- add some new upstream memory leak and use after free bug fixes.

autofs-5.1.1-fix-memory-leak-in-get_network_proximity.patch

@@ -0,0 +1,36 @@
+autofs-5.1.1 - fix memory leak in get_network_proximity()
+
+From: Ian Kent <raven@themaw.net>
+
+Fix an obvious memory leak in the get_network_proximity() function.
+
+Signed-off-by: Ian Kent <raven@themaw.net>
+---
+ CHANGELOG        |    1 +
+ lib/parse_subs.c |    1 +
+ 2 files changed, 2 insertions(+)
+
+diff --git a/CHANGELOG b/CHANGELOG
+index 49e0142..9d8096e 100644
+--- a/CHANGELOG
++++ b/CHANGELOG
+@@ -38,6 +38,7 @@
+ - fix use after free in sun parser parse_init().
+ - fix use after free in open_lookup().
+ - fix typo in autofs_sasl_bind().
++- fix memory leak in get_network_proximity().
+ 
+ 21/04/2015 autofs-5.1.1
+ =======================
+diff --git a/lib/parse_subs.c b/lib/parse_subs.c
+index 6145828..8520d11 100644
+--- a/lib/parse_subs.c
++++ b/lib/parse_subs.c
+@@ -488,6 +488,7 @@ unsigned int get_network_proximity(const char *name)
+ 			proximity = prx;
+ 		this = this->ai_next;
+ 	}
++	freeaddrinfo(ni);
+ 
+ 	return proximity;
+ }

autofs-5.1.1-fix-memory-leak-in-ldap-do_init.patch

@@ -0,0 +1,37 @@
+autofs-5.1.1 - fix memory leak in ldap do_init()
+
+From: Ian Kent <raven@themaw.net>
+
+Fix error return without free of temporory allocated storage in
+do_init().
+
+Signed-off-by: Ian Kent <raven@themaw.net>
+---
+ CHANGELOG             |    1 +
+ modules/lookup_ldap.c |    1 +
+ 2 files changed, 2 insertions(+)
+
+diff --git a/CHANGELOG b/CHANGELOG
+index bb2ea30..0c467e0 100644
+--- a/CHANGELOG
++++ b/CHANGELOG
+@@ -34,6 +34,7 @@
+ - fix unbind sasl external mech.
+ - fix sasl connection concurrancy problem.
+ - fix memory leak in nisplus lookup_reinit().
++- fix memory leak in ldap do_init().
+ 
+ 21/04/2015 autofs-5.1.1
+ =======================
+diff --git a/modules/lookup_ldap.c b/modules/lookup_ldap.c
+index 959890a..45100ab 100644
+--- a/modules/lookup_ldap.c
++++ b/modules/lookup_ldap.c
+@@ -1752,6 +1752,7 @@ static int do_init(const char *mapfmt,
+ 		 */
+ 		if (!parse_server_string(LOGOPT_NONE, tmp, ctxt)) {
+ 			error(LOGOPT_ANY, MODPREFIX "cannot parse server string");
++			free(tmp);
+ 			return 1;
+ 		}
+ 		free(tmp);

autofs-5.1.1-fix-memory-leak-in-nisplus-lookup_reinit.patch

@@ -0,0 +1,40 @@
+autofs-5.1.1 - fix memory leak in nisplus lookup_reinit()
+
+From: Ian Kent <raven@themaw.net>
+
+Don't forget to free context on reinit error.
+
+Signed-off-by: Ian Kent <raven@themaw.net>
+---
+ CHANGELOG                |    1 +
+ modules/lookup_nisplus.c |    4 +++-
+ 2 files changed, 4 insertions(+), 1 deletion(-)
+
+diff --git a/CHANGELOG b/CHANGELOG
+index 663b867..bb2ea30 100644
+--- a/CHANGELOG
++++ b/CHANGELOG
+@@ -33,6 +33,7 @@
+ - remove unused function elapsed().
+ - fix unbind sasl external mech.
+ - fix sasl connection concurrancy problem.
++- fix memory leak in nisplus lookup_reinit().
+ 
+ 21/04/2015 autofs-5.1.1
+ =======================
+diff --git a/modules/lookup_nisplus.c b/modules/lookup_nisplus.c
+index 27f9856..7832611 100644
+--- a/modules/lookup_nisplus.c
++++ b/modules/lookup_nisplus.c
+@@ -116,8 +116,10 @@ int lookup_reinit(const char *mapfmt,
+ 
+ 	new->parse = ctxt->parse;
+ 	ret = do_init(mapfmt, argc, argv, new, 1);
+-	if (ret)
++	if (ret) {
++		free(new);
+ 		return 1;
++	}
+ 
+ 	*context = new;
+ 

autofs-5.1.1-fix-typo-in-autofs_sasl_bind.patch

@@ -0,0 +1,37 @@
+autofs-5.1.1 - fix typo in autofs_sasl_bind()
+
+From: Ian Kent <raven@themaw.net>
+
+Changes to autofs_sasl_bind() introduced an incorrect variable reference.
+
+Signed-off-by: Ian Kent <raven@themaw.net>
+---
+ CHANGELOG            |    1 +
+ modules/cyrus-sasl.c |    2 +-
+ 2 files changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/CHANGELOG b/CHANGELOG
+index 2d026f1..49e0142 100644
+--- a/CHANGELOG
++++ b/CHANGELOG
+@@ -37,6 +37,7 @@
+ - fix memory leak in ldap do_init().
+ - fix use after free in sun parser parse_init().
+ - fix use after free in open_lookup().
++- fix typo in autofs_sasl_bind().
+ 
+ 21/04/2015 autofs-5.1.1
+ =======================
+diff --git a/modules/cyrus-sasl.c b/modules/cyrus-sasl.c
+index 11a1178..cf596b8 100644
+--- a/modules/cyrus-sasl.c
++++ b/modules/cyrus-sasl.c
+@@ -958,7 +958,7 @@ autofs_sasl_bind(unsigned logopt,
+ 	else
+ 		sasl_conn = sasl_choose_mech(logopt, conn->ldap, ctxt);
+ 
+-	if (!conn)
++	if (!sasl_conn)
+ 		return -1;
+ 
+ 	conn->sasl_conn = sasl_conn;

autofs-5.1.1-fix-use-after-free-in-match_my_name.patch

@@ -0,0 +1,46 @@
+autofs-5.1.1 - fix use after free in match_my_name()
+
+From: Ian Kent <raven@themaw.net>
+
+I can't remember now if this function is supposed to fail if any host
+address has no reverse mapping. Presumably I put in the "goto next;"
+for a reason so just remove the freeaddrinfo() call.
+
+Signed-off-by: Ian Kent <raven@themaw.net>
+---
+ CHANGELOG           |    1 +
+ modules/parse_amd.c |    2 --
+ 2 files changed, 1 insertion(+), 2 deletions(-)
+
+diff --git a/CHANGELOG b/CHANGELOG
+index 9d8096e..88ec577 100644
+--- a/CHANGELOG
++++ b/CHANGELOG
+@@ -39,6 +39,7 @@
+ - fix use after free in open_lookup().
+ - fix typo in autofs_sasl_bind().
+ - fix memory leak in get_network_proximity().
++- fix use after free in match_my_name().
+ 
+ 21/04/2015 autofs-5.1.1
+ =======================
+diff --git a/modules/parse_amd.c b/modules/parse_amd.c
+index b8e0078..38d76b8 100644
+--- a/modules/parse_amd.c
++++ b/modules/parse_amd.c
+@@ -285,7 +285,6 @@ static int match_my_name(unsigned int logopt, const char *name, struct substvar
+ 			error(logopt,
+ 			      "host address info lookup failed: %s\n",
+ 			      gai_strerror(ret));
+-			freeaddrinfo(cni);
+ 			goto next;
+ 		}
+ 
+@@ -296,7 +295,6 @@ static int match_my_name(unsigned int logopt, const char *name, struct substvar
+ 			error(logopt,
+ 			      "host address info lookup failed: %s\n",
+ 			      gai_strerror(ret));
+-			freeaddrinfo(cni);
+ 			goto next;
+ 		}
+ 

autofs-5.1.1-fix-use-after-free-in-open_lookup.patch

@@ -0,0 +1,36 @@
+autofs-5.1.1 - fix use after free in open_lookup()
+
+From: Ian Kent <raven@themaw.net>
+
+If storage can't be allocated for module type error exit.
+
+Signed-off-by: Ian Kent <raven@themaw.net>
+---
+ CHANGELOG       |    1 +
+ daemon/module.c |    1 +
+ 2 files changed, 2 insertions(+)
+
+diff --git a/CHANGELOG b/CHANGELOG
+index 76e0a27..2d026f1 100644
+--- a/CHANGELOG
++++ b/CHANGELOG
+@@ -36,6 +36,7 @@
+ - fix memory leak in nisplus lookup_reinit().
+ - fix memory leak in ldap do_init().
+ - fix use after free in sun parser parse_init().
++- fix use after free in open_lookup().
+ 
+ 21/04/2015 autofs-5.1.1
+ =======================
+diff --git a/daemon/module.c b/daemon/module.c
+index d9921f4..bed8f7a 100644
+--- a/daemon/module.c
++++ b/daemon/module.c
+@@ -83,6 +83,7 @@ int open_lookup(const char *name, const char *err_prefix, const char *mapfmt,
+ 			char *estr = strerror_r(errno, buf, MAX_ERR_BUF);
+ 			logerr("%s%s", err_prefix, estr);
+ 		}
++		return NSS_STATUS_UNAVAIL;
+ 	}
+ 
+ 	size = snprintf(fnbuf, sizeof(fnbuf),

autofs-5.1.1-fix-use-after-free-in-sun-parser-parse_init.patch

@@ -0,0 +1,37 @@
+autofs-5.1.1 - fix use after free in sun parser parse_init()
+
+From: Ian Kent <raven@themaw.net>
+
+Change to free context in function it was allocated (parse_init) on
+error to avoid use after free.
+
+Signed-off-by: Ian Kent <raven@themaw.net>
+---
+ CHANGELOG           |    1 +
+ modules/parse_sun.c |    1 -
+ 2 files changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/CHANGELOG b/CHANGELOG
+index 0c467e0..76e0a27 100644
+--- a/CHANGELOG
++++ b/CHANGELOG
+@@ -35,6 +35,7 @@
+ - fix sasl connection concurrancy problem.
+ - fix memory leak in nisplus lookup_reinit().
+ - fix memory leak in ldap do_init().
++- fix use after free in sun parser parse_init().
+ 
+ 21/04/2015 autofs-5.1.1
+ =======================
+diff --git a/modules/parse_sun.c b/modules/parse_sun.c
+index a164fba..a9689f0 100644
+--- a/modules/parse_sun.c
++++ b/modules/parse_sun.c
+@@ -345,7 +345,6 @@ static int do_init(int argc, const char *const *argv, struct parse_context *ctxt
+ 			}
+ 			if (!noptstr) {
+ 				char *estr = strerror_r(errno, buf, MAX_ERR_BUF);
+-				kill_context(ctxt);
+ 				logerr(MODPREFIX "%s", estr);
+ 				return 1;
+ 			}

autofs.spec

@@ -8,7 +8,7 @@
 Summary: A tool for automatically mounting and unmounting filesystems
 Name: autofs
 Version: 5.1.1
-Release: 20%{?dist}
+Release: 21%{?dist}
 Epoch: 1
 License: GPLv2+
 Group: System Environment/Daemons
@@ -68,6 +68,13 @@ Patch50: autofs-5.1.1-change-time-to-use-monotonic_clock.patch
 Patch51: autofs-5.1.1-remove-unused-function-elapsed.patch
 Patch52: autofs-5.1.1-fix-unbind-external-mech.patch
 Patch53: autofs-5.1.1-fix-sasl-connection-concurrancy-problem.patch
+Patch54: autofs-5.1.1-fix-memory-leak-in-nisplus-lookup_reinit.patch
+Patch55: autofs-5.1.1-fix-memory-leak-in-ldap-do_init.patch
+Patch56: autofs-5.1.1-fix-use-after-free-in-sun-parser-parse_init.patch
+Patch57: autofs-5.1.1-fix-use-after-free-in-open_lookup.patch
+Patch58: autofs-5.1.1-fix-typo-in-autofs_sasl_bind.patch
+Patch59: autofs-5.1.1-fix-memory-leak-in-get_network_proximity.patch
+Patch60: autofs-5.1.1-fix-use-after-free-in-match_my_name.patch
 
 %if %{with_systemd}
 BuildRequires: systemd-units
@@ -180,6 +187,13 @@ echo %{version}-%{release} > .version
 %patch51 -p1
 %patch52 -p1
 %patch53 -p1
+%patch54 -p1
+%patch55 -p1
+%patch56 -p1
+%patch57 -p1
+%patch58 -p1
+%patch59 -p1
+%patch60 -p1
 
 %build
 LDFLAGS=-Wl,-z,now
@@ -273,6 +287,9 @@ fi
 %dir /etc/auto.master.d
 
 %changelog
+* Wed Jan 20 2016 Ian Kent <ikent@redhat.com> - 1:5.1.1-21
+- add some new upstream memory leak and use after free bug fixes.
+
 * Wed Jan 20 2016 Ian Kent <ikent@redhat.com> - 1:5.1.1-20
 - fix incorrect committer changelog entries.
 - add current released upstream patches.