45 lines
1.3 KiB
Diff
45 lines
1.3 KiB
Diff
|
autofs-5.1.6 - fix quoted string length calc in expandsunent()
|
||
|
|
||
|
From: Ian Kent <raven@themaw.net>
|
||
|
|
||
|
The expandsunent() function in modules/parse_sun.c fails to properly
|
||
|
handle the ending " in a quoted string causing the length calculation
|
||
|
to not account for the ending quote and also doesn't properly account
|
||
|
for the remainder of the string being expanded.
|
||
|
|
||
|
Also, when called again (after being called to get the length) the
|
||
|
allocated buffer is too small leading to out of bounds accesses.
|
||
|
|
||
|
Signed-off-by: Ian Kent <raven@themaw.net>
|
||
|
---
|
||
|
CHANGELOG | 1 +
|
||
|
modules/parse_sun.c | 6 ++++--
|
||
|
2 files changed, 5 insertions(+), 2 deletions(-)
|
||
|
|
||
|
--- autofs-5.1.4.orig/CHANGELOG
|
||
|
+++ autofs-5.1.4/CHANGELOG
|
||
|
@@ -79,6 +79,7 @@ xx/xx/2018 autofs-5.1.5
|
||
|
- fix a regression with map instance lookup.
|
||
|
- fix trailing dollar sun entry expansion.
|
||
|
- initialize struct addrinfo for getaddrinfo() calls.
|
||
|
+- fix quoted string length calc in expandsunent().
|
||
|
|
||
|
19/12/2017 autofs-5.1.4
|
||
|
- fix spec file url.
|
||
|
--- autofs-5.1.4.orig/modules/parse_sun.c
|
||
|
+++ autofs-5.1.4/modules/parse_sun.c
|
||
|
@@ -213,9 +213,11 @@ int expandsunent(const char *src, char *
|
||
|
*dst++ = *src;
|
||
|
src++;
|
||
|
}
|
||
|
- if (*src && dst) {
|
||
|
+ if (*src) {
|
||
|
len++;
|
||
|
- *dst++ = *src++;
|
||
|
+ if (dst)
|
||
|
+ *dst++ = *src;
|
||
|
+ src++;
|
||
|
}
|
||
|
break;
|
||
|
|