rpms / autofs

Clone
Source Code
GIT

Blame SOURCES/autofs-5.1.6-fix-quoted-string-length-calc-in-expandsunent.patch

c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-beta c8 c8-beta c8s c9 c9-beta
  1.   c7
  2.   SOURCES
  3.   autofs-5.1.6-fix-quoted-string-length-calc-in-expandsunent.patch
Blob History Raw
80b5cf 
autofs-5.1.6 - fix quoted string length calc in expandsunent()
80b5cf
80b5cf 
From: Ian Kent <raven@themaw.net>
80b5cf
80b5cf 
The expandsunent() function in modules/parse_sun.c fails to properly
80b5cf 
handle the ending " in a quoted string causing the length calculation
80b5cf 
to not account for the ending quote and also doesn't properly account
80b5cf 
for the remainder of the string being expanded.
80b5cf
80b5cf 
Also, when called again (after being called to get the length) the
80b5cf 
allocated buffer is too small leading to out of bounds accesses.
80b5cf
80b5cf 
Signed-off-by: Ian Kent <raven@themaw.net>
80b5cf 
---
80b5cf 
 CHANGELOG           |    1 +
80b5cf 
 modules/parse_sun.c |    6 ++++--
80b5cf 
 2 files changed, 5 insertions(+), 2 deletions(-)
80b5cf
80b5cf 
--- autofs-5.0.7.orig/CHANGELOG
80b5cf 
+++ autofs-5.0.7/CHANGELOG
80b5cf 
@@ -353,6 +353,7 @@
80b5cf 
 - also use strictexpire for offsets.
80b5cf 
 - fix trailing dollar sun entry expansion.
80b5cf 
 - initialize struct addrinfo for getaddrinfo() calls.
80b5cf 
+- fix quoted string length calc in expandsunent().
80b5cf
80b5cf 
 25/07/2012 autofs-5.0.7
80b5cf 
 =======================
80b5cf 
--- autofs-5.0.7.orig/modules/parse_sun.c
80b5cf 
+++ autofs-5.0.7/modules/parse_sun.c
80b5cf 
@@ -213,9 +213,11 @@ int expandsunent(const char *src, char *
80b5cf 
 					*dst++ = *src;
80b5cf 
 				src++;
80b5cf 
 			}
80b5cf 
-			if (*src && dst) {
80b5cf 
+			if (*src) {
80b5cf 
 				len++;
80b5cf 
-				*dst++ = *src++;
80b5cf 
+				if (dst)
80b5cf 
+					*dst++ = *src;
80b5cf 
+				src++;
80b5cf 
 			}
80b5cf 
 			break;
80b5cf

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation