOG
c3f1f8
@@ -46,6 +46,7 @@ xx/xx/2018 autofs-5.1.5
c3f1f8
 - add systemd service command line option.
c3f1f8
 - support strictexpire mount option.
c3f1f8
 - add NULL check for get_addr_string() return.
c3f1f8
+- use malloc(3) in spawn.c.
c3f1f8
 
c3f1f8
 19/12/2017 autofs-5.1.4
c3f1f8
 - fix spec file url.
c3f1f8
--- autofs-5.1.4.orig/daemon/spawn.c
c3f1f8
+++ autofs-5.1.4/daemon/spawn.c
c3f1f8
@@ -521,22 +521,33 @@ int spawnv(unsigned logopt, const char *
c3f1f8
 int spawnl(unsigned logopt, const char *prog, ...)
c3f1f8
 {
c3f1f8
 	va_list arg;
c3f1f8
-	int argc;
c3f1f8
+	int argc, ret;
c3f1f8
 	char **argv, **p;
c3f1f8
+	unsigned int argv_len;
c3f1f8
 
c3f1f8
 	va_start(arg, prog);
c3f1f8
 	for (argc = 1; va_arg(arg, char *); argc++);
c3f1f8
 	va_end(arg);
c3f1f8
 
c3f1f8
-	if (!(argv = alloca(sizeof(char *) * argc)))
c3f1f8
+	argv_len = sizeof(char *) * (argc + 1);
c3f1f8
+	argv = malloc(argv_len);
c3f1f8
+	if (!argv) {
c3f1f8
+		char buf[MAX_ERR_BUF];
c3f1f8
+		char *estr = strerror_r(errno, buf, sizeof(buf));
c3f1f8
+		crit(logopt, "malloc: %s", estr);
c3f1f8
 		return -1;
c3f1f8
+	}
c3f1f8
+	memset(argv, 0, argv_len);
c3f1f8
 
c3f1f8
 	va_start(arg, prog);
c3f1f8
 	p = argv;
c3f1f8
 	while ((*p++ = va_arg(arg, char *)));
c3f1f8
 	va_end(arg);
c3f1f8
 
c3f1f8
-	return do_spawn(logopt, -1, SPAWN_OPT_NONE, prog, (const char **) argv);
c3f1f8
+	ret = do_spawn(logopt, -1, SPAWN_OPT_NONE, prog, (const char **) argv);
c3f1f8
+	free(argv);
c3f1f8
+
c3f1f8
+	return ret;
c3f1f8
 }
c3f1f8
 
c3f1f8
 int spawn_mount(unsigned logopt, ...)
c3f1f8
@@ -554,6 +565,7 @@ int spawn_mount(unsigned logopt, ...)
c3f1f8
 	int update_mtab = 1, ret, printed = 0;
c3f1f8
 	unsigned int wait = defaults_get_mount_wait();
c3f1f8
 	char buf[PATH_MAX + 1];
c3f1f8
+	unsigned int argv_len;
c3f1f8
 
c3f1f8
 	/* If we use mount locking we can't validate the location */
c3f1f8
 #ifdef ENABLE_MOUNT_LOCKING
c3f1f8
@@ -579,8 +591,15 @@ int spawn_mount(unsigned logopt, ...)
c3f1f8
 	}
c3f1f8
 
c3f1f8
 	/* Alloc 1 extra slot in case we need to use the "-f" option */
c3f1f8
-	if (!(argv = alloca(sizeof(char *) * (argc + 2))))
c3f1f8
+	argv_len = sizeof(char *) * (argc + 2);
c3f1f8
+	argv = malloc(argv_len);
c3f1f8
+	if (!argv) {
c3f1f8
+		char buf[MAX_ERR_BUF];
c3f1f8
+		char *estr = strerror_r(errno, buf, sizeof(buf));
c3f1f8
+		crit(logopt, "malloc: %s", estr);
c3f1f8
 		return -1;
c3f1f8
+	}
c3f1f8
+	memset(argv, 0, argv_len);
c3f1f8
 
c3f1f8
 	argv[0] = arg0;
c3f1f8
 
c3f1f8
@@ -655,6 +674,7 @@ int spawn_mount(unsigned logopt, ...)
c3f1f8
 		umount(argv[argc]);
c3f1f8
 		ret = MNT_FORCE_FAIL;
c3f1f8
 	}
c3f1f8
+	free(argv);
c3f1f8
 
c3f1f8
 	return ret;
c3f1f8
 }
c3f1f8
@@ -683,6 +703,7 @@ int spawn_bind_mount(unsigned logopt, ..
c3f1f8
 	int update_mtab = 1, ret, printed = 0;
c3f1f8
 	unsigned int wait = defaults_get_mount_wait();
c3f1f8
 	char buf[PATH_MAX + 1];
c3f1f8
+	unsigned int argv_len;
c3f1f8
 
c3f1f8
 	/* If we use mount locking we can't validate the location */
c3f1f8
 #ifdef ENABLE_MOUNT_LOCKING
c3f1f8
@@ -711,8 +732,15 @@ int spawn_bind_mount(unsigned logopt, ..
c3f1f8
 		}
c3f1f8
 	}
c3f1f8
 
c3f1f8
-	if (!(argv = alloca(sizeof(char *) * (argc + 2))))
c3f1f8
+	argv_len = sizeof(char *) * (argc + 2);
c3f1f8
+	argv = malloc(argv_len);
c3f1f8
+	if (!argv) {
c3f1f8
+		char buf[MAX_ERR_BUF];
c3f1f8
+		char *estr = strerror_r(errno, buf, sizeof(buf));
c3f1f8
+		crit(logopt, "malloc: %s", estr);
c3f1f8
 		return -1;
c3f1f8
+	}
c3f1f8
+	memset(argv, 0, argv_len);
c3f1f8
 
c3f1f8
 	argv[0] = arg0;
c3f1f8
 	argv[1] = bind;
c3f1f8
@@ -774,6 +802,7 @@ int spawn_bind_mount(unsigned logopt, ..
c3f1f8
 		umount(argv[argc]);
c3f1f8
 		ret = MNT_FORCE_FAIL;
c3f1f8
 	}
c3f1f8
+	free(argv);
c3f1f8
 
c3f1f8
 	return ret;
c3f1f8
 }
c3f1f8
@@ -796,6 +825,7 @@ int spawn_umount(unsigned logopt, ...)
c3f1f8
 	int update_mtab = 1, ret, printed = 0;
c3f1f8
 	unsigned int wait = defaults_get_umount_wait();
c3f1f8
 	char buf[PATH_MAX + 1];
c3f1f8
+	unsigned int argv_len;
c3f1f8
 
c3f1f8
 #ifdef ENABLE_MOUNT_LOCKING
c3f1f8
 	options = SPAWN_OPT_LOCK;
c3f1f8
@@ -821,8 +851,15 @@ int spawn_umount(unsigned logopt, ...)
c3f1f8
 	if (arg_c)
c3f1f8
 		argc++;;
c3f1f8
 
c3f1f8
-	if (!(argv = alloca(sizeof(char *) * (argc + 1))))
c3f1f8
+	argv_len = sizeof(char *) * (argc + 1);
c3f1f8
+	argv = malloc(argv_len);
c3f1f8
+	if (!argv) {
c3f1f8
+		char buf[MAX_ERR_BUF];
c3f1f8
+		char *estr = strerror_r(errno, buf, sizeof(buf));
c3f1f8
+		crit(logopt, "malloc: %s", estr);
c3f1f8
 		return -1;
c3f1f8
+	}
c3f1f8
+	memset(argv, 0, argv_len);
c3f1f8
 
c3f1f8
 	p = argv;
c3f1f8
 	*p++ = arg0;
c3f1f8
@@ -870,6 +907,7 @@ int spawn_umount(unsigned logopt, ...)
c3f1f8
 		     "and /etc/mtab will differ");
c3f1f8
 		ret = 0;
c3f1f8
 	}
c3f1f8
+	free(argv);
c3f1f8
 
c3f1f8
 	return ret;
c3f1f8
 }