From 772e02a636b7222d10b4c9c6f2f1a5fa77b54177 Mon Sep 17 00:00:00 2001
From: Ian Kent <ikent@redhat.com>
Date: Fri, 17 Aug 2018 09:27:04 +0800
Subject: [PATCH] - fix use after free in parse_ldap_config() (bug 1617987).

---
 ...-use-after-free-in-parse_ldap_config.patch | 34 +++++++++++++++++++
 autofs.spec                                   |  7 +++-
 2 files changed, 40 insertions(+), 1 deletion(-)
 create mode 100644 autofs-5.1.4-fix-use-after-free-in-parse_ldap_config.patch

diff --git a/autofs-5.1.4-fix-use-after-free-in-parse_ldap_config.patch b/autofs-5.1.4-fix-use-after-free-in-parse_ldap_config.patch
new file mode 100644
index 0000000..b3f9938
--- /dev/null
+++ b/autofs-5.1.4-fix-use-after-free-in-parse_ldap_config.patch
@@ -0,0 +1,34 @@
+autofs-5.1.4 - fix use after free in parse_ldap_config()
+
+From: Ian Kent <raven@themaw.net>
+
+Commit a4a2af5f30 (covarity fixes) incorrecly frees local variable
+authtype after assigning it to a lookup context structure member.
+
+Signed-off-by: Ian Kent <raven@themaw.net>
+---
+ CHANGELOG             |    1 +
+ modules/lookup_ldap.c |    2 --
+ 2 files changed, 1 insertion(+), 2 deletions(-)
+
+--- autofs-5.1.4.orig/CHANGELOG
++++ autofs-5.1.4/CHANGELOG
+@@ -32,6 +32,7 @@ xx/xx/2018 autofs-5.1.5
+ - fix age setting at startup.
+ - fix update_negative_cache() map source usage.
+ - fix program usage message.
++- fix use after free in parse_ldap_config().
+ 
+ 19/12/2017 autofs-5.1.4
+ - fix spec file url.
+--- autofs-5.1.4.orig/modules/lookup_ldap.c
++++ autofs-5.1.4/modules/lookup_ldap.c
+@@ -1383,8 +1383,6 @@ auth_fail:
+ 		      user, secret ? "specified" : "unspecified",
+ 		      client_princ, client_cc);
+ 	}
+-	if (authtype)
+-		free(authtype);
+ out:
+ 	xmlFreeDoc(doc);
+ 	if (auth_conf)
diff --git a/autofs.spec b/autofs.spec
index 661e2bc..f7badc9 100644
--- a/autofs.spec
+++ b/autofs.spec
@@ -8,7 +8,7 @@
 Summary: A tool for automatically mounting and unmounting filesystems
 Name: autofs
 Version: 5.1.4
-Release: 20%{?dist}
+Release: 21%{?dist}
 Epoch: 1
 License: GPLv2+
 Group: System Environment/Daemons
@@ -47,6 +47,7 @@ Patch31: autofs-5.1.4-make-umount_ent-recognise-forced-umount.patch
 Patch32: autofs-5.1.4-fix-age-setting-at-startup.patch
 Patch33: autofs-5.1.4-fix-update_negative_cache-map-source-usage.patch
 Patch34: autofs-5.1.4-fix-program-usage-message.patch
+Patch35: autofs-5.1.4-fix-use-after-free-in-parse_ldap_config.patch
 
 %if %{with_systemd}
 BuildRequires: systemd-units
@@ -141,6 +142,7 @@ echo %{version}-%{release} > .version
 %patch32 -p1
 %patch33 -p1
 %patch34 -p1
+%patch35 -p1
 
 %build
 LDFLAGS=-Wl,-z,now
@@ -235,6 +237,9 @@ fi
 %dir /etc/auto.master.d
 
 %changelog
+* Fri Aug 17 2018 Ian Kent <ikent@redhat.com> - 1:5.1.4-21
+- fix use after free in parse_ldap_config().
+
 * Mon Aug 06 2018 Ian Kent <ikent@redhat.com> - 1:5.1.4-20
 - fix update_negative_cache() map source usage.
 - fix program usage message.