19b143ecbf
- fix quoted string length calc in expandsunent(). - fix double quoting of ampersand in auto.smb as well. - fix autofs mount options construction.
49 lines
1.4 KiB
Diff
49 lines
1.4 KiB
Diff
autofs-5.1.6 - fix quoted string length calc in expandsunent()
|
|
|
|
From: Ian Kent <raven@themaw.net>
|
|
|
|
The expandsunent() function in modules/parse_sun.c fails to properly
|
|
handle the ending " in a quoted string causing the length calculation
|
|
to not account for the ending quote and also doesn't properly account
|
|
for the remainder of the string being expanded.
|
|
|
|
Also, when called again (after being called to get the length) the
|
|
allocated buffer is too small leading to out of bounds accesses.
|
|
|
|
Signed-off-by: Ian Kent <raven@themaw.net>
|
|
---
|
|
CHANGELOG | 1 +
|
|
modules/parse_sun.c | 6 ++++--
|
|
2 files changed, 5 insertions(+), 2 deletions(-)
|
|
|
|
diff --git a/CHANGELOG b/CHANGELOG
|
|
index 2c500a48..90f67336 100644
|
|
--- a/CHANGELOG
|
|
+++ b/CHANGELOG
|
|
@@ -9,6 +9,7 @@ xx/xx/2020 autofs-5.1.7
|
|
- remove intr hosts map mount option.
|
|
- fix trailing dollar sun entry expansion.
|
|
- initialize struct addrinfo for getaddrinfo() calls.
|
|
+- fix quoted string length calc in expandsunent().
|
|
|
|
07/10/2019 autofs-5.1.6
|
|
- support strictexpire mount option.
|
|
diff --git a/modules/parse_sun.c b/modules/parse_sun.c
|
|
index f6c22d15..80fdf476 100644
|
|
--- a/modules/parse_sun.c
|
|
+++ b/modules/parse_sun.c
|
|
@@ -213,9 +213,11 @@ int expandsunent(const char *src, char *dst, const char *key,
|
|
*dst++ = *src;
|
|
src++;
|
|
}
|
|
- if (*src && dst) {
|
|
+ if (*src) {
|
|
len++;
|
|
- *dst++ = *src++;
|
|
+ if (dst)
|
|
+ *dst++ = *src;
|
|
+ src++;
|
|
}
|
|
break;
|
|
|