diff --git a/autofs-5.1.1-fix-memory-leak-in-get_network_proximity.patch b/autofs-5.1.1-fix-memory-leak-in-get_network_proximity.patch new file mode 100644 index 0000000..4e6d622 --- /dev/null +++ b/autofs-5.1.1-fix-memory-leak-in-get_network_proximity.patch @@ -0,0 +1,36 @@ +autofs-5.1.1 - fix memory leak in get_network_proximity() + +From: Ian Kent + +Fix an obvious memory leak in the get_network_proximity() function. + +Signed-off-by: Ian Kent +--- + CHANGELOG | 1 + + lib/parse_subs.c | 1 + + 2 files changed, 2 insertions(+) + +diff --git a/CHANGELOG b/CHANGELOG +index 49e0142..9d8096e 100644 +--- a/CHANGELOG ++++ b/CHANGELOG +@@ -38,6 +38,7 @@ + - fix use after free in sun parser parse_init(). + - fix use after free in open_lookup(). + - fix typo in autofs_sasl_bind(). ++- fix memory leak in get_network_proximity(). + + 21/04/2015 autofs-5.1.1 + ======================= +diff --git a/lib/parse_subs.c b/lib/parse_subs.c +index 6145828..8520d11 100644 +--- a/lib/parse_subs.c ++++ b/lib/parse_subs.c +@@ -488,6 +488,7 @@ unsigned int get_network_proximity(const char *name) + proximity = prx; + this = this->ai_next; + } ++ freeaddrinfo(ni); + + return proximity; + } diff --git a/autofs-5.1.1-fix-memory-leak-in-ldap-do_init.patch b/autofs-5.1.1-fix-memory-leak-in-ldap-do_init.patch new file mode 100644 index 0000000..ef36ba6 --- /dev/null +++ b/autofs-5.1.1-fix-memory-leak-in-ldap-do_init.patch @@ -0,0 +1,37 @@ +autofs-5.1.1 - fix memory leak in ldap do_init() + +From: Ian Kent + +Fix error return without free of temporory allocated storage in +do_init(). + +Signed-off-by: Ian Kent +--- + CHANGELOG | 1 + + modules/lookup_ldap.c | 1 + + 2 files changed, 2 insertions(+) + +diff --git a/CHANGELOG b/CHANGELOG +index bb2ea30..0c467e0 100644 +--- a/CHANGELOG ++++ b/CHANGELOG +@@ -34,6 +34,7 @@ + - fix unbind sasl external mech. + - fix sasl connection concurrancy problem. + - fix memory leak in nisplus lookup_reinit(). ++- fix memory leak in ldap do_init(). + + 21/04/2015 autofs-5.1.1 + ======================= +diff --git a/modules/lookup_ldap.c b/modules/lookup_ldap.c +index 959890a..45100ab 100644 +--- a/modules/lookup_ldap.c ++++ b/modules/lookup_ldap.c +@@ -1752,6 +1752,7 @@ static int do_init(const char *mapfmt, + */ + if (!parse_server_string(LOGOPT_NONE, tmp, ctxt)) { + error(LOGOPT_ANY, MODPREFIX "cannot parse server string"); ++ free(tmp); + return 1; + } + free(tmp); diff --git a/autofs-5.1.1-fix-memory-leak-in-nisplus-lookup_reinit.patch b/autofs-5.1.1-fix-memory-leak-in-nisplus-lookup_reinit.patch new file mode 100644 index 0000000..9d4606b --- /dev/null +++ b/autofs-5.1.1-fix-memory-leak-in-nisplus-lookup_reinit.patch @@ -0,0 +1,40 @@ +autofs-5.1.1 - fix memory leak in nisplus lookup_reinit() + +From: Ian Kent + +Don't forget to free context on reinit error. + +Signed-off-by: Ian Kent +--- + CHANGELOG | 1 + + modules/lookup_nisplus.c | 4 +++- + 2 files changed, 4 insertions(+), 1 deletion(-) + +diff --git a/CHANGELOG b/CHANGELOG +index 663b867..bb2ea30 100644 +--- a/CHANGELOG ++++ b/CHANGELOG +@@ -33,6 +33,7 @@ + - remove unused function elapsed(). + - fix unbind sasl external mech. + - fix sasl connection concurrancy problem. ++- fix memory leak in nisplus lookup_reinit(). + + 21/04/2015 autofs-5.1.1 + ======================= +diff --git a/modules/lookup_nisplus.c b/modules/lookup_nisplus.c +index 27f9856..7832611 100644 +--- a/modules/lookup_nisplus.c ++++ b/modules/lookup_nisplus.c +@@ -116,8 +116,10 @@ int lookup_reinit(const char *mapfmt, + + new->parse = ctxt->parse; + ret = do_init(mapfmt, argc, argv, new, 1); +- if (ret) ++ if (ret) { ++ free(new); + return 1; ++ } + + *context = new; + diff --git a/autofs-5.1.1-fix-typo-in-autofs_sasl_bind.patch b/autofs-5.1.1-fix-typo-in-autofs_sasl_bind.patch new file mode 100644 index 0000000..b76eeac --- /dev/null +++ b/autofs-5.1.1-fix-typo-in-autofs_sasl_bind.patch @@ -0,0 +1,37 @@ +autofs-5.1.1 - fix typo in autofs_sasl_bind() + +From: Ian Kent + +Changes to autofs_sasl_bind() introduced an incorrect variable reference. + +Signed-off-by: Ian Kent +--- + CHANGELOG | 1 + + modules/cyrus-sasl.c | 2 +- + 2 files changed, 2 insertions(+), 1 deletion(-) + +diff --git a/CHANGELOG b/CHANGELOG +index 2d026f1..49e0142 100644 +--- a/CHANGELOG ++++ b/CHANGELOG +@@ -37,6 +37,7 @@ + - fix memory leak in ldap do_init(). + - fix use after free in sun parser parse_init(). + - fix use after free in open_lookup(). ++- fix typo in autofs_sasl_bind(). + + 21/04/2015 autofs-5.1.1 + ======================= +diff --git a/modules/cyrus-sasl.c b/modules/cyrus-sasl.c +index 11a1178..cf596b8 100644 +--- a/modules/cyrus-sasl.c ++++ b/modules/cyrus-sasl.c +@@ -958,7 +958,7 @@ autofs_sasl_bind(unsigned logopt, + else + sasl_conn = sasl_choose_mech(logopt, conn->ldap, ctxt); + +- if (!conn) ++ if (!sasl_conn) + return -1; + + conn->sasl_conn = sasl_conn; diff --git a/autofs-5.1.1-fix-use-after-free-in-match_my_name.patch b/autofs-5.1.1-fix-use-after-free-in-match_my_name.patch new file mode 100644 index 0000000..e1ad665 --- /dev/null +++ b/autofs-5.1.1-fix-use-after-free-in-match_my_name.patch @@ -0,0 +1,46 @@ +autofs-5.1.1 - fix use after free in match_my_name() + +From: Ian Kent + +I can't remember now if this function is supposed to fail if any host +address has no reverse mapping. Presumably I put in the "goto next;" +for a reason so just remove the freeaddrinfo() call. + +Signed-off-by: Ian Kent +--- + CHANGELOG | 1 + + modules/parse_amd.c | 2 -- + 2 files changed, 1 insertion(+), 2 deletions(-) + +diff --git a/CHANGELOG b/CHANGELOG +index 9d8096e..88ec577 100644 +--- a/CHANGELOG ++++ b/CHANGELOG +@@ -39,6 +39,7 @@ + - fix use after free in open_lookup(). + - fix typo in autofs_sasl_bind(). + - fix memory leak in get_network_proximity(). ++- fix use after free in match_my_name(). + + 21/04/2015 autofs-5.1.1 + ======================= +diff --git a/modules/parse_amd.c b/modules/parse_amd.c +index b8e0078..38d76b8 100644 +--- a/modules/parse_amd.c ++++ b/modules/parse_amd.c +@@ -285,7 +285,6 @@ static int match_my_name(unsigned int logopt, const char *name, struct substvar + error(logopt, + "host address info lookup failed: %s\n", + gai_strerror(ret)); +- freeaddrinfo(cni); + goto next; + } + +@@ -296,7 +295,6 @@ static int match_my_name(unsigned int logopt, const char *name, struct substvar + error(logopt, + "host address info lookup failed: %s\n", + gai_strerror(ret)); +- freeaddrinfo(cni); + goto next; + } + diff --git a/autofs-5.1.1-fix-use-after-free-in-open_lookup.patch b/autofs-5.1.1-fix-use-after-free-in-open_lookup.patch new file mode 100644 index 0000000..f04b8ef --- /dev/null +++ b/autofs-5.1.1-fix-use-after-free-in-open_lookup.patch @@ -0,0 +1,36 @@ +autofs-5.1.1 - fix use after free in open_lookup() + +From: Ian Kent + +If storage can't be allocated for module type error exit. + +Signed-off-by: Ian Kent +--- + CHANGELOG | 1 + + daemon/module.c | 1 + + 2 files changed, 2 insertions(+) + +diff --git a/CHANGELOG b/CHANGELOG +index 76e0a27..2d026f1 100644 +--- a/CHANGELOG ++++ b/CHANGELOG +@@ -36,6 +36,7 @@ + - fix memory leak in nisplus lookup_reinit(). + - fix memory leak in ldap do_init(). + - fix use after free in sun parser parse_init(). ++- fix use after free in open_lookup(). + + 21/04/2015 autofs-5.1.1 + ======================= +diff --git a/daemon/module.c b/daemon/module.c +index d9921f4..bed8f7a 100644 +--- a/daemon/module.c ++++ b/daemon/module.c +@@ -83,6 +83,7 @@ int open_lookup(const char *name, const char *err_prefix, const char *mapfmt, + char *estr = strerror_r(errno, buf, MAX_ERR_BUF); + logerr("%s%s", err_prefix, estr); + } ++ return NSS_STATUS_UNAVAIL; + } + + size = snprintf(fnbuf, sizeof(fnbuf), diff --git a/autofs-5.1.1-fix-use-after-free-in-sun-parser-parse_init.patch b/autofs-5.1.1-fix-use-after-free-in-sun-parser-parse_init.patch new file mode 100644 index 0000000..8f0fef4 --- /dev/null +++ b/autofs-5.1.1-fix-use-after-free-in-sun-parser-parse_init.patch @@ -0,0 +1,37 @@ +autofs-5.1.1 - fix use after free in sun parser parse_init() + +From: Ian Kent + +Change to free context in function it was allocated (parse_init) on +error to avoid use after free. + +Signed-off-by: Ian Kent +--- + CHANGELOG | 1 + + modules/parse_sun.c | 1 - + 2 files changed, 1 insertion(+), 1 deletion(-) + +diff --git a/CHANGELOG b/CHANGELOG +index 0c467e0..76e0a27 100644 +--- a/CHANGELOG ++++ b/CHANGELOG +@@ -35,6 +35,7 @@ + - fix sasl connection concurrancy problem. + - fix memory leak in nisplus lookup_reinit(). + - fix memory leak in ldap do_init(). ++- fix use after free in sun parser parse_init(). + + 21/04/2015 autofs-5.1.1 + ======================= +diff --git a/modules/parse_sun.c b/modules/parse_sun.c +index a164fba..a9689f0 100644 +--- a/modules/parse_sun.c ++++ b/modules/parse_sun.c +@@ -345,7 +345,6 @@ static int do_init(int argc, const char *const *argv, struct parse_context *ctxt + } + if (!noptstr) { + char *estr = strerror_r(errno, buf, MAX_ERR_BUF); +- kill_context(ctxt); + logerr(MODPREFIX "%s", estr); + return 1; + } diff --git a/autofs.spec b/autofs.spec index 0afd429..f8b872b 100644 --- a/autofs.spec +++ b/autofs.spec @@ -8,7 +8,7 @@ Summary: A tool for automatically mounting and unmounting filesystems Name: autofs Version: 5.1.1 -Release: 20%{?dist} +Release: 21%{?dist} Epoch: 1 License: GPLv2+ Group: System Environment/Daemons @@ -68,6 +68,13 @@ Patch50: autofs-5.1.1-change-time-to-use-monotonic_clock.patch Patch51: autofs-5.1.1-remove-unused-function-elapsed.patch Patch52: autofs-5.1.1-fix-unbind-external-mech.patch Patch53: autofs-5.1.1-fix-sasl-connection-concurrancy-problem.patch +Patch54: autofs-5.1.1-fix-memory-leak-in-nisplus-lookup_reinit.patch +Patch55: autofs-5.1.1-fix-memory-leak-in-ldap-do_init.patch +Patch56: autofs-5.1.1-fix-use-after-free-in-sun-parser-parse_init.patch +Patch57: autofs-5.1.1-fix-use-after-free-in-open_lookup.patch +Patch58: autofs-5.1.1-fix-typo-in-autofs_sasl_bind.patch +Patch59: autofs-5.1.1-fix-memory-leak-in-get_network_proximity.patch +Patch60: autofs-5.1.1-fix-use-after-free-in-match_my_name.patch %if %{with_systemd} BuildRequires: systemd-units @@ -180,6 +187,13 @@ echo %{version}-%{release} > .version %patch51 -p1 %patch52 -p1 %patch53 -p1 +%patch54 -p1 +%patch55 -p1 +%patch56 -p1 +%patch57 -p1 +%patch58 -p1 +%patch59 -p1 +%patch60 -p1 %build LDFLAGS=-Wl,-z,now @@ -273,6 +287,9 @@ fi %dir /etc/auto.master.d %changelog +* Wed Jan 20 2016 Ian Kent - 1:5.1.1-21 +- add some new upstream memory leak and use after free bug fixes. + * Wed Jan 20 2016 Ian Kent - 1:5.1.1-20 - fix incorrect committer changelog entries. - add current released upstream patches.