From e60215457050fba366e73eb5cf80931f7f3ba7ab Mon Sep 17 00:00:00 2001 From: Ian Kent Date: Tue, 11 Jun 2013 16:07:07 +0800 Subject: [PATCH] - add a couple of upstream fixes and a bunch of changes based on a Covarity report. --- ...dd-changlog-entry-for-coverity-fixes.patch | 48 ++++++ ...r-waitpid-in-check_nfs_mount_version.patch | 24 +++ ...of-bind_result-in.patch-do_sasl_bind.patch | 23 +++ ...entry-null-check-in-do_expire_direct.patch | 25 +++ ...check-in-lookup-nisplus-lookup_mount.patch | 24 +++ ....7-add-null-check-in-extract_version.patch | 23 +++ ...dd-null-check-in-parse_server_string.patch | 26 +++ autofs-5.0.7-add-null-check-in-read_one.patch | 26 +++ autofs-5.0.7-add-pgrp-check-in-do_spawn.patch | 23 +++ ...mkdir_path-in-mount_bind-mount_mount.patch | 27 +++ autofs-5.0.7-fix-fcntl-return-check.patch | 25 +++ ...map-entry-duplicate-offset-detection.patch | 37 +++++ ..._addr-null-reference-in-add_new_host.patch | 55 ++++++ ...nsistent-signed-usage-for-__rpc_ping.patch | 41 +++++ ...lock-in-handle_packet_missing_direct.patch | 23 +++ ...fix-incorrect-check-in-flag_is_owned.patch | 30 ++++ autofs-5.0.7-fix-incorrect-name-in-test.patch | 22 +++ ...orrect-value-reference-in-parse_line.patch | 22 +++ ...ercent-hack-allocation-in-lookup_one.patch | 21 +++ ...7-fix-master-map-bogus-keywork-match.patch | 62 +++++++ ...ix-master-map-mount-options-matching.patch | 43 +++++ ...5.0.7-fix-memory-leak-in-get_dc_list.patch | 30 ++++ ...after-free-in-lookup_dir-lookup_init.patch | 21 +++ ...ial-null-dereference-in-lookup_mount.patch | 157 ++++++++++++++++++ ...-5.0.7-fix-several-off-by-one-errors.patch | 128 ++++++++++++++ ...turn-check-in-mount_bind-lookup_init.patch | 23 +++ ...version-in-turn-for-singleton-mounts.patch | 104 ++++++++++++ ...ry-lookup-return-in-do_readmap_mount.patch | 30 ++++ ....7-remove-debug-only-code-in-alarm-c.patch | 36 ++++ autofs.spec | 66 +++++++- 30 files changed, 1244 insertions(+), 1 deletion(-) create mode 100644 autofs-5.0.7-add-changlog-entry-for-coverity-fixes.patch create mode 100644 autofs-5.0.7-add-debug-alert-for-waitpid-in-check_nfs_mount_version.patch create mode 100644 autofs-5.0.7-add-initialization-of-bind_result-in.patch-do_sasl_bind.patch create mode 100644 autofs-5.0.7-add-map-entry-null-check-in-do_expire_direct.patch create mode 100644 autofs-5.0.7-add-mapent-null-check-in-lookup-nisplus-lookup_mount.patch create mode 100644 autofs-5.0.7-add-null-check-in-extract_version.patch create mode 100644 autofs-5.0.7-add-null-check-in-parse_server_string.patch create mode 100644 autofs-5.0.7-add-null-check-in-read_one.patch create mode 100644 autofs-5.0.7-add-pgrp-check-in-do_spawn.patch create mode 100644 autofs-5.0.7-fix-check-mkdir_path-in-mount_bind-mount_mount.patch create mode 100644 autofs-5.0.7-fix-fcntl-return-check.patch create mode 100644 autofs-5.0.7-fix-fix-map-entry-duplicate-offset-detection.patch create mode 100644 autofs-5.0.7-fix-host_addr-null-reference-in-add_new_host.patch create mode 100644 autofs-5.0.7-fix-inconsistent-signed-usage-for-__rpc_ping.patch create mode 100644 autofs-5.0.7-fix-inconsistent-use-of-cache-lock-in-handle_packet_missing_direct.patch create mode 100644 autofs-5.0.7-fix-incorrect-check-in-flag_is_owned.patch create mode 100644 autofs-5.0.7-fix-incorrect-name-in-test.patch create mode 100644 autofs-5.0.7-fix-incorrect-value-reference-in-parse_line.patch create mode 100644 autofs-5.0.7-fix-leaked-ldap-percent-hack-allocation-in-lookup_one.patch create mode 100644 autofs-5.0.7-fix-master-map-bogus-keywork-match.patch create mode 100644 autofs-5.0.7-fix-master-map-mount-options-matching.patch create mode 100644 autofs-5.0.7-fix-memory-leak-in-get_dc_list.patch create mode 100644 autofs-5.0.7-fix-possible-use-after-free-in-lookup_dir-lookup_init.patch create mode 100644 autofs-5.0.7-fix-potential-null-dereference-in-lookup_mount.patch create mode 100644 autofs-5.0.7-fix-several-off-by-one-errors.patch create mode 100644 autofs-5.0.7-fix-spawn_umount-return-check-in-mount_bind-lookup_init.patch create mode 100644 autofs-5.0.7-probe-each-nfs-version-in-turn-for-singleton-mounts.patch create mode 100644 autofs-5.0.7-recheck-valid-map-entry-lookup-return-in-do_readmap_mount.patch create mode 100644 autofs-5.0.7-remove-debug-only-code-in-alarm-c.patch diff --git a/autofs-5.0.7-add-changlog-entry-for-coverity-fixes.patch b/autofs-5.0.7-add-changlog-entry-for-coverity-fixes.patch new file mode 100644 index 0000000..a628512 --- /dev/null +++ b/autofs-5.0.7-add-changlog-entry-for-coverity-fixes.patch @@ -0,0 +1,48 @@ +autofs-5.0.7 - add changlog entry for coverity fixes + +From: Ian Kent + +A bunch of changes have been made based on a Covarity report. +Mostly I pust the changes into seperate patches so they can be kept simple. + +Changes: +- fix fcntl return check. +- fix spawn_umount() return check in mount_bind.c:lookup_init(). +- fix check mkdir_path() in mount_bind.c:mount_mount(). +- fix incorrect var name in test. +- remove debug only code in alarm.c. +- fix inconsistent use of cache lock in handle_packet_missing_direct(). +- fix several off by one errors. +- fix memory leak in get_dc_list(). +- fix host_addr null reference in add_new_host(). +- add null check in read_one(). +- add pgrp check in do_spawn(). +- fix inconsistent signed usage for __rpc_ping(). +- add null check in extract_version(). +- recheck valid map entry lookup return in do_readmap_mount(). +- add null check in parse_server_string(). +- add map entry null check in do_expire_direct(). +- add mapent null check in lookup_nisplus.c:lookup_mount(). +- fix potential null dereference in lookup_mount(). +- fix leaked ldap percent hack allocation in lookup_one(). +- fix incorrect value reference in parse_line(). +- add debug alert for waitpid in check_nfs_mount_version(). +- add initialization of bind_result in-do_sasl_bind(). +- fix incorrect check in flag_is_owned(). +- fix possible use after free in lookup_dir.c:lookup_init(). +--- + CHANGELOG | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/CHANGELOG b/CHANGELOG +index 48e9806..25179b1 100644 +--- a/CHANGELOG ++++ b/CHANGELOG +@@ -49,6 +49,7 @@ + - fix master map bogus keywork match. + - fix fix map entry duplicate offset detection. + - probe each nfs version in turn for singleton mounts. ++- add changlog entry for coverity fixes. + + 25/07/2012 autofs-5.0.7 + ======================= diff --git a/autofs-5.0.7-add-debug-alert-for-waitpid-in-check_nfs_mount_version.patch b/autofs-5.0.7-add-debug-alert-for-waitpid-in-check_nfs_mount_version.patch new file mode 100644 index 0000000..e8c239e --- /dev/null +++ b/autofs-5.0.7-add-debug-alert-for-waitpid-in-check_nfs_mount_version.patch @@ -0,0 +1,24 @@ +autofs-5.0.7 - add debug alert for waitpid in check_nfs_mount_version() + +From: Ian Kent + +We don't really case if there's no process to wait for but add a debug +log alert for information. +--- + lib/mounts.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/lib/mounts.c b/lib/mounts.c +index 7b959b8..a6f560e 100644 +--- a/lib/mounts.c ++++ b/lib/mounts.c +@@ -287,7 +287,8 @@ int check_nfs_mount_version(struct nfs_mount_vers *vers, + ret = 0; + } + +- if (waitpid(f, &status, 0) != f) ; ++ if (waitpid(f, &status, 0) != f) ++ debug(LOGOPT_NONE, "no process found to wait for"); + + pthread_sigmask(SIG_SETMASK, &oldsig, NULL); + pthread_setcancelstate(cancel_state, NULL); diff --git a/autofs-5.0.7-add-initialization-of-bind_result-in.patch-do_sasl_bind.patch b/autofs-5.0.7-add-initialization-of-bind_result-in.patch-do_sasl_bind.patch new file mode 100644 index 0000000..0066b9b --- /dev/null +++ b/autofs-5.0.7-add-initialization-of-bind_result-in.patch-do_sasl_bind.patch @@ -0,0 +1,23 @@ +autofs-5.0.7 - add initialization of bind_result in-do_sasl_bind() + +From: Ian Kent + +There is an unlikley code path where bind_result could be used uninitialized +so initialize it so it isn't incorrectly used if it has rubish in it. +--- + modules/cyrus-sasl.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/modules/cyrus-sasl.c b/modules/cyrus-sasl.c +index b456333..68f9242 100644 +--- a/modules/cyrus-sasl.c ++++ b/modules/cyrus-sasl.c +@@ -210,7 +210,7 @@ int + do_sasl_bind(unsigned logopt, LDAP *ld, sasl_conn_t *conn, const char **clientout, + unsigned int *clientoutlen, const char *auth_mech, int sasl_result) + { +- int ret, msgid, bind_result; ++ int ret, msgid, bind_result = LDAP_OTHER; + struct berval client_cred, *server_cred, temp_cred; + LDAPMessage *results; + int have_data, expected_data; diff --git a/autofs-5.0.7-add-map-entry-null-check-in-do_expire_direct.patch b/autofs-5.0.7-add-map-entry-null-check-in-do_expire_direct.patch new file mode 100644 index 0000000..165eec5 --- /dev/null +++ b/autofs-5.0.7-add-map-entry-null-check-in-do_expire_direct.patch @@ -0,0 +1,25 @@ +autofs-5.0.7 - add map entry null check in do_expire_direct() + +From: Ian Kent + +Since we've seen a mount failure for this map entry it should exist +but add a null check in case it's been removed while we waited on +the lock. +--- + daemon/direct.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/daemon/direct.c b/daemon/direct.c +index 399ad0a..f85e1b5 100644 +--- a/daemon/direct.c ++++ b/daemon/direct.c +@@ -1019,7 +1019,8 @@ static void *do_expire_direct(void *arg) + struct mapent *me; + cache_writelock(mt.mc); + me = cache_lookup_distinct(mt.mc, mt.name); +- me->ioctlfd = -1; ++ if (me) ++ me->ioctlfd = -1; + cache_unlock(mt.mc); + ops->send_ready(ap->logopt, mt.ioctlfd, mt.wait_queue_token); + ops->close(ap->logopt, mt.ioctlfd); diff --git a/autofs-5.0.7-add-mapent-null-check-in-lookup-nisplus-lookup_mount.patch b/autofs-5.0.7-add-mapent-null-check-in-lookup-nisplus-lookup_mount.patch new file mode 100644 index 0000000..9cda9df --- /dev/null +++ b/autofs-5.0.7-add-mapent-null-check-in-lookup-nisplus-lookup_mount.patch @@ -0,0 +1,24 @@ +autofs-5.0.7 - add mapent null check in lookup_nisplus.c:lookup_mount() + +From: Ian Kent + +malloc(3) could return null under low memory conditions, add a null check +for this case. +--- + modules/lookup_nisplus.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/modules/lookup_nisplus.c b/modules/lookup_nisplus.c +index 8237a1e..ef942a7 100644 +--- a/modules/lookup_nisplus.c ++++ b/modules/lookup_nisplus.c +@@ -584,7 +584,8 @@ int lookup_mount(struct autofs_point *ap, const char *name, int name_len, void * + if (me && (me->source == source || *me->key == '/')) { + mapent_len = strlen(me->mapent); + mapent = malloc(mapent_len + 1); +- strcpy(mapent, me->mapent); ++ if (mapent) ++ strcpy(mapent, me->mapent); + } + } + cache_unlock(mc); diff --git a/autofs-5.0.7-add-null-check-in-extract_version.patch b/autofs-5.0.7-add-null-check-in-extract_version.patch new file mode 100644 index 0000000..93bd2ac --- /dev/null +++ b/autofs-5.0.7-add-null-check-in-extract_version.patch @@ -0,0 +1,23 @@ +autofs-5.0.7 - add null check in extract_version() + +From: Ian Kent + +A space should always be found in the passed in string but a check +should be done in case it isn't. +--- + lib/mounts.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/lib/mounts.c b/lib/mounts.c +index 0caa0aa..7b959b8 100644 +--- a/lib/mounts.c ++++ b/lib/mounts.c +@@ -168,6 +168,8 @@ unsigned int get_kver_minor(void) + static int extract_version(char *start, struct nfs_mount_vers *vers) + { + char *s_ver = strchr(start, ' '); ++ if (!s_ver) ++ return 0; + while (*s_ver && !isdigit(*s_ver)) { + s_ver++; + if (!*s_ver) diff --git a/autofs-5.0.7-add-null-check-in-parse_server_string.patch b/autofs-5.0.7-add-null-check-in-parse_server_string.patch new file mode 100644 index 0000000..e5a0adb --- /dev/null +++ b/autofs-5.0.7-add-null-check-in-parse_server_string.patch @@ -0,0 +1,26 @@ +autofs-5.0.7 - add null check in parse_server_string() + +From: Ian Kent + +Add an error check for the case there's no ':' server name delimiter in +parse_server_string(). +--- + modules/lookup_ldap.c | 5 +++++ + 1 file changed, 5 insertions(+) + +diff --git a/modules/lookup_ldap.c b/modules/lookup_ldap.c +index 17cbe9a..a59de92 100644 +--- a/modules/lookup_ldap.c ++++ b/modules/lookup_ldap.c +@@ -1212,6 +1212,11 @@ static int parse_server_string(unsigned logopt, const char *url, struct lookup_c + /* Isolate the server. Include the port spec */ + if (*ptr != '[') + q = strchr(ptr, ':'); ++ if (!q) { ++ crit(logopt, MODPREFIX ++ "LDAP server name not found in %s", ptr); ++ return 0; ++ } + else { + q = ++ptr; + while (*q == ':' || isxdigit(*q)) diff --git a/autofs-5.0.7-add-null-check-in-read_one.patch b/autofs-5.0.7-add-null-check-in-read_one.patch new file mode 100644 index 0000000..a830bc9 --- /dev/null +++ b/autofs-5.0.7-add-null-check-in-read_one.patch @@ -0,0 +1,26 @@ +autofs-5.0.7 - add null check in read_one() + +From: Ian Kent + +The pointter p shouldn't be null here but add a chack anyway. +--- + modules/lookup_file.c | 6 ++++-- + 1 file changed, 4 insertions(+), 2 deletions(-) + +diff --git a/modules/lookup_file.c b/modules/lookup_file.c +index 65e5ee6..2836996 100644 +--- a/modules/lookup_file.c ++++ b/modules/lookup_file.c +@@ -302,8 +302,10 @@ static int read_one(unsigned logopt, FILE *f, char *key, unsigned int *k_len, ch + if (gotten == got_real || gotten == getting) + goto got_it; + } else if (mapent_len < MAPENT_MAX_LEN) { +- mapent_len++; +- *(p++) = ch; ++ if (p) { ++ mapent_len++; ++ *(p++) = ch; ++ } + nch = getc(f); + if (nch == EOF && + (gotten == got_real || gotten == getting)) diff --git a/autofs-5.0.7-add-pgrp-check-in-do_spawn.patch b/autofs-5.0.7-add-pgrp-check-in-do_spawn.patch new file mode 100644 index 0000000..6674f6d --- /dev/null +++ b/autofs-5.0.7-add-pgrp-check-in-do_spawn.patch @@ -0,0 +1,23 @@ +autofs-5.0.7 - add pgrp check in do_spawn() + +From: Ian Kent + +The process group should never be negative here but add a check anyway. +--- + daemon/spawn.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/daemon/spawn.c b/daemon/spawn.c +index 9b8d5a2..abb353a 100644 +--- a/daemon/spawn.c ++++ b/daemon/spawn.c +@@ -201,7 +201,8 @@ static int do_spawn(unsigned logopt, unsigned int wait, + + seteuid(0); + setegid(0); +- setpgid(0, pgrp); ++ if (pgrp >= 0) ++ setpgid(0, pgrp); + } + + execv(prog, (char *const *) argv); diff --git a/autofs-5.0.7-fix-check-mkdir_path-in-mount_bind-mount_mount.patch b/autofs-5.0.7-fix-check-mkdir_path-in-mount_bind-mount_mount.patch new file mode 100644 index 0000000..74ba6aa --- /dev/null +++ b/autofs-5.0.7-fix-check-mkdir_path-in-mount_bind-mount_mount.patch @@ -0,0 +1,27 @@ +autofs-5.0.7 - fix check mkdir_path() in mount_bind.c:mount_mount() + +From: Ian Kent + + +--- + modules/mount_bind.c | 7 ++++++- + 1 file changed, 6 insertions(+), 1 deletion(-) + +diff --git a/modules/mount_bind.c b/modules/mount_bind.c +index d6c6fe7..61a773c 100644 +--- a/modules/mount_bind.c ++++ b/modules/mount_bind.c +@@ -209,7 +209,12 @@ int mount_mount(struct autofs_point *ap, const char *root, const char *name, int + "failed to create local mount %s -> %s", + fullpath, what); + if (ap->flags & MOUNT_FLAG_GHOST && !status) +- mkdir_path(fullpath, 0555); ++ if (mkdir_path(fullpath, 0555) && errno != EEXIST) { ++ char *estr = strerror_r(errno, buf, MAX_ERR_BUF); ++ error(ap->logopt, ++ MODPREFIX "mkdir_path %s failed: %s", ++ fullpath, estr); ++ } + else { + if (ap->type == LKP_INDIRECT) + rmdir_path(ap, fullpath, ap->dev); diff --git a/autofs-5.0.7-fix-fcntl-return-check.patch b/autofs-5.0.7-fix-fcntl-return-check.patch new file mode 100644 index 0000000..ebe9ea8 --- /dev/null +++ b/autofs-5.0.7-fix-fcntl-return-check.patch @@ -0,0 +1,25 @@ +autofs-5.0.7 - fix fcntl return check + +From: Ian Kent + +When checking for FD_CLOEXEC support the return of the fcntl(2) call to +get the file descriptor flags is not checked which could result in an +incorrect result. +--- + include/automount.h | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/include/automount.h b/include/automount.h +index e72fa0d..6ced842 100644 +--- a/include/automount.h ++++ b/include/automount.h +@@ -547,7 +547,8 @@ static inline void check_cloexec(int fd) + { + if (cloexec_works == 0) { + int fl = fcntl(fd, F_GETFD); +- cloexec_works = (fl & FD_CLOEXEC) ? 1 : -1; ++ if (fl != -1) ++ cloexec_works = (fl & FD_CLOEXEC) ? 1 : -1; + } + if (cloexec_works > 0) + return; diff --git a/autofs-5.0.7-fix-fix-map-entry-duplicate-offset-detection.patch b/autofs-5.0.7-fix-fix-map-entry-duplicate-offset-detection.patch new file mode 100644 index 0000000..82092c0 --- /dev/null +++ b/autofs-5.0.7-fix-fix-map-entry-duplicate-offset-detection.patch @@ -0,0 +1,37 @@ +autofs-5.0.7 - fix fix map entry duplicate offset detection + +From: Ian Kent + +Map entry duplicate detection was still broken. +This hopefully will fix it, at least the Conectathon duplicate offset entry +tests pass now. +--- + CHANGELOG | 1 + + lib/cache.c | 2 +- + 2 files changed, 2 insertions(+), 1 deletion(-) + +diff --git a/CHANGELOG b/CHANGELOG +index e15aa1f..39d7889 100644 +--- a/CHANGELOG ++++ b/CHANGELOG +@@ -47,6 +47,7 @@ + - dont probe rdma mounts. + - fix master map mount options matching. + - fix master map bogus keywork match. ++- fix fix map entry duplicate offset detection. + + 25/07/2012 autofs-5.0.7 + ======================= +diff --git a/lib/cache.c b/lib/cache.c +index 1e05a99..ecace4a 100644 +--- a/lib/cache.c ++++ b/lib/cache.c +@@ -659,7 +659,7 @@ int cache_update_offset(struct mapent_cache *mc, const char *mkey, const char *k + + me = cache_lookup_distinct(mc, key); + if (me && me->age == age) { +- if (me->multi == owner) ++ if (me == owner || strcmp(me->key, key) == 0) + return CHE_DUPLICATE; + } + diff --git a/autofs-5.0.7-fix-host_addr-null-reference-in-add_new_host.patch b/autofs-5.0.7-fix-host_addr-null-reference-in-add_new_host.patch new file mode 100644 index 0000000..45bd53f --- /dev/null +++ b/autofs-5.0.7-fix-host_addr-null-reference-in-add_new_host.patch @@ -0,0 +1,55 @@ +autofs-5.0.7 - fix host_addr null reference in add_new_host() + +From: Ian Kent + +The function add_new_host() is always called from a loop that depends +on host_addr being non-null. + +Remove the redundant check. +--- + modules/replicated.c | 29 ++++++++++------------------- + 1 file changed, 10 insertions(+), 19 deletions(-) + +diff --git a/modules/replicated.c b/modules/replicated.c +index 0a044b9..e793ca4 100644 +--- a/modules/replicated.c ++++ b/modules/replicated.c +@@ -1030,28 +1030,19 @@ static int add_new_host(struct host **list, + unsigned int prx; + int addr_len; + ++ prx = get_proximity(host_addr->ai_addr); ++ + /* +- * If we are using random selection we pretend all hosts are at +- * the same proximity so hosts further away don't get excluded. +- * We can't use PROXIMITY_LOCAL or we won't perform an RPC ping +- * to remove hosts that may be down. ++ * If we want the weight to be the determining factor ++ * when selecting a host, or we are using random selection, ++ * then all hosts must have the same proximity. However, ++ * if this is the local machine it should always be used ++ * since it is certainly available. + */ +- if (!host_addr) ++ if (prx != PROXIMITY_LOCAL && ++ (options & (MOUNT_FLAG_USE_WEIGHT_ONLY | ++ MOUNT_FLAG_RANDOM_SELECT))) + prx = PROXIMITY_SUBNET; +- else { +- prx = get_proximity(host_addr->ai_addr); +- /* +- * If we want the weight to be the determining factor +- * when selecting a host, or we are using random selection, +- * then all hosts must have the same proximity. However, +- * if this is the local machine it should always be used +- * since it is certainly available. +- */ +- if (prx != PROXIMITY_LOCAL && +- (options & (MOUNT_FLAG_USE_WEIGHT_ONLY | +- MOUNT_FLAG_RANDOM_SELECT))) +- prx = PROXIMITY_SUBNET; +- } + + /* + * If we tried to add an IPv6 address and we don't have IPv6 diff --git a/autofs-5.0.7-fix-inconsistent-signed-usage-for-__rpc_ping.patch b/autofs-5.0.7-fix-inconsistent-signed-usage-for-__rpc_ping.patch new file mode 100644 index 0000000..661685f --- /dev/null +++ b/autofs-5.0.7-fix-inconsistent-signed-usage-for-__rpc_ping.patch @@ -0,0 +1,41 @@ +autofs-5.0.7 - fix inconsistent signed usage for __rpc_ping() + +From: Ian Kent + +There is some incosistent usage of unsigned int variables with the usage +of __rpc_ping(). +--- + lib/rpc_subs.c | 12 +++++------- + 1 file changed, 5 insertions(+), 7 deletions(-) + +diff --git a/lib/rpc_subs.c b/lib/rpc_subs.c +index 718caf9..f5742e8 100644 +--- a/lib/rpc_subs.c ++++ b/lib/rpc_subs.c +@@ -670,13 +670,11 @@ int rpc_ping_proto(struct conn_info *info) + return 1; + } + +-static unsigned int __rpc_ping(const char *host, +- unsigned long version, +- int proto, +- long seconds, long micros, +- unsigned int option) ++static int __rpc_ping(const char *host, ++ unsigned long version, int proto, ++ long seconds, long micros, unsigned int option) + { +- unsigned int status; ++ int status; + struct conn_info info; + struct pmap parms; + +@@ -713,7 +711,7 @@ int rpc_ping(const char *host, long seconds, long micros, unsigned int option) + { + unsigned long vers3 = NFS3_VERSION; + unsigned long vers2 = NFS2_VERSION; +- unsigned int status; ++ int status; + + status = __rpc_ping(host, vers2, IPPROTO_UDP, seconds, micros, option); + if (status > 0) diff --git a/autofs-5.0.7-fix-inconsistent-use-of-cache-lock-in-handle_packet_missing_direct.patch b/autofs-5.0.7-fix-inconsistent-use-of-cache-lock-in-handle_packet_missing_direct.patch new file mode 100644 index 0000000..9d59e34 --- /dev/null +++ b/autofs-5.0.7-fix-inconsistent-use-of-cache-lock-in-handle_packet_missing_direct.patch @@ -0,0 +1,23 @@ +autofs-5.0.7 - fix inconsistent use of cache lock in handle_packet_missing_direct() + +From: Ian Kent + +All references here except this one refer to the same variable so change the odd +one out for consistency. +--- + daemon/direct.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/daemon/direct.c b/daemon/direct.c +index 228a666..399ad0a 100644 +--- a/daemon/direct.c ++++ b/daemon/direct.c +@@ -1392,7 +1392,7 @@ int handle_packet_missing_direct(struct autofs_point *ap, autofs_packet_missing_ + ops->send_fail(ap->logopt, + ioctlfd, pkt->wait_queue_token, -ENOENT); + ops->close(ap->logopt, ioctlfd); +- cache_unlock(me->mc); ++ cache_unlock(mc); + master_source_unlock(ap->entry); + master_mutex_unlock(); + pthread_setcancelstate(state, NULL); diff --git a/autofs-5.0.7-fix-incorrect-check-in-flag_is_owned.patch b/autofs-5.0.7-fix-incorrect-check-in-flag_is_owned.patch new file mode 100644 index 0000000..63312f8 --- /dev/null +++ b/autofs-5.0.7-fix-incorrect-check-in-flag_is_owned.patch @@ -0,0 +1,30 @@ +autofs-5.0.7 - fix incorrect check in flag_is_owned() + +From: Ian Kent + +The flag file code isn't used any more but this is clearly incorrect +so fix it in case it gets used sometime in the future. +--- + daemon/flag.c | 7 +++---- + 1 file changed, 3 insertions(+), 4 deletions(-) + +diff --git a/daemon/flag.c b/daemon/flag.c +index f8fe163..db9a4bd 100644 +--- a/daemon/flag.c ++++ b/daemon/flag.c +@@ -66,12 +66,11 @@ static int flag_is_owned(int fd) + + continue; + } +- +- /* Stale flagfile */ +- if (!tries) +- return 0; + } + ++ /* Stale flagfile */ ++ if (!tries) ++ return 0; + + if (pid) { + int ret; diff --git a/autofs-5.0.7-fix-incorrect-name-in-test.patch b/autofs-5.0.7-fix-incorrect-name-in-test.patch new file mode 100644 index 0000000..bce7c45 --- /dev/null +++ b/autofs-5.0.7-fix-incorrect-name-in-test.patch @@ -0,0 +1,22 @@ +autofs-5.0.7 - fix incorrect var name in test + +From: Ian Kent + +Fix incorrect variable name used for test of buffer size for getgrgid_r. +--- + lib/mounts.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/lib/mounts.c b/lib/mounts.c +index 550445c..0caa0aa 100644 +--- a/lib/mounts.c ++++ b/lib/mounts.c +@@ -1222,7 +1222,7 @@ void set_tsd_user_vars(unsigned int logopt, uid_t uid, gid_t gid) + /* Try to get group info */ + + grplen = sysconf(_SC_GETGR_R_SIZE_MAX); +- if (tmplen < 0) { ++ if (grplen < 0) { + error(logopt, "failed to get buffer size for getgrgid_r"); + goto free_tsv_home; + } diff --git a/autofs-5.0.7-fix-incorrect-value-reference-in-parse_line.patch b/autofs-5.0.7-fix-incorrect-value-reference-in-parse_line.patch new file mode 100644 index 0000000..a9c2031 --- /dev/null +++ b/autofs-5.0.7-fix-incorrect-value-reference-in-parse_line.patch @@ -0,0 +1,22 @@ +autofs-5.0.7 - fix incorrect value reference in parse_line() + +From: Ian Kent + +This chack should clearly be on the contents of key not the pointer value. +--- + lib/defaults.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/lib/defaults.c b/lib/defaults.c +index 1e89509..7c65387 100644 +--- a/lib/defaults.c ++++ b/lib/defaults.c +@@ -167,7 +167,7 @@ static int parse_line(char *line, char **res, char **value) + while (*key && *key == ' ') + key++; + +- if (!key) ++ if (!*key) + return 0; + + if (!(val = strchr(key, '='))) diff --git a/autofs-5.0.7-fix-leaked-ldap-percent-hack-allocation-in-lookup_one.patch b/autofs-5.0.7-fix-leaked-ldap-percent-hack-allocation-in-lookup_one.patch new file mode 100644 index 0000000..d113eea --- /dev/null +++ b/autofs-5.0.7-fix-leaked-ldap-percent-hack-allocation-in-lookup_one.patch @@ -0,0 +1,21 @@ +autofs-5.0.7 - fix leaked ldap percent hack allocation in lookup_one() + +From: Ian Kent + +Fix a resource leak when calling the percent hack transforms in lookup_one(). +--- + modules/lookup_ldap.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/modules/lookup_ldap.c b/modules/lookup_ldap.c +index 26481a8..35ea6ea 100644 +--- a/modules/lookup_ldap.c ++++ b/modules/lookup_ldap.c +@@ -2525,6 +2525,7 @@ static int lookup_one(struct autofs_point *ap, + if (enc_len1 != 0) { + enc_len2 = encode_percent_hack(qKey, &enc_key2, 1); + if (enc_len2 < 0) { ++ free(enc_key1); + crit(ap->logopt, + "could not use percent hack encode key %s", + qKey); diff --git a/autofs-5.0.7-fix-master-map-bogus-keywork-match.patch b/autofs-5.0.7-fix-master-map-bogus-keywork-match.patch new file mode 100644 index 0000000..7c003ff --- /dev/null +++ b/autofs-5.0.7-fix-master-map-bogus-keywork-match.patch @@ -0,0 +1,62 @@ +autofs-5.0.7 - fix master map bogus keywork match + +From: Ian Kent + +If we have a map name in the master map that ends with a keyword +of one of the map types or "multi" we mistakenly match the trailing +white space and include that in the map name. This has to be wrong +since we can't handle quoting in the master map and embedded white +space must be escaped. It would be good if we handled quoted strings +but that has proven a bit of a nightmare so far for the current +tokenizer. +--- + CHANGELOG | 1 + + lib/master_tok.l | 16 ++++++++++++++++ + 2 files changed, 17 insertions(+) + +diff --git a/CHANGELOG b/CHANGELOG +index 00eaff2..e15aa1f 100644 +--- a/CHANGELOG ++++ b/CHANGELOG +@@ -46,6 +46,7 @@ + - fix interface address null check. + - dont probe rdma mounts. + - fix master map mount options matching. ++- fix master map bogus keywork match. + + 25/07/2012 autofs-5.0.7 + ======================= +diff --git a/lib/master_tok.l b/lib/master_tok.l +index 8d1f1a2..a55cc76 100644 +--- a/lib/master_tok.l ++++ b/lib/master_tok.l +@@ -202,6 +202,14 @@ OPTNTOUT (-n{OPTWS}|-n{OPTWS}={OPTWS}|--negative-timeout{OPTWS}|--negative-timeo + {MULTI} { + tlen = master_leng - 1; + if (bptr != buff && isblank(master_text[tlen])) { ++ /* ++ * We can't handle unescaped white space in map names ++ * so just eat the white space. We always have the ++ * "multi" at the beginning of the string so the while ++ * will not fall off the end. ++ */ ++ while (isblank(master_text[tlen - 1])) ++ tlen--; + strncat(buff, master_text, tlen); + bptr += tlen; + yyless(tlen); +@@ -216,6 +224,14 @@ OPTNTOUT (-n{OPTWS}|-n{OPTWS}={OPTWS}|--negative-timeout{OPTWS}|--negative-timeo + {MTYPE}/{DNATTRSTR}= { + tlen = master_leng - 1; + if (bptr != buff && isblank(master_text[tlen])) { ++ /* ++ * We can't handle unescaped white space in map names ++ * so just eat the white space. We always have the ++ * maptype keyword at the beginning of the string so ++ * the while will not fall off the end. ++ */ ++ while (isblank(master_text[tlen - 1])) ++ tlen--; + strncat(buff, master_text, tlen); + bptr += tlen; + yyless(tlen); diff --git a/autofs-5.0.7-fix-master-map-mount-options-matching.patch b/autofs-5.0.7-fix-master-map-mount-options-matching.patch new file mode 100644 index 0000000..a360618 --- /dev/null +++ b/autofs-5.0.7-fix-master-map-mount-options-matching.patch @@ -0,0 +1,43 @@ +autofs-5.0.7 - fix master map mount options matching + +From: Ian Kent + +The master map options pattern matching is fairly primitive since it +doesn't need to be very sophisticated. The current mount option pattern +matching can't match mount options with quotes or embedded colons and so +it can't pass these options through as a global options string. + +But it must be able to match a fairly large class of strings, including +the above case, so they can be passed through as global options. Of +course it can't try and validate them since it can't know what mount type +they may be used with. +--- + CHANGELOG | 1 + + lib/master_tok.l | 2 +- + 2 files changed, 2 insertions(+), 1 deletion(-) + +diff --git a/CHANGELOG b/CHANGELOG +index 1156cc9..00eaff2 100644 +--- a/CHANGELOG ++++ b/CHANGELOG +@@ -45,6 +45,7 @@ + - add enable sloppy mount option to configure. + - fix interface address null check. + - dont probe rdma mounts. ++- fix master map mount options matching. + + 25/07/2012 autofs-5.0.7 + ======================= +diff --git a/lib/master_tok.l b/lib/master_tok.l +index f9b4e55..8d1f1a2 100644 +--- a/lib/master_tok.l ++++ b/lib/master_tok.l +@@ -91,7 +91,7 @@ OPTWS [[:blank:]]* + NL \r?\n + CONT \\\n{OPTWS} + +-OPTIONSTR ([\-]?([[:alpha:]_]([[:alnum:]_\-])*(=([[:alnum:]_\-])+)*)+) ++OPTIONSTR ([\-]?([[:alpha:]_]([[:alnum:]_\-])*(=(\"?([[:alnum:]_\-\:])+\"?))?)+) + MACROSTR (-D{OPTWS}([[:alpha:]_]([[:alnum:]_\-\.])*)=([[:alnum:]_\-\.])+) + SLASHIFYSTR (--(no-)?slashify-colons) + NUMBER [0-9]+ diff --git a/autofs-5.0.7-fix-memory-leak-in-get_dc_list.patch b/autofs-5.0.7-fix-memory-leak-in-get_dc_list.patch new file mode 100644 index 0000000..01a9236 --- /dev/null +++ b/autofs-5.0.7-fix-memory-leak-in-get_dc_list.patch @@ -0,0 +1,30 @@ +autofs-5.0.7 - fix memory leak in get_dc_list() + +From: Ian Kent + +In get_dc_list() if an invalid port is found the allocated list storage +isn't freed on the error exit. +--- + modules/dclist.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/modules/dclist.c b/modules/dclist.c +index d16b913..af21ce0 100644 +--- a/modules/dclist.c ++++ b/modules/dclist.c +@@ -536,6 +536,7 @@ struct dclist *get_dc_list(unsigned int logopt, const char *uri) + else + strcat(tmp, " "); + ++ list = NULL; + for (i = 0; i < numdcs; i++) { + if (i > 0) + strcat(tmp, " "); +@@ -549,6 +550,7 @@ struct dclist *get_dc_list(unsigned int logopt, const char *uri) + error(logopt, + "invalid port: %u", dcs[i].port); + free_srv_rrs(dcs, numdcs); ++ free(tmp); + goto out_error; + } + strcat(tmp, port); diff --git a/autofs-5.0.7-fix-possible-use-after-free-in-lookup_dir-lookup_init.patch b/autofs-5.0.7-fix-possible-use-after-free-in-lookup_dir-lookup_init.patch new file mode 100644 index 0000000..99aef1f --- /dev/null +++ b/autofs-5.0.7-fix-possible-use-after-free-in-lookup_dir-lookup_init.patch @@ -0,0 +1,21 @@ +autofs-5.0.7 - fix possible use after free in lookup_dir.c:lookup_init() + +From: Ian Kent + +Add a missing error return in lookup_dir.c:lookup_init(). +--- + modules/lookup_dir.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/modules/lookup_dir.c b/modules/lookup_dir.c +index 07471b7..cbeda1f 100644 +--- a/modules/lookup_dir.c ++++ b/modules/lookup_dir.c +@@ -98,6 +98,7 @@ int lookup_init(const char *mapfmt, int argc, const char *const *argv, void **co + free(ctxt); + warn(LOGOPT_NONE, MODPREFIX + "dir map %s, is not a directory", argv[0]); ++ return 1; + } + + *context = ctxt; diff --git a/autofs-5.0.7-fix-potential-null-dereference-in-lookup_mount.patch b/autofs-5.0.7-fix-potential-null-dereference-in-lookup_mount.patch new file mode 100644 index 0000000..d0b33ad --- /dev/null +++ b/autofs-5.0.7-fix-potential-null-dereference-in-lookup_mount.patch @@ -0,0 +1,157 @@ +autofs-5.0.7 - fix potential null dereference in lookup_mount() + +From: Ian Kent + +Updating a negative cache entry should always find an entry but the entry +lookup return isn't checked and probably should be. + +Since this code is duplicated in several modules add it as a function to +the cache handling code. +--- + include/automount.h | 1 + + lib/cache.c | 20 ++++++++++++++++++++ + modules/lookup_file.c | 11 +---------- + modules/lookup_ldap.c | 12 +----------- + modules/lookup_sss.c | 12 +----------- + modules/lookup_yp.c | 12 ++---------- + 6 files changed, 26 insertions(+), 42 deletions(-) + +diff --git a/include/automount.h b/include/automount.h +index 6ced842..71787a5 100644 +--- a/include/automount.h ++++ b/include/automount.h +@@ -189,6 +189,7 @@ struct mapent *cache_lookup_offset(const char *prefix, const char *offset, int s + struct mapent *cache_partial_match(struct mapent_cache *mc, const char *prefix); + int cache_add(struct mapent_cache *mc, struct map_source *ms, const char *key, const char *mapent, time_t age); + int cache_update_offset(struct mapent_cache *mc, const char *mkey, const char *key, const char *mapent, time_t age); ++void cache_update_negative(struct mapent_cache *mc, struct map_source *ms, const char *key, time_t timeout); + int cache_set_parents(struct mapent *mm); + int cache_update(struct mapent_cache *mc, struct map_source *ms, const char *key, const char *mapent, time_t age); + int cache_delete(struct mapent_cache *mc, const char *key); +diff --git a/lib/cache.c b/lib/cache.c +index ecace4a..be4917b 100644 +--- a/lib/cache.c ++++ b/lib/cache.c +@@ -680,6 +680,26 @@ done: + return ret; + } + ++void cache_update_negative(struct mapent_cache *mc, ++ struct map_source *ms, const char *key, ++ time_t timeout) ++{ ++ time_t now = time(NULL); ++ struct mapent *me; ++ int rv = CHE_OK; ++ ++ me = cache_lookup_distinct(mc, key); ++ if (!me) ++ rv = cache_update(mc, ms, key, NULL, now); ++ if (rv != CHE_FAIL) { ++ me = cache_lookup_distinct(mc, key); ++ if (me) ++ me->status = now + timeout; ++ } ++ return; ++} ++ ++ + static struct mapent *get_parent(const char *key, struct list_head *head, struct list_head **pos) + { + struct list_head *next; +diff --git a/modules/lookup_file.c b/modules/lookup_file.c +index 2836996..4b4ee89 100644 +--- a/modules/lookup_file.c ++++ b/modules/lookup_file.c +@@ -1130,17 +1130,8 @@ do_cache_lookup: + ret = ctxt->parse->parse_mount(ap, key, key_len, + mapent, ctxt->parse->context); + if (ret) { +- time_t now = time(NULL); +- int rv = CHE_OK; +- + cache_writelock(mc); +- me = cache_lookup_distinct(mc, key); +- if (!me) +- rv = cache_update(mc, source, key, NULL, now); +- if (rv != CHE_FAIL) { +- me = cache_lookup_distinct(mc, key); +- me->status = now + ap->negative_timeout; +- } ++ cache_update_negative(mc, source, key, ap->negative_timeout); + cache_unlock(mc); + return NSS_STATUS_TRYAGAIN; + } +diff --git a/modules/lookup_ldap.c b/modules/lookup_ldap.c +index a59de92..26481a8 100644 +--- a/modules/lookup_ldap.c ++++ b/modules/lookup_ldap.c +@@ -3011,18 +3011,8 @@ int lookup_mount(struct autofs_point *ap, const char *name, int name_len, void * + ret = ctxt->parse->parse_mount(ap, key, key_len, + mapent, ctxt->parse->context); + if (ret) { +- time_t now = time(NULL); +- int rv = CHE_OK; +- +- /* Record the the mount fail in the cache */ + cache_writelock(mc); +- me = cache_lookup_distinct(mc, key); +- if (!me) +- rv = cache_update(mc, source, key, NULL, now); +- if (rv != CHE_FAIL) { +- me = cache_lookup_distinct(mc, key); +- me->status = now + ap->negative_timeout; +- } ++ cache_update_negative(mc, source, key, ap->negative_timeout); + cache_unlock(mc); + return NSS_STATUS_TRYAGAIN; + } +diff --git a/modules/lookup_sss.c b/modules/lookup_sss.c +index 5c2ed0a..1fe740b 100644 +--- a/modules/lookup_sss.c ++++ b/modules/lookup_sss.c +@@ -672,18 +672,8 @@ int lookup_mount(struct autofs_point *ap, const char *name, int name_len, void * + ret = ctxt->parse->parse_mount(ap, key, key_len, + mapent, ctxt->parse->context); + if (ret) { +- time_t now = time(NULL); +- int rv = CHE_OK; +- +- /* Record the the mount fail in the cache */ + cache_writelock(mc); +- me = cache_lookup_distinct(mc, key); +- if (!me) +- rv = cache_update(mc, source, key, NULL, now); +- if (rv != CHE_FAIL) { +- me = cache_lookup_distinct(mc, key); +- me->status = now + ap->negative_timeout; +- } ++ cache_update_negative(mc, source, key, ap->negative_timeout); + cache_unlock(mc); + return NSS_STATUS_TRYAGAIN; + } +diff --git a/modules/lookup_yp.c b/modules/lookup_yp.c +index a716e1f..e99e3c0 100644 +--- a/modules/lookup_yp.c ++++ b/modules/lookup_yp.c +@@ -698,18 +698,10 @@ int lookup_mount(struct autofs_point *ap, const char *name, int name_len, void * + ret = ctxt->parse->parse_mount(ap, key, key_len, + mapent, ctxt->parse->context); + if (ret) { +- time_t now = time(NULL); +- int rv = CHE_OK; +- + cache_writelock(mc); +- me = cache_lookup_distinct(mc, key); +- if (!me) +- rv = cache_update(mc, source, key, NULL, now); +- if (rv != CHE_FAIL) { +- me = cache_lookup_distinct(mc, key); +- me->status = now + ap->negative_timeout; +- } ++ cache_update_negative(mc, source, key, ap->negative_timeout); + cache_unlock(mc); ++ return NSS_STATUS_TRYAGAIN; + } + } + diff --git a/autofs-5.0.7-fix-several-off-by-one-errors.patch b/autofs-5.0.7-fix-several-off-by-one-errors.patch new file mode 100644 index 0000000..bb94957 --- /dev/null +++ b/autofs-5.0.7-fix-several-off-by-one-errors.patch @@ -0,0 +1,128 @@ +autofs-5.0.7 - fix several off by one errors + +From: Ian Kent + +Fix several off-by-one array reference errors and a couple of short allocation +errors. +--- + daemon/spawn.c | 10 +++++----- + lib/defaults.c | 2 +- + modules/lookup_ldap.c | 8 ++++---- + modules/parse_hesiod.c | 2 +- + modules/parse_sun.c | 2 +- + 5 files changed, 12 insertions(+), 12 deletions(-) + +diff --git a/daemon/spawn.c b/daemon/spawn.c +index 3b4a009..9b8d5a2 100644 +--- a/daemon/spawn.c ++++ b/daemon/spawn.c +@@ -320,7 +320,7 @@ int spawn_mount(unsigned logopt, ...) + unsigned int retries = MTAB_LOCK_RETRIES; + int update_mtab = 1, ret, printed = 0; + unsigned int wait = defaults_get_mount_wait(); +- char buf[PATH_MAX]; ++ char buf[PATH_MAX + 1]; + + /* If we use mount locking we can't validate the location */ + #ifdef ENABLE_MOUNT_LOCKING +@@ -346,7 +346,7 @@ int spawn_mount(unsigned logopt, ...) + } + + /* Alloc 1 extra slot in case we need to use the "-f" option */ +- if (!(argv = alloca(sizeof(char *) * argc + 2))) ++ if (!(argv = alloca(sizeof(char *) * (argc + 2)))) + return -1; + + argv[0] = arg0; +@@ -448,7 +448,7 @@ int spawn_bind_mount(unsigned logopt, ...) + unsigned int options; + unsigned int retries = MTAB_LOCK_RETRIES; + int update_mtab = 1, ret, printed = 0; +- char buf[PATH_MAX]; ++ char buf[PATH_MAX + 1]; + + /* If we use mount locking we can't validate the location */ + #ifdef ENABLE_MOUNT_LOCKING +@@ -477,7 +477,7 @@ int spawn_bind_mount(unsigned logopt, ...) + } + } + +- if (!(argv = alloca(sizeof(char *) * argc + 2))) ++ if (!(argv = alloca(sizeof(char *) * (argc + 2)))) + return -1; + + argv[0] = arg0; +@@ -556,7 +556,7 @@ int spawn_umount(unsigned logopt, ...) + unsigned int retries = MTAB_LOCK_RETRIES; + int update_mtab = 1, ret, printed = 0; + unsigned int wait = defaults_get_umount_wait(); +- char buf[PATH_MAX]; ++ char buf[PATH_MAX + 1]; + + #ifdef ENABLE_MOUNT_LOCKING + options = SPAWN_OPT_LOCK; +diff --git a/lib/defaults.c b/lib/defaults.c +index ae1162f..1e89509 100644 +--- a/lib/defaults.c ++++ b/lib/defaults.c +@@ -227,7 +227,7 @@ void defaults_free_uris(struct list_head *list) + static unsigned int add_uris(char *value, struct list_head *list) + { + char *str, *tok, *ptr = NULL; +- size_t len = strlen(value); ++ size_t len = strlen(value) + 1; + + str = alloca(len); + if (!str) +diff --git a/modules/lookup_ldap.c b/modules/lookup_ldap.c +index 83e3215..17cbe9a 100644 +--- a/modules/lookup_ldap.c ++++ b/modules/lookup_ldap.c +@@ -2234,8 +2234,8 @@ static int do_get_entries(struct ldap_search_params *sp, struct map_source *sour + mapent = new_me; + strcat(mapent, " "); + strncat(mapent, v_val, v_len); +- mapent[new_size] = '\0'; +- mapent_len = new_size; ++ mapent[new_size - 1] = '\0'; ++ mapent_len = new_size - 1; + } else { + char *estr; + estr = strerror_r(errno, buf, sizeof(buf)); +@@ -2723,8 +2723,8 @@ static int lookup_one(struct autofs_point *ap, + mapent = new_me; + strcat(mapent, " "); + strncat(mapent, v_val, v_len); +- mapent[new_size] = '\0'; +- mapent_len = new_size; ++ mapent[new_size - 1] = '\0'; ++ mapent_len = new_size - 1; + } else { + char *estr; + estr = strerror_r(errno, buf, sizeof(buf)); +diff --git a/modules/parse_hesiod.c b/modules/parse_hesiod.c +index 7a6a57d..237fd50 100644 +--- a/modules/parse_hesiod.c ++++ b/modules/parse_hesiod.c +@@ -117,7 +117,7 @@ static int parse_nfs(struct autofs_point *ap, + p++; + + /* Isolate the remote mountpoint for this NFS fs. */ +- for (i = 0; (!isspace(p[i]) && i < (int) sizeof(mount)); i++) { ++ for (i = 0; (!isspace(p[i]) && i < ((int) sizeof(mount) - 1)); i++) { + if (!p[i]) { + error(ap->logopt, MODPREFIX + "unexpeced end of input looking for NFS " +diff --git a/modules/parse_sun.c b/modules/parse_sun.c +index ae1caf7..c1fc528 100644 +--- a/modules/parse_sun.c ++++ b/modules/parse_sun.c +@@ -1135,7 +1135,7 @@ static int mount_subtree(struct autofs_point *ap, struct mapent *me, + } + ro_len = strlen(ro_loc); + +- tmp = alloca(mnt_root_len + 1); ++ tmp = alloca(mnt_root_len + 2); + strcpy(tmp, mnt_root); + tmp[mnt_root_len] = '/'; + tmp[mnt_root_len + 1] = '\0'; diff --git a/autofs-5.0.7-fix-spawn_umount-return-check-in-mount_bind-lookup_init.patch b/autofs-5.0.7-fix-spawn_umount-return-check-in-mount_bind-lookup_init.patch new file mode 100644 index 0000000..2d02023 --- /dev/null +++ b/autofs-5.0.7-fix-spawn_umount-return-check-in-mount_bind-lookup_init.patch @@ -0,0 +1,23 @@ +autofs-5.0.7 - fix spawn_umount() return check in mount_bind.c:lookup_init() + +From: Ian Kent + +Check return of spawn_umount() and report it if it fails. +--- + modules/mount_bind.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/modules/mount_bind.c b/modules/mount_bind.c +index 4975294..d6c6fe7 100644 +--- a/modules/mount_bind.c ++++ b/modules/mount_bind.c +@@ -57,7 +57,8 @@ int mount_init(void **context) + bind_works = 1; + } + +- spawn_umount(LOGOPT_NONE, "-n", t2_dir, NULL); ++ if (spawn_umount(LOGOPT_NONE, "-n", t2_dir, NULL) != 0) ++ debug(LOGOPT_ANY, MODPREFIX "umount failed for %s", t2_dir); + + out: + rmdir(t1_dir); diff --git a/autofs-5.0.7-probe-each-nfs-version-in-turn-for-singleton-mounts.patch b/autofs-5.0.7-probe-each-nfs-version-in-turn-for-singleton-mounts.patch new file mode 100644 index 0000000..9b86306 --- /dev/null +++ b/autofs-5.0.7-probe-each-nfs-version-in-turn-for-singleton-mounts.patch @@ -0,0 +1,104 @@ +autofs-5.0.7 - probe each nfs version in turn for singleton mounts + +From: Ian Kent + + +--- + CHANGELOG | 1 + + include/replicated.h | 2 ++ + modules/mount_nfs.c | 35 ++++++++++++++++++++++++++++++++++- + modules/replicated.c | 8 ++++---- + 4 files changed, 41 insertions(+), 5 deletions(-) + +diff --git a/CHANGELOG b/CHANGELOG +index 39d7889..48e9806 100644 +--- a/CHANGELOG ++++ b/CHANGELOG +@@ -48,6 +48,7 @@ + - fix master map mount options matching. + - fix master map bogus keywork match. + - fix fix map entry duplicate offset detection. ++- probe each nfs version in turn for singleton mounts. + + 25/07/2012 autofs-5.0.7 + ======================= +diff --git a/include/replicated.h b/include/replicated.h +index ff0e7b9..728f131 100644 +--- a/include/replicated.h ++++ b/include/replicated.h +@@ -68,6 +68,8 @@ struct host { + }; + + void seed_random(void); ++struct host *new_host(const char *, struct sockaddr *, size_t, ++ unsigned int, unsigned int, unsigned int); + void free_host_list(struct host **); + int parse_location(unsigned, struct host **, const char *, unsigned int); + int prune_host_list(unsigned, struct host **, unsigned int, int); +diff --git a/modules/mount_nfs.c b/modules/mount_nfs.c +index 5424d74..81ba3ca 100644 +--- a/modules/mount_nfs.c ++++ b/modules/mount_nfs.c +@@ -180,9 +180,42 @@ int mount_mount(struct autofs_point *ap, const char *root, const char *name, int + * We can't probe protocol rdma so leave it to mount.nfs(8) + * and and suffer the delay if a server isn't available. + */ +- if (!rdma) ++ if (rdma) ++ goto dont_probe; ++ ++ /* ++ * If this is a singleton mount, and NFSv4 only hasn't been asked ++ * for, and the default NFS protocol is set to v4 in the autofs ++ * configuration only probe NFSv4 and let mount.nfs(8) do fallback ++ * to NFSv3 (if it can). If the NFSv4 probe fails then probe as ++ * normal. ++ */ ++ if (!hosts->next && ++ mount_default_proto == 4 && ++ vers & NFS_VERS_MASK != 0 && ++ vers & NFS4_VERS_MASK != 0) { ++ unsigned int v4_probe_ok = 0; ++ struct host *tmp = new_host(hosts->name, ++ hosts->addr, hosts->addr_len, ++ hosts->proximity, ++ hosts->weight, hosts->options); ++ if (tmp) { ++ tmp->rr = hosts->rr; ++ prune_host_list(ap->logopt, &tmp, ++ NFS4_VERS_MASK|TCP_SUPPORTED, port); ++ /* If probe succeeds just try the mount with host in hosts */ ++ if (tmp) { ++ v4_probe_ok = 1; ++ free_host_list(&tmp); ++ } ++ } ++ if (!v4_probe_ok) ++ prune_host_list(ap->logopt, &hosts, vers, port); ++ } else { + prune_host_list(ap->logopt, &hosts, vers, port); ++ } + ++dont_probe: + if (!hosts) { + info(ap->logopt, MODPREFIX "no hosts available"); + return 1; +diff --git a/modules/replicated.c b/modules/replicated.c +index 6dbdade..0a044b9 100644 +--- a/modules/replicated.c ++++ b/modules/replicated.c +@@ -280,10 +280,10 @@ static unsigned int get_proximity(struct sockaddr *host_addr) + return PROXIMITY_OTHER; + } + +-static struct host *new_host(const char *name, +- struct sockaddr *addr, size_t addr_len, +- unsigned int proximity, unsigned int weight, +- unsigned int options) ++struct host *new_host(const char *name, ++ struct sockaddr *addr, size_t addr_len, ++ unsigned int proximity, unsigned int weight, ++ unsigned int options) + { + struct host *new; + struct sockaddr *tmp2; diff --git a/autofs-5.0.7-recheck-valid-map-entry-lookup-return-in-do_readmap_mount.patch b/autofs-5.0.7-recheck-valid-map-entry-lookup-return-in-do_readmap_mount.patch new file mode 100644 index 0000000..c0ab30a --- /dev/null +++ b/autofs-5.0.7-recheck-valid-map-entry-lookup-return-in-do_readmap_mount.patch @@ -0,0 +1,30 @@ +autofs-5.0.7 - recheck valid map entry lookup return in do_readmap_mount() + +From: Ian Kent + +After looking for an expected existing valid map entry in do_readmap_mount() +add a check in case it isn't found. + +If it actually isn't found (although it always should be) the only thing +that can be done is log an error return. +--- + daemon/state.c | 6 ++++++ + 1 file changed, 6 insertions(+) + +diff --git a/daemon/state.c b/daemon/state.c +index 6e23022..ddc5556 100644 +--- a/daemon/state.c ++++ b/daemon/state.c +@@ -405,6 +405,12 @@ static void do_readmap_mount(struct autofs_point *ap, struct mnt_list *mnts, + me->key); + cache_writelock(vmc); + valid = cache_lookup_distinct(vmc, me->key); ++ if (!valid) { ++ cache_unlock(vmc); ++ error(ap->logopt, ++ "failed to find expected existing valid map entry"); ++ return; ++ } + /* Take over the mount if there is one */ + valid->ioctlfd = me->ioctlfd; + me->ioctlfd = -1; diff --git a/autofs-5.0.7-remove-debug-only-code-in-alarm-c.patch b/autofs-5.0.7-remove-debug-only-code-in-alarm-c.patch new file mode 100644 index 0000000..111e460 --- /dev/null +++ b/autofs-5.0.7-remove-debug-only-code-in-alarm-c.patch @@ -0,0 +1,36 @@ +autofs-5.0.7 - remove debug only code in alarm.c + +From: Ian Kent + +This code is only ever used for "on-the-fly" debugging so just remove it. +--- + lib/alarm.c | 16 ---------------- + 1 file changed, 16 deletions(-) + +diff --git a/lib/alarm.c b/lib/alarm.c +index d5cdc05..0f04ef8 100755 +--- a/lib/alarm.c ++++ b/lib/alarm.c +@@ -40,22 +40,6 @@ do { \ + fatal(_alm_unlock); \ + } while (0) + +-void dump_alarms(void) +-{ +- struct list_head *head; +- struct list_head *p; +- +- pthread_mutex_lock(&mutex); +- head = &alarms; +- list_for_each(p, head) { +- struct alarm *this; +- +- this = list_entry(p, struct alarm, list); +- logmsg("alarm time = %d", this->time); +- } +- pthread_mutex_unlock(&mutex); +-} +- + /* Insert alarm entry on ordered list. */ + int alarm_add(struct autofs_point *ap, time_t seconds) + { diff --git a/autofs.spec b/autofs.spec index e8fcb1b..a0ac077 100644 --- a/autofs.spec +++ b/autofs.spec @@ -8,7 +8,7 @@ Summary: A tool for automatically mounting and unmounting filesystems Name: autofs Version: 5.0.7 -Release: 19%{?dist} +Release: 20%{?dist} Epoch: 1 License: GPLv2+ Group: System Environment/Daemons @@ -62,6 +62,35 @@ Patch46: autofs-5.0.7-document-allowed-map-sources-in-auto_master.patch Patch47: autofs-5.0.7-add-enable-sloppy-mount-option-to-configure.patch Patch48: autofs-5.0.7-fix-interface-address-null-check.patch Patch49: autofs-5.0.7-dont-probe-rdma-mounts.patch +Patch50: autofs-5.0.7-fix-master-map-mount-options-matching.patch +Patch51: autofs-5.0.7-fix-master-map-bogus-keywork-match.patch +Patch52: autofs-5.0.7-fix-fix-map-entry-duplicate-offset-detection.patch +Patch53: autofs-5.0.7-probe-each-nfs-version-in-turn-for-singleton-mounts.patch +Patch54: autofs-5.0.7-fix-fcntl-return-check.patch +Patch55: autofs-5.0.7-fix-spawn_umount-return-check-in-mount_bind-lookup_init.patch +Patch56: autofs-5.0.7-fix-check-mkdir_path-in-mount_bind-mount_mount.patch +Patch57: autofs-5.0.7-fix-incorrect-name-in-test.patch +Patch58: autofs-5.0.7-remove-debug-only-code-in-alarm-c.patch +Patch59: autofs-5.0.7-fix-inconsistent-use-of-cache-lock-in-handle_packet_missing_direct.patch +Patch60: autofs-5.0.7-fix-several-off-by-one-errors.patch +Patch61: autofs-5.0.7-fix-memory-leak-in-get_dc_list.patch +Patch62: autofs-5.0.7-fix-host_addr-null-reference-in-add_new_host.patch +Patch63: autofs-5.0.7-add-null-check-in-read_one.patch +Patch64: autofs-5.0.7-add-pgrp-check-in-do_spawn.patch +Patch65: autofs-5.0.7-fix-inconsistent-signed-usage-for-__rpc_ping.patch +Patch66: autofs-5.0.7-add-null-check-in-extract_version.patch +Patch67: autofs-5.0.7-recheck-valid-map-entry-lookup-return-in-do_readmap_mount.patch +Patch68: autofs-5.0.7-add-null-check-in-parse_server_string.patch +Patch69: autofs-5.0.7-add-map-entry-null-check-in-do_expire_direct.patch +Patch70: autofs-5.0.7-add-mapent-null-check-in-lookup-nisplus-lookup_mount.patch +Patch71: autofs-5.0.7-fix-potential-null-dereference-in-lookup_mount.patch +Patch72: autofs-5.0.7-fix-leaked-ldap-percent-hack-allocation-in-lookup_one.patch +Patch73: autofs-5.0.7-fix-incorrect-value-reference-in-parse_line.patch +Patch74: autofs-5.0.7-add-debug-alert-for-waitpid-in-check_nfs_mount_version.patch +Patch75: autofs-5.0.7-add-initialization-of-bind_result-in.patch-do_sasl_bind.patch +Patch76: autofs-5.0.7-fix-incorrect-check-in-flag_is_owned.patch +Patch77: autofs-5.0.7-fix-possible-use-after-free-in-lookup_dir-lookup_init.patch +Patch78: autofs-5.0.7-add-changlog-entry-for-coverity-fixes.patch Buildroot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) %if %{with_systemd} BuildRequires: systemd-units @@ -168,6 +197,35 @@ echo %{version}-%{release} > .version %patch47 -p1 %patch48 -p1 %patch49 -p1 +%patch50 -p1 +%patch51 -p1 +%patch52 -p1 +%patch53 -p1 +%patch54 -p1 +%patch55 -p1 +%patch56 -p1 +%patch57 -p1 +%patch58 -p1 +%patch59 -p1 +%patch60 -p1 +%patch61 -p1 +%patch62 -p1 +%patch63 -p1 +%patch64 -p1 +%patch65 -p1 +%patch66 -p1 +%patch67 -p1 +%patch68 -p1 +%patch69 -p1 +%patch70 -p1 +%patch71 -p1 +%patch72 -p1 +%patch73 -p1 +%patch74 -p1 +%patch75 -p1 +%patch76 -p1 +%patch77 -p1 +%patch78 -p1 %build #CFLAGS="$RPM_OPT_FLAGS" ./configure --prefix=/usr --libdir=%{_libdir} @@ -259,6 +317,12 @@ fi %dir /etc/auto.master.d %changelog +* Tue Jun 11 2013 Ian Kent - 1:5.0.7-20 +- fix master map mount options matching. +- fix master map bogus keywork match. +- fix fix map entry duplicate offset detection. +- add a number of fixes based on a Covarity report. + * Mon May 27 2013 Ian Kent - 1:5.0.7-19 - dont probe rdma mounts.