- add change for bug 1938682.

2021-06-30 11:50:21 +08:00 · 2021-06-30 11:50:21 +08:00 · 51e42820d4
commit 51e42820d4
parent 1840dcb866
2 changed files with 128 additions and 1 deletions
--- a/autofs-5.1.7-fix-concat_options-error-handling.patch
+++ b/autofs-5.1.7-fix-concat_options-error-handling.patch
@ -0,0 +1,119 @@
+autofs-5.1.7 - fix concat_options() error handling
+
+From: Ian Kent <raven@themaw.net>
+
+There's a possibility of a memory leak in the mount options processing
+when calling concat_options() in parse_mount() of the Sun format map
+entry parsing.
+
+There's also a case in do_init() of the Sun map format parsing where
+a previously freed value is used in a logging statement without being
+set to MULL.
+
+So ensure concat_options() always frees it's arguments so that the
+handling can be consistent in all places.
+
+Signed-off-by: Ian Kent <raven@themaw.net>
+---
+ CHANGELOG           |    1 +
+ modules/parse_sun.c |   23 +++++++++++------------
+ 2 files changed, 12 insertions(+), 12 deletions(-)
+
+--- autofs-5.1.7.orig/CHANGELOG
+++ autofs-5.1.7/CHANGELOG
+@@ -77,6 +77,7 @@
+ - fix lookup_prune_one_cache() refactoring change.
+ - add missing description of null map option.
+ - fix nonstrict offset mount fail handling.
+- fix concat_options() error handling.
+ 
+ 25/01/2021 autofs-5.1.7
+ - make bind mounts propagation slave by default.
+--- autofs-5.1.7.orig/modules/parse_sun.c
+++ autofs-5.1.7/modules/parse_sun.c
+@@ -381,6 +381,8 @@ static int do_init(int argc, const char
+ 				char *estr = strerror_r(errno, buf, MAX_ERR_BUF);
+ 				logerr(MODPREFIX "concat_options: %s", estr);
+ 				free(gbl_options);
+				/* freed in concat_options */
+				ctxt->optstr = NULL;
+ 			} else
+ 				ctxt->optstr = tmp;
+ 		} else {
+@@ -492,12 +494,16 @@ static char *concat_options(char *left,
+ 	char *ret;
+ 
+ 	if (left == NULL || *left == '\0') {
+		if (!right || *right == '\0')
+			return NULL;
+ 		ret = strdup(right);
+ 		free(right);
+ 		return ret;
+ 	}
+ 
+ 	if (right == NULL || *right == '\0') {
+		if (left == NULL || *left == '\0')
+			return NULL;
+ 		ret = strdup(left);
+ 		free(left);
+ 		return ret;
+@@ -508,6 +514,8 @@ static char *concat_options(char *left,
+ 	if (ret == NULL) {
+ 		char *estr = strerror_r(errno, buf, MAX_ERR_BUF);
+ 		logerr(MODPREFIX "malloc: %s", estr);
+		free(left);
+		free(right);
+ 		return NULL;
+ 	}
+ 
+@@ -989,14 +997,13 @@ static int parse_mapent(const char *ent,
+ 			if (newopt && strstr(newopt, myoptions)) {
+ 				free(myoptions);
+ 				myoptions = newopt;
+-			} else {
+			} else if (newopt) {
+ 				tmp = concat_options(myoptions, newopt);
+ 				if (!tmp) {
+ 					char *estr;
+ 					estr = strerror_r(errno, buf, MAX_ERR_BUF);
+ 					error(logopt, MODPREFIX
+ 					      "concat_options: %s", estr);
+-					free(myoptions);
+ 					return 0;
+ 				}
+ 				myoptions = tmp;
+@@ -1358,16 +1365,12 @@ dont_expand:
+ 			if (mnt_options && noptions && strstr(noptions, mnt_options)) {
+ 				free(mnt_options);
+ 				mnt_options = noptions;
+-			} else {
+			} else if (noptions) {
+ 				tmp = concat_options(mnt_options, noptions);
+ 				if (!tmp) {
+ 					char *estr = strerror_r(errno, buf, MAX_ERR_BUF);
+ 					error(ap->logopt,
+ 					      MODPREFIX "concat_options: %s", estr);
+-					if (noptions)
+-						free(noptions);
+-					if (mnt_options)
+-						free(mnt_options);
+ 					free(options);
+ 					free(pmapent);
+ 					return 1;
+@@ -1387,15 +1390,11 @@ dont_expand:
+ 			if (options && mnt_options && strstr(mnt_options, options)) {
+ 				free(options);
+ 				options = mnt_options;
+-			} else {
+			} else if (mnt_options) {
+ 				tmp = concat_options(options, mnt_options);
+ 				if (!tmp) {
+ 					char *estr = strerror_r(errno, buf, MAX_ERR_BUF);
+ 					error(ap->logopt, MODPREFIX "concat_options: %s", estr);
+-					if (options)
+-						free(options);
+-					if (mnt_options)
+-						free(mnt_options);
+ 					free(pmapent);
+ 					return 1;
+ 				}
--- a/autofs.spec
+++ b/autofs.spec
@ -12,7 +12,7 @@
 Summary: A tool for automatically mounting and unmounting filesystems
 Name: autofs
 Version: 5.1.7
-Release: 19%{?dist}
+Release: 20%{?dist}
 Epoch: 1
 License: GPLv2+
 Source: https://www.kernel.org/pub/linux/daemons/autofs/v5/autofs-%{version}-2.tar.gz
@ -98,6 +98,7 @@ Patch75: autofs-5.1.7-fix-direct-mount-deadlock.patch
 Patch76: autofs-5.1.7-fix-lookup_prune_one_cache-refactoring-change.patch
 Patch77: autofs-5.1.7-add-missing-description-of-null-map-option.patch
 Patch78: autofs-5.1.7-fix-nonstrict-offset-mount-fail-handling.patch
+Patch79: autofs-5.1.7-fix-concat_options-error-handling.patch

 %if %{with_systemd}
 BuildRequires: systemd-units
@ -242,6 +243,7 @@ echo %{version}-%{release} > .version
 %patch76 -p1
 %patch77 -p1
 %patch78 -p1
+%patch79 -p1

 %build
 LDFLAGS=-Wl,-z,now
@ -350,6 +352,12 @@ fi
 %dir /etc/auto.master.d

 %changelog
+* Wed Jun 30 2021 Ian Kent <ikent@redhat.com> - 1:5.1.7-20
+- bz1938682 - review of important potential issues detected by static analyzers
+  in autofs-5.1.7-2.el9
+  - fix concat_options() error handling.
+- Resolves: rhbz#1938682
+
 * Wed Jun 23 2021 Ian Kent <ikent@redhat.com> - 1:5.1.7-19
 - bz1951393 - add gating.yaml for CI testing
  - add gating.yaml.