import autofs-5.1.4-92.el8

2023-02-06 14:08:53 +00:00 · 2023-02-06 14:08:53 +00:00 · 034521cbbd
parent a2389ce23d
commit 034521cbbd
2 changed files with 65 additions and 1 deletions
--- a/SOURCES/autofs-5.1.8-fail-on-empty-replicated-host-name.patch
+++ b/SOURCES/autofs-5.1.8-fail-on-empty-replicated-host-name.patch
@ -0,0 +1,57 @@
+autofs-5.1.8 - fail on empty replicated host name
+
+From: Ian Kent <raven@themaw.net>
+
+If a mount location host (or hosts) has an empty host name it has to be
+a mistake so fail the automount request.
+
+Signed-off-by: Ian Kent <raven@themaw.net>
+---
+ CHANGELOG           |    1 +
+ modules/parse_sun.c |   18 ++++++++++++++++++
+ 2 files changed, 19 insertions(+)
+
+--- autofs-5.1.4.orig/CHANGELOG
+++ autofs-5.1.4/CHANGELOG
+@@ -105,6 +105,7 @@
+ - fix concat_options() error handling.
+ - fix minus only option handling in concat_options().
+ - fix incorrect path for is_mounted() in try_remount().
+- fail on empty replicated host name.
+ 
+ xx/xx/2018 autofs-5.1.5
+ - fix flag file permission.
+--- autofs-5.1.4.orig/modules/parse_sun.c
+++ autofs-5.1.4/modules/parse_sun.c
+@@ -924,6 +924,12 @@ static int validate_location(unsigned in
+ 	if (*ptr == ':')
+ 		return 1;
+ 
+	/* Fail on replicated entry with empty first host name */
+	if (*ptr == ',') {
+		error(logopt, "missing first host name in location %s", loc);
+		return 0;
+	}
+
+ 	/*
+ 	 * If a ':/' is present now it must be a host name, except
+ 	 * for those special file systems like sshfs which use "#"
+@@ -960,6 +966,18 @@ static int validate_location(unsigned in
+ 				      "found in location %s", *ptr, loc);
+ 				return 0;
+ 			}
+
+			/* Fail on replicated entry with empty host name */
+			if (*ptr == ',') {
+				char next = *(ptr + 1);
+
+				if (next == ',' || next == ':') {
+					error(logopt,
+					      "missing host name in location %s", loc);
+					return 0;
+				}
+			}
+
+ 			ptr++;
+ 		}
+ 
--- a/SPECS/autofs.spec
+++ b/SPECS/autofs.spec
@ -8,7 +8,7 @@
 Summary: A tool for automatically mounting and unmounting filesystems
 Name: autofs
 Version: 5.1.4
-Release: 91%{?dist}
+Release: 92%{?dist}
 Epoch: 1
 License: GPLv2+
 Group: System Environment/Daemons
@ -277,6 +277,7 @@ Patch248: autofs-5.1.8-fix-memory-leak-in-update_hosts_mounts.patch
 Patch249: autofs-5.1.7-fix-concat_options-error-handling.patch
 Patch250: autofs-5.1.8-fix-minus-only-option-handling-in-concat_options.patch
 Patch251: autofs-5.1.8-fix-incorrect-path-for-is_mounted-in-try_remount.patch
+Patch252: autofs-5.1.8-fail-on-empty-replicated-host-name.patch

 %if %{with_systemd}
 BuildRequires: systemd-units
@ -595,6 +596,7 @@ echo %{version}-%{release} > .version
 %patch249 -p1
 %patch250 -p1
 %patch251 -p1
+%patch252 -p1

 %build
 LDFLAGS=-Wl,-z,now
@ -690,6 +692,11 @@ fi
 %dir /etc/auto.master.d

 %changelog
+* Tue Jan 24 2023 Ian Kent <ikent@redhat.com> - 5.1.4-92
+- bz2161336 - Users can trigger a simple autofs DoS with wildcard automounter maps
+  - fail on empty trailing replicated host name.
+- Resolves: rhbz#2161336
+
 * Mon Dec 05 2022 Ian Kent <ikent@redhat.com> - 5.1.4-91
 - bz2148872 - autofs: errors in autofs-5.1.4-83.el8.x86_64 when restarting
  autofs with busy directories