16a3693853
calls. - Undo mistake in copy order for submount path introduced by rev 11 patch. - add check for alternate libxml2 library for libxml2 tsd workaround. - add check for alternate libtirpc library for libtirpc tsd workaround. - cleanup configure defines for libtirpc. - add WITH_LIBTIRPC to -V status report. - add libtirpc-devel to BuildRequires. - add nfs mount protocol default configuration option.
191 lines
6.2 KiB
Diff
191 lines
6.2 KiB
Diff
autofs-5.0.4 - easy alloca replacements fix
|
|
|
|
From: Ian Kent <raven@themaw.net>
|
|
|
|
Fix array out of bounds accesses and remove alloca(3) calls from
|
|
modules/mount_autofs.c and modules/mount_nfs.c as well.
|
|
---
|
|
|
|
CHANGELOG | 1 +
|
|
modules/lookup_ldap.c | 3 ---
|
|
modules/mount_autofs.c | 9 ++-------
|
|
modules/mount_bind.c | 6 +++++-
|
|
modules/mount_changer.c | 6 +++++-
|
|
modules/mount_ext2.c | 6 +++++-
|
|
modules/mount_generic.c | 6 +++++-
|
|
modules/mount_nfs.c | 12 +++++++-----
|
|
8 files changed, 30 insertions(+), 19 deletions(-)
|
|
|
|
|
|
--- autofs-5.0.4.orig/CHANGELOG
|
|
+++ autofs-5.0.4/CHANGELOG
|
|
@@ -20,6 +20,7 @@
|
|
- update to configure libtirpc if present.
|
|
- update to provide ipv6 name and address support.
|
|
- update to provide ipv6 address parsing.
|
|
+- easy alloca replacements fix.
|
|
|
|
4/11/2008 autofs-5.0.4
|
|
-----------------------
|
|
--- autofs-5.0.4.orig/modules/lookup_ldap.c
|
|
+++ autofs-5.0.4/modules/lookup_ldap.c
|
|
@@ -1474,7 +1474,6 @@ int lookup_read_master(struct master *ma
|
|
free(query);
|
|
return NSS_STATUS_UNAVAIL;
|
|
}
|
|
- query[l] = '\0';
|
|
|
|
/* Initialize the LDAP context. */
|
|
ldap = do_reconnect(logopt, ctxt);
|
|
@@ -2213,7 +2212,6 @@ static int read_one_map(struct autofs_po
|
|
free(sp.query);
|
|
return NSS_STATUS_UNAVAIL;
|
|
}
|
|
- sp.query[l] = '\0';
|
|
|
|
/* Initialize the LDAP context. */
|
|
sp.ldap = do_reconnect(ap->logopt, ctxt);
|
|
@@ -2404,7 +2402,6 @@ static int lookup_one(struct autofs_poin
|
|
free(query);
|
|
return CHE_FAIL;
|
|
}
|
|
- query[ql] = '\0';
|
|
|
|
/* Initialize the LDAP context. */
|
|
ldap = do_reconnect(ap->logopt, ctxt);
|
|
--- autofs-5.0.4.orig/modules/mount_autofs.c
|
|
+++ autofs-5.0.4/modules/mount_autofs.c
|
|
@@ -45,7 +45,8 @@ int mount_mount(struct autofs_point *ap,
|
|
{
|
|
struct startup_cond suc;
|
|
pthread_t thid;
|
|
- char *realpath, *mountpoint;
|
|
+ char realpath[PATH_MAX];
|
|
+ char mountpoint[PATH_MAX];
|
|
const char **argv;
|
|
int argc, status, ghost = ap->flags & MOUNT_FLAG_GHOST;
|
|
time_t timeout = ap->exp_timeout;
|
|
@@ -62,8 +63,6 @@ int mount_mount(struct autofs_point *ap,
|
|
/* Root offset of multi-mount */
|
|
len = strlen(root);
|
|
if (root[len - 1] == '/') {
|
|
- realpath = alloca(strlen(ap->path) + name_len + 2);
|
|
- mountpoint = alloca(len + 1);
|
|
strcpy(realpath, ap->path);
|
|
strcat(realpath, "/");
|
|
strcat(realpath, name);
|
|
@@ -71,8 +70,6 @@ int mount_mount(struct autofs_point *ap,
|
|
strncpy(mountpoint, root, len);
|
|
mountpoint[len] = '\0';
|
|
} else if (*name == '/') {
|
|
- realpath = alloca(name_len + 1);
|
|
- mountpoint = alloca(len + 1);
|
|
if (ap->flags & MOUNT_FLAG_REMOUNT) {
|
|
strcpy(mountpoint, name);
|
|
strcpy(realpath, name);
|
|
@@ -81,8 +78,6 @@ int mount_mount(struct autofs_point *ap,
|
|
strcpy(realpath, name);
|
|
}
|
|
} else {
|
|
- realpath = alloca(len + name_len + 2);
|
|
- mountpoint = alloca(len + name_len + 2);
|
|
strcpy(mountpoint, root);
|
|
strcat(mountpoint, "/");
|
|
strcpy(realpath, mountpoint);
|
|
--- autofs-5.0.4.orig/modules/mount_bind.c
|
|
+++ autofs-5.0.4/modules/mount_bind.c
|
|
@@ -81,8 +81,12 @@ int mount_mount(struct autofs_point *ap,
|
|
len = strlen(root);
|
|
if (root[len - 1] == '/') {
|
|
len = snprintf(fullpath, len, "%s", root);
|
|
- /* Direct mount name is absolute path so don't use root */
|
|
} else if (*name == '/') {
|
|
+ /*
|
|
+ * Direct or offset mount, name is absolute path so
|
|
+ * don't use root (but with move mount changes root
|
|
+ * is now the same as name).
|
|
+ */
|
|
len = sprintf(fullpath, "%s", root);
|
|
} else {
|
|
len = sprintf(fullpath, "%s/%s", root, name);
|
|
--- autofs-5.0.4.orig/modules/mount_changer.c
|
|
+++ autofs-5.0.4/modules/mount_changer.c
|
|
@@ -58,8 +58,12 @@ int mount_mount(struct autofs_point *ap,
|
|
len = strlen(root);
|
|
if (root[len - 1] == '/') {
|
|
len = snprintf(fullpath, len, "%s", root);
|
|
- /* Direct mount name is absolute path so don't use root */
|
|
} else if (*name == '/') {
|
|
+ /*
|
|
+ * Direct or offset mount, name is absolute path so
|
|
+ * don't use root (but with move mount changes root
|
|
+ * is now the same as name).
|
|
+ */
|
|
len = sprintf(fullpath, "%s", root);
|
|
} else {
|
|
len = sprintf(fullpath, "%s/%s", root, name);
|
|
--- autofs-5.0.4.orig/modules/mount_ext2.c
|
|
+++ autofs-5.0.4/modules/mount_ext2.c
|
|
@@ -50,8 +50,12 @@ int mount_mount(struct autofs_point *ap,
|
|
len = strlen(root);
|
|
if (root[len - 1] == '/') {
|
|
len = snprintf(fullpath, len, "%s", root);
|
|
- /* Direct mount name is absolute path so don't use root */
|
|
} else if (*name == '/') {
|
|
+ /*
|
|
+ * Direct or offset mount, name is absolute path so
|
|
+ * don't use root (but with move mount changes root
|
|
+ * is now the same as name).
|
|
+ */
|
|
len = sprintf(fullpath, "%s", root);
|
|
} else {
|
|
len = sprintf(fullpath, "%s/%s", root, name);
|
|
--- autofs-5.0.4.orig/modules/mount_generic.c
|
|
+++ autofs-5.0.4/modules/mount_generic.c
|
|
@@ -49,8 +49,12 @@ int mount_mount(struct autofs_point *ap,
|
|
len = strlen(root);
|
|
if (root[len - 1] == '/') {
|
|
len = snprintf(fullpath, len, "%s", root);
|
|
- /* Direct mount name is absolute path so don't use root */
|
|
} else if (*name == '/') {
|
|
+ /*
|
|
+ * Direct or offset mount, name is absolute path so
|
|
+ * don't use root (but with move mount changes root
|
|
+ * is now the same as name).
|
|
+ */
|
|
len = sprintf(fullpath, "%s", root);
|
|
} else {
|
|
len = sprintf(fullpath, "%s/%s", root, name);
|
|
--- autofs-5.0.4.orig/modules/mount_nfs.c
|
|
+++ autofs-5.0.4/modules/mount_nfs.c
|
|
@@ -58,7 +58,8 @@ int mount_mount(struct autofs_point *ap,
|
|
const char *what, const char *fstype, const char *options,
|
|
void *context)
|
|
{
|
|
- char *fullpath, buf[MAX_ERR_BUF];
|
|
+ char fullpath[PATH_MAX];
|
|
+ char buf[MAX_ERR_BUF];
|
|
struct host *this, *hosts = NULL;
|
|
unsigned int vers;
|
|
char *nfsoptions = NULL;
|
|
@@ -150,14 +151,15 @@ int mount_mount(struct autofs_point *ap,
|
|
/* Root offset of multi-mount */
|
|
len = strlen(root);
|
|
if (root[len - 1] == '/') {
|
|
- fullpath = alloca(len);
|
|
len = snprintf(fullpath, len, "%s", root);
|
|
- /* Direct mount name is absolute path so don't use root */
|
|
} else if (*name == '/') {
|
|
- fullpath = alloca(len + 1);
|
|
+ /*
|
|
+ * Direct or offset mount, name is absolute path so
|
|
+ * don't use root (but with move mount changes root
|
|
+ * is now the same as name).
|
|
+ */
|
|
len = sprintf(fullpath, "%s", root);
|
|
} else {
|
|
- fullpath = alloca(len + name_len + 2);
|
|
len = sprintf(fullpath, "%s/%s", root, name);
|
|
}
|
|
fullpath[len] = '\0';
|